1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define MLOG_TAG "Extension"
16
17 #include "media_datashare_ext_ability.h"
18
19 #include <cstdlib>
20
21 #include "ability_info.h"
22 #include "app_mgr_client.h"
23 #include "cloud_media_asset_manager.h"
24 #include "cloud_sync_utils.h"
25 #include "dataobs_mgr_client.h"
26 #include "datashare_ext_ability_context.h"
27 #include "hilog_wrapper.h"
28 #include "ipc_skeleton.h"
29 #include "medialibrary_command.h"
30 #include "media_app_uri_permission_column.h"
31 #include "media_datashare_stub_impl.h"
32 #include "media_file_utils.h"
33 #include "media_log.h"
34 #include "media_scanner_manager.h"
35 #include "medialibrary_appstate_observer.h"
36 #include "medialibrary_data_manager.h"
37 #include "medialibrary_bundle_manager.h"
38 #include "dfx_manager.h"
39 #include "dfx_timer.h"
40 #include "dfx_const.h"
41 #include "dfx_deprecated_perm_usage.h"
42 #include "dfx_reporter.h"
43 #include "medialibrary_errno.h"
44 #include "medialibrary_object_utils.h"
45 #include "medialibrary_subscriber.h"
46 #include "medialibrary_uripermission_operations.h"
47 #include "multistages_capture_manager.h"
48 #ifdef MEDIALIBRARY_FEATURE_CLOUD_ENHANCEMENT
49 #include "enhancement_manager.h"
50 #endif
51 #include "napi/native_api.h"
52 #include "napi/native_node_api.h"
53 #include "os_account_manager.h"
54 #include "permission_utils.h"
55 #include "photo_album_column.h"
56 #include "runtime.h"
57 #include "singleton.h"
58 #include "system_ability_definition.h"
59 #include "uri_permission_manager_client.h"
60 #include "userfilemgr_uri.h"
61 #include "want.h"
62 #ifdef MEDIALIBRARY_SECURITY_OPEN
63 #include "sec_comp_kit.h"
64 #endif
65 #include "userfilemgr_uri.h"
66 #include "parameters.h"
67 #include "media_tool_permission_handler.h"
68 #include "grant_permission_handler.h"
69 #include "read_write_permission_handler.h"
70 #include "db_permission_handler.h"
71 #include "system_api_check_handler.h"
72 #include "userfilemgr_uri.h"
73 #ifdef MEDIALIBRARY_MTP_ENABLE
74 #include "media_mtp_manager.h"
75 #endif
76 #include "media_fuse_manager.h"
77 #include "highlight_column.h"
78 #include "mediatool_uri.h"
79 #include "cloud_enhancement_uri.h"
80 #include "album_operation_uri.h"
81 #include "data_secondary_directory_uri.h"
82 #include "media_req_vo.h"
83 #include "media_empty_obj_vo.h"
84 #include "media_permission_check.h"
85 #include "user_define_ipc.h"
86
87 using namespace std;
88 using namespace OHOS::AppExecFwk;
89 using namespace OHOS::NativeRdb;
90 using namespace OHOS::DistributedKv;
91 using namespace OHOS::Media;
92 using namespace OHOS::DataShare;
93 using namespace OHOS::Security::AccessToken;
94 using namespace OHOS::Media::IPC;
95
96 namespace OHOS {
97 namespace AbilityRuntime {
98 using namespace OHOS::AppExecFwk;
99 using DataObsMgrClient = OHOS::AAFwk::DataObsMgrClient;
100 const std::string PERM_CLOUD_SYNC_MANAGER = "ohos.permission.CLOUDFILE_SYNC_MANAGER";
101 constexpr const char *MTP_DISABLE = "persist.edm.mtp_server_disable";
102 static const set<OperationObject> PHOTO_ACCESS_HELPER_OBJECTS = {
103 OperationObject::PAH_PHOTO,
104 OperationObject::PAH_ALBUM,
105 OperationObject::PAH_MAP,
106 OperationObject::PAH_FORM_MAP,
107 OperationObject::ANALYSIS_PHOTO_ALBUM,
108 OperationObject::ANALYSIS_PHOTO_MAP,
109 OperationObject::VISION_OCR,
110 OperationObject::VISION_AESTHETICS,
111 OperationObject::VISION_VIDEO_AESTHETICS,
112 OperationObject::VISION_LABEL,
113 OperationObject::VISION_VIDEO_LABEL,
114 OperationObject::VISION_IMAGE_FACE,
115 OperationObject::VISION_VIDEO_FACE,
116 OperationObject::VISION_FACE_TAG,
117 OperationObject::VISION_OBJECT,
118 OperationObject::VISION_RECOMMENDATION,
119 OperationObject::VISION_SEGMENTATION,
120 OperationObject::VISION_COMPOSITION,
121 OperationObject::VISION_SALIENCY,
122 OperationObject::VISION_HEAD,
123 OperationObject::VISION_POSE,
124 OperationObject::VISION_TOTAL,
125 OperationObject::VISION_ANALYSIS_ALBUM_TOTAL,
126 OperationObject::GEO_DICTIONARY,
127 OperationObject::GEO_KNOWLEDGE,
128 OperationObject::GEO_PHOTO,
129 OperationObject::PAH_MULTISTAGES_CAPTURE,
130 OperationObject::STORY_ALBUM,
131 OperationObject::STORY_COVER,
132 OperationObject::STORY_PLAY,
133 OperationObject::HIGHLIGHT_DELETE,
134 OperationObject::USER_PHOTOGRAPHY,
135 OperationObject::PAH_BATCH_THUMBNAIL_OPERATE,
136 OperationObject::INDEX_CONSTRUCTION_STATUS,
137 OperationObject::MEDIA_APP_URI_PERMISSION,
138 OperationObject::PAH_CLOUD_ENHANCEMENT_OPERATE,
139 OperationObject::ANALYSIS_ASSET_SD_MAP,
140 OperationObject::ANALYSIS_ALBUM_ASSET_MAP,
141 OperationObject::CLOUD_MEDIA_ASSET_OPERATE,
142 };
143
Create(const unique_ptr<Runtime> & runtime)144 MediaDataShareExtAbility* MediaDataShareExtAbility::Create(const unique_ptr<Runtime>& runtime)
145 {
146 return new MediaDataShareExtAbility(static_cast<Runtime&>(*runtime));
147 }
148
MediaDataShareExtAbility(Runtime & runtime)149 MediaDataShareExtAbility::MediaDataShareExtAbility(Runtime& runtime) : DataShareExtAbility(), runtime_(runtime) {}
150
~MediaDataShareExtAbility()151 MediaDataShareExtAbility::~MediaDataShareExtAbility()
152 {
153 }
154
Init(const shared_ptr<AbilityLocalRecord> & record,const shared_ptr<OHOSApplication> & application,shared_ptr<AbilityHandler> & handler,const sptr<IRemoteObject> & token)155 void MediaDataShareExtAbility::Init(const shared_ptr<AbilityLocalRecord> &record,
156 const shared_ptr<OHOSApplication> &application, shared_ptr<AbilityHandler> &handler,
157 const sptr<IRemoteObject> &token)
158 {
159 if ((record == nullptr) || (application == nullptr) || (handler == nullptr) || (token == nullptr)) {
160 MEDIA_ERR_LOG("MediaDataShareExtAbility::init failed, some object is nullptr");
161 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
162 return;
163 }
164 DataShareExtAbility::Init(record, application, handler, token);
165 }
166
IsStartBeforeUserUnlock()167 static bool IsStartBeforeUserUnlock()
168 {
169 int32_t activeUserId = 0;
170 ErrCode ret = OHOS::AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(activeUserId);
171 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
172 "GetForegroundOsAccountLocalId fail, ret code %{public}d, result is not credible", ret);
173 MEDIA_INFO_LOG("Current active account is %{public}d ", activeUserId);
174 bool isAccountVerified = true; // Assume verified to avoid unknown killing
175 ErrCode err = AccountSA::OsAccountManager::IsOsAccountVerified(activeUserId, isAccountVerified);
176 CHECK_AND_RETURN_RET_LOG(err == ERR_OK, false,
177 "Check activeUserId fail caused by %{public}d, check result is not credible", err);
178 MEDIA_INFO_LOG("Current user verification result: %{public}d", isAccountVerified);
179 return !isAccountVerified;
180 }
181
InitPermissionHandler()182 void MediaDataShareExtAbility::InitPermissionHandler()
183 {
184 MEDIA_DEBUG_LOG("InitPermissionHandler begin");
185 // 构造鉴权处理器责任链
186 auto mediaToolPermissionHandler = std::make_shared<MediaToolPermissionHandler>();
187 auto grantPermissionHandler = std::make_shared<GrantPermissionHandler>();
188 grantPermissionHandler->SetNextHandler(mediaToolPermissionHandler);
189 auto dbPermissionHandler = std::make_shared<DbPermissionHandler>();
190 dbPermissionHandler->SetNextHandler(grantPermissionHandler);
191 auto rwPermissionHandler = std::make_shared<ReadWritePermissionHandler>();
192 rwPermissionHandler->SetNextHandler(dbPermissionHandler);
193 permissionHandler_ = std::make_shared<SystemApiCheckHandler>();
194 permissionHandler_->SetNextHandler(rwPermissionHandler);
195 MEDIA_DEBUG_LOG("InitPermissionHandler end:permissionHandler_=%{public}d", permissionHandler_ != nullptr);
196 }
197
OnStartSub(const AAFwk::Want & want)198 void MediaDataShareExtAbility::OnStartSub(const AAFwk::Want &want)
199 {
200 #ifdef MEDIALIBRARY_MTP_ENABLE
201 MediaMtpManager::GetInstance().Init();
202 #endif
203 #ifdef MEDIALIBRARY_FEATURE_CLOUD_ENHANCEMENT
204 EnhancementManager::GetInstance().InitAsync();
205 #endif
206 }
207
CheckUnlockScene(int64_t startTime)208 static bool CheckUnlockScene(int64_t startTime)
209 {
210 if (IsStartBeforeUserUnlock()) {
211 DfxReporter::ReportStartResult(DfxType::CHECK_USER_UNLOCK_FAIL, 0, startTime);
212 MEDIA_INFO_LOG("%{public}s Killing self caused by booting before unlocking", __func__);
213 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
214 return false;
215 }
216
217 bool isMediaPathExists = MediaFileUtils::IsDirectory(ROOT_MEDIA_DIR);
218 if (!isMediaPathExists) {
219 DfxReporter::ReportStartResult(DfxType::CHECK_MEDIA_PATH_UNLOCK_FAIL, 0, startTime);
220 MEDIA_INFO_LOG("%{public}s Killing self caused by media path unmounted", __func__);
221 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
222 return false;
223 }
224
225 return true;
226 }
227
RestartCloudMediaAssetDownload()228 static void RestartCloudMediaAssetDownload()
229 {
230 std::thread([&] {
231 MEDIA_INFO_LOG("enter RestartCloudMediaAssetDownload.");
232 CHECK_AND_RETURN_INFO_LOG(CloudSyncUtils::IsCloudSyncSwitchOn(), "Cloud sync switch off");
233 if (!CloudSyncUtils::IsCloudDataAgingPolicyOn()) {
234 CloudMediaAssetManager::GetInstance().CancelDownloadCloudAsset();
235 return;
236 }
237 CloudMediaAssetManager::GetInstance().StartDownloadCloudAsset(CloudMediaDownloadType::DOWNLOAD_GENTLE);
238 }).detach();
239 }
240
OnStart(const AAFwk::Want & want)241 void MediaDataShareExtAbility::OnStart(const AAFwk::Want &want)
242 {
243 int64_t startTime = MediaFileUtils::UTCTimeMilliSeconds();
244 MEDIA_INFO_LOG("%{public}s begin.", __func__);
245 Extension::OnStart(want);
246 auto context = AbilityRuntime::Context::GetApplicationContext();
247 if (context == nullptr) {
248 DfxReporter::ReportStartResult(DfxType::START_CONTEXT_FAIL, 0, startTime);
249 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
250 return;
251 }
252 MEDIA_INFO_LOG("%{public}s runtime language %{public}d", __func__, runtime_.GetLanguage());
253 InitPermissionHandler();
254 auto dataManager = MediaLibraryDataManager::GetInstance();
255 if (dataManager == nullptr) {
256 DfxReporter::ReportStartResult(DfxType::START_DATAMANAGER_FAIL, 0, startTime);
257 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
258 return;
259 }
260
261 CHECK_AND_RETURN(CheckUnlockScene(startTime));
262 auto extensionContext = GetContext();
263 int32_t sceneCode = DfxType::START_SUCCESS;
264 int32_t ret = dataManager->InitMediaLibraryMgr(context, extensionContext, sceneCode, true, true);
265 if (ret != E_OK) {
266 MEDIA_ERR_LOG("Failed to init MediaLibraryMgr");
267 CHECK_AND_EXECUTE(sceneCode != DfxType::START_RDB_STORE_FAIL,
268 DfxReporter::ReportStartResult(sceneCode, ret, startTime));
269 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
270 return;
271 }
272 dataManager->SetOwner(static_pointer_cast<MediaDataShareExtAbility>(shared_from_this()));
273
274 // Start media fuse daemon
275 MediaFuseManager::GetInstance().Start();
276
277 DfxManager::GetInstance();
278 auto scannerManager = MediaScannerManager::GetInstance();
279 if (scannerManager == nullptr) {
280 DfxReporter::ReportStartResult(DfxType::START_SCANNER_FAIL, 0, startTime);
281 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
282 return;
283 }
284 OnStartSub(want);
285 Media::MedialibrarySubscriber::Subscribe();
286 dataManager->SetStartupParameter();
287 DfxReporter::ReportStartResult(DfxType::START_SUCCESS, 0, startTime);
288 CloudMediaAssetManager::GetInstance().RestartForceRetainCloudAssets();
289 }
290
OnStop()291 void MediaDataShareExtAbility::OnStop()
292 {
293 MEDIA_INFO_LOG("%{public}s begin.", __func__);
294 auto scannerManager = MediaScannerManager::GetInstance();
295 CHECK_AND_EXECUTE(scannerManager == nullptr, scannerManager->Stop());
296
297 MediaFuseManager::GetInstance().Stop();
298 MediaLibraryDataManager::GetInstance()->ClearMediaLibraryMgr();
299 MedialibraryAppStateObserverManager::GetInstance().UnSubscribeAppState();
300 MEDIA_INFO_LOG("%{public}s end.", __func__);
301 }
302
OnConnect(const AAFwk::Want & want)303 sptr<IRemoteObject> MediaDataShareExtAbility::OnConnect(const AAFwk::Want &want)
304 {
305 MEDIA_INFO_LOG("%{public}s begin. ", __func__);
306 Extension::OnConnect(want);
307 sptr<MediaDataShareStubImpl> remoteObject = new (nothrow) MediaDataShareStubImpl(
308 static_pointer_cast<MediaDataShareExtAbility>(shared_from_this()),
309 nullptr);
310 if (remoteObject == nullptr) {
311 MEDIA_ERR_LOG("%{public}s No memory allocated for DataShareStubImpl", __func__);
312 return nullptr;
313 }
314 MEDIA_INFO_LOG("%{public}s end.", __func__);
315 return remoteObject->AsObject();
316 }
317
GetFileTypes(const Uri & uri,const string & mimeTypeFilter)318 vector<string> MediaDataShareExtAbility::GetFileTypes(const Uri &uri, const string &mimeTypeFilter)
319 {
320 vector<string> ret;
321 return ret;
322 }
323
FillV10Perms(const MediaType mediaType,const bool containsRead,const bool containsWrite,vector<string> & perm)324 static void FillV10Perms(const MediaType mediaType, const bool containsRead, const bool containsWrite,
325 vector<string> &perm)
326 {
327 if (containsRead) {
328 if (mediaType == MEDIA_TYPE_IMAGE || mediaType == MEDIA_TYPE_VIDEO ||
329 mediaType == Media::MEDIA_TYPE_PHOTO || mediaType == Media::MEDIA_TYPE_ALBUM) {
330 perm.push_back(PERM_READ_IMAGEVIDEO);
331 } else if (mediaType == MEDIA_TYPE_AUDIO) {
332 perm.push_back(PERM_READ_AUDIO);
333 } else if (mediaType == MEDIA_TYPE_FILE) {
334 perm.push_back(PERM_READ_IMAGEVIDEO);
335 perm.push_back(PERM_READ_AUDIO);
336 perm.push_back(PERM_READ_DOCUMENT);
337 }
338 }
339 if (containsWrite) {
340 if (mediaType == MEDIA_TYPE_IMAGE || mediaType == MEDIA_TYPE_VIDEO ||
341 mediaType == Media::MEDIA_TYPE_PHOTO || mediaType == Media::MEDIA_TYPE_ALBUM) {
342 perm.push_back(PERM_WRITE_IMAGEVIDEO);
343 } else if (mediaType == MEDIA_TYPE_AUDIO) {
344 perm.push_back(PERM_WRITE_AUDIO);
345 } else if (mediaType == MEDIA_TYPE_FILE) {
346 perm.push_back(PERM_WRITE_IMAGEVIDEO);
347 perm.push_back(PERM_WRITE_AUDIO);
348 perm.push_back(PERM_WRITE_DOCUMENT);
349 }
350 }
351 }
352
FillDeprecatedPerms(const bool containsRead,const bool containsWrite,vector<string> & perm)353 static void FillDeprecatedPerms(const bool containsRead, const bool containsWrite, vector<string> &perm)
354 {
355 CHECK_AND_EXECUTE(!containsRead, perm.push_back(PERMISSION_NAME_READ_MEDIA));
356 CHECK_AND_EXECUTE(!containsWrite, perm.push_back(PERMISSION_NAME_WRITE_MEDIA));
357 }
358
ContainsFlag(const string & mode,const char flag)359 static inline bool ContainsFlag(const string &mode, const char flag)
360 {
361 return mode.find(flag) != string::npos;
362 }
363
CollectPermissionInfo(MediaLibraryCommand & cmd,const string & mode,const bool permGranted,PermissionUsedType type)364 static void CollectPermissionInfo(MediaLibraryCommand &cmd, const string &mode,
365 const bool permGranted, PermissionUsedType type)
366 {
367 if ((cmd.GetOprnObject() == OperationObject::FILESYSTEM_PHOTO) ||
368 (cmd.GetOprnObject() == OperationObject::THUMBNAIL) ||
369 (cmd.GetOprnObject() == OperationObject::THUMBNAIL_ASTC)) {
370 CHECK_AND_EXECUTE(mode.find("r") == string::npos,
371 PermissionUtils::CollectPermissionInfo(PERM_READ_IMAGEVIDEO, permGranted, type));
372 CHECK_AND_EXECUTE(mode.find("w") == string::npos,
373 PermissionUtils::CollectPermissionInfo(PERM_WRITE_IMAGEVIDEO, permGranted, type));
374 }
375 }
376
CheckOpenFilePermission(MediaLibraryCommand & cmd,string & mode)377 static int32_t CheckOpenFilePermission(MediaLibraryCommand &cmd, string &mode)
378 {
379 MEDIA_DEBUG_LOG("uri: %{private}s mode: %{private}s", cmd.GetUri().ToString().c_str(), mode.c_str());
380 MediaType mediaType = MediaFileUri::GetMediaTypeFromUri(cmd.GetUri().ToString());
381 const bool containsRead = ContainsFlag(mode, 'r');
382 const bool containsWrite = ContainsFlag(mode, 'w');
383
384 CHECK_AND_RETURN_RET(cmd.GetQuerySetParam(IS_TOOL_OPEN) != TOOL_OPEN_TRUE,
385 IsDeveloperMediaTool(cmd, mode)? E_SUCCESS : E_PERMISSION_DENIED);
386 vector<string> perms;
387 FillV10Perms(mediaType, containsRead, containsWrite, perms);
388 bool cond = ((cmd.GetOprnObject() == OperationObject::FILESYSTEM_PHOTO) ||
389 (cmd.GetOprnObject() == OperationObject::THUMBNAIL) ||
390 (cmd.GetOprnObject() == OperationObject::THUMBNAIL_ASTC));
391 CHECK_AND_RETURN_RET(!cond, PermissionUtils::CheckPhotoCallerPermission(perms)? E_SUCCESS : E_PERMISSION_DENIED);
392
393 int32_t err = (mediaType == MEDIA_TYPE_FILE) ?
394 (PermissionUtils::CheckHasPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED) :
395 (PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED);
396 CHECK_AND_RETURN_RET(err != E_SUCCESS, E_SUCCESS);
397 // Try to check deprecated permissions
398 perms.clear();
399 FillDeprecatedPerms(containsRead, containsWrite, perms);
400 bool ret = PermissionUtils::CheckCallerPermission(perms);
401 CHECK_AND_EXECUTE(!ret,
402 DfxDeprecatedPermUsage::Record(
403 static_cast<uint32_t>(cmd.GetOprnObject()), static_cast<uint32_t>(cmd.GetOprnType())));
404 return ret ? E_SUCCESS : E_PERMISSION_DENIED;
405 }
406
AddHiddenAlbumPermission(MediaLibraryCommand & cmd,vector<string> & outPerms)407 static inline void AddHiddenAlbumPermission(MediaLibraryCommand &cmd, vector<string> &outPerms)
408 {
409 Media::OperationType type = cmd.GetOprnType();
410 if (type == Media::OperationType::QUERY_HIDDEN) {
411 outPerms.push_back(PERM_MANAGE_PRIVATE_PHOTOS);
412 }
413 }
414
SystemApiCheck(MediaLibraryCommand & cmd)415 static int32_t SystemApiCheck(MediaLibraryCommand &cmd)
416 {
417 static const set<OperationObject> SYSTEM_API_OBJECTS = {
418 OperationObject::UFM_PHOTO,
419 OperationObject::UFM_AUDIO,
420 OperationObject::UFM_ALBUM,
421 OperationObject::UFM_MAP,
422 OperationObject::SMART_ALBUM,
423
424 OperationObject::ALL_DEVICE,
425 OperationObject::ACTIVE_DEVICE,
426 OperationObject::PAH_FORM_MAP,
427 };
428
429 static const set<string> SYSTEM_API_URIS = {
430 // Deleting asset permanently from system is only allowed for system apps.
431 URI_DELETE_PHOTOS,
432 // Deleting asset to trash album directly without a pop-up box is only allowed for system apps.
433 UFM_DELETE_PHOTOS,
434 PAH_DELETE_PHOTOS,
435 };
436
437 OperationObject obj = cmd.GetOprnObject();
438 string uri = cmd.GetUriStringWithoutSegment();
439 if (SYSTEM_API_OBJECTS.find(obj) != SYSTEM_API_OBJECTS.end() ||
440 (SYSTEM_API_URIS.find(uri) != SYSTEM_API_URIS.end())) {
441 CHECK_AND_RETURN_RET_LOG(PermissionUtils::IsSystemApp(), -E_CHECK_SYSTEMAPP_FAIL,
442 "Systemapi should only be called by system applications!");
443 }
444 return E_SUCCESS;
445 }
446
HandleMediaVolumePerm(const MediaLibraryCommand & cmd)447 static inline int32_t HandleMediaVolumePerm(const MediaLibraryCommand &cmd)
448 {
449 bool ret = PermissionUtils::CheckCallerPermission(PERMISSION_NAME_READ_MEDIA);
450 CHECK_AND_EXECUTE(!ret,
451 DfxDeprecatedPermUsage::Record(
452 static_cast<uint32_t>(cmd.GetOprnObject()), static_cast<uint32_t>(cmd.GetOprnType())));
453 return ret ? E_SUCCESS : E_PERMISSION_DENIED;
454 }
455
HandleBundlePermCheck(const MediaLibraryCommand & cmd)456 static inline int32_t HandleBundlePermCheck(const MediaLibraryCommand &cmd)
457 {
458 bool ret = PermissionUtils::CheckCallerPermission(PERMISSION_NAME_WRITE_MEDIA);
459 if (ret) {
460 DfxDeprecatedPermUsage::Record(
461 static_cast<uint32_t>(cmd.GetOprnObject()), static_cast<uint32_t>(cmd.GetOprnType()));
462 return E_SUCCESS;
463 }
464
465 return PermissionUtils::CheckHasPermission(WRITE_PERMS_V10) ? E_SUCCESS : E_PERMISSION_DENIED;
466 }
467
HandleNoPermCheck(MediaLibraryCommand & cmd)468 static int32_t HandleNoPermCheck(MediaLibraryCommand &cmd)
469 {
470 static const set<string> NO_NEED_PERM_CHECK_URI = {
471 URI_CLOSE_FILE,
472 MEDIALIBRARY_DIRECTORY_URI,
473 };
474
475 static const set<OperationObject> NO_NEED_PERM_CHECK_OBJ = {
476 OperationObject::ALL_DEVICE,
477 OperationObject::ACTIVE_DEVICE,
478 OperationObject::MISCELLANEOUS
479 };
480
481 string uri = cmd.GetUri().ToString();
482 OperationObject obj = cmd.GetOprnObject();
483 if (NO_NEED_PERM_CHECK_URI.find(uri) != NO_NEED_PERM_CHECK_URI.end() ||
484 NO_NEED_PERM_CHECK_OBJ.find(obj) != NO_NEED_PERM_CHECK_OBJ.end()) {
485 return E_SUCCESS;
486 }
487 return E_NEED_FURTHER_CHECK;
488 }
489
HandleSecurityComponentPermission(MediaLibraryCommand & cmd)490 static int32_t HandleSecurityComponentPermission(MediaLibraryCommand &cmd)
491 {
492 if (cmd.GetUri().ToString().find(OPRN_CREATE_COMPONENT) != string::npos ||
493 cmd.GetUri().ToString().find(OPRN_SAVE_CAMERA_PHOTO_COMPONENT) != string::npos) {
494 #ifdef MEDIALIBRARY_SECURITY_OPEN
495 auto tokenId = PermissionUtils::GetTokenId();
496 CHECK_AND_RETURN_RET_LOG(Security::SecurityComponent::SecCompKit::VerifySavePermission(tokenId),
497 E_NEED_FURTHER_CHECK, "Failed to verify save permission of security component");
498 return E_SUCCESS;
499 #else
500 MEDIA_ERR_LOG("Security component is not existed");
501 return E_NEED_FURTHER_CHECK;
502 #endif
503 }
504 return E_NEED_FURTHER_CHECK;
505 }
506
HandleShortPermission(const MediaLibraryCommand & cmd,bool & need)507 static int32_t HandleShortPermission(const MediaLibraryCommand &cmd, bool &need)
508 {
509 need = false;
510 if (cmd.GetUriStringWithoutSegment() == PAH_CREATE_PHOTO ||
511 cmd.GetUriStringWithoutSegment() == PAH_SYS_CREATE_PHOTO) {
512 if (PermissionUtils::CheckPhotoCallerPermission(PERM_SHORT_TERM_WRITE_IMAGEVIDEO)) {
513 need = true;
514 return E_SUCCESS;
515 }
516 }
517 return E_PERMISSION_DENIED;
518 }
519
HandleRestorePermission(MediaLibraryCommand & cmd)520 static int32_t HandleRestorePermission(MediaLibraryCommand &cmd)
521 {
522 if (cmd.GetUriStringWithoutSegment() == PAH_GENERATE_THUMBNAILS_RESTORE) {
523 return PermissionUtils::CheckCallerPermission(PERM_READ_IMAGEVIDEO) ? E_SUCCESS : E_PERMISSION_DENIED;
524 }
525 return E_PERMISSION_DENIED;
526 }
527
UserFileMgrPermissionCheck(MediaLibraryCommand & cmd,const bool isWrite)528 static int32_t UserFileMgrPermissionCheck(MediaLibraryCommand &cmd, const bool isWrite)
529 {
530 static const set<OperationObject> USER_FILE_MGR_OBJECTS = {
531 OperationObject::UFM_PHOTO,
532 OperationObject::UFM_AUDIO,
533 OperationObject::UFM_ALBUM,
534 OperationObject::UFM_MAP,
535 };
536
537 OperationObject obj = cmd.GetOprnObject();
538 if (USER_FILE_MGR_OBJECTS.find(obj) == USER_FILE_MGR_OBJECTS.end()) {
539 return E_NEED_FURTHER_CHECK;
540 }
541
542 int32_t err = HandleSecurityComponentPermission(cmd);
543 bool cond = (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK));
544 CHECK_AND_RETURN_RET(!cond, err);
545
546 vector<string> perms;
547 if (obj == OperationObject::UFM_AUDIO) {
548 perms.push_back(isWrite ? PERM_WRITE_AUDIO : PERM_READ_AUDIO);
549 } else {
550 perms.push_back(isWrite ? PERM_WRITE_IMAGEVIDEO : PERM_READ_IMAGEVIDEO);
551 }
552 AddHiddenAlbumPermission(cmd, perms);
553 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
554 }
555
PhotoAccessHelperPermCheck(MediaLibraryCommand & cmd,const bool isWrite)556 static int32_t PhotoAccessHelperPermCheck(MediaLibraryCommand &cmd, const bool isWrite)
557 {
558 int32_t err = HandleSecurityComponentPermission(cmd);
559 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
560 return err;
561 }
562
563 OperationObject obj = cmd.GetOprnObject();
564 if (PHOTO_ACCESS_HELPER_OBJECTS.find(obj) == PHOTO_ACCESS_HELPER_OBJECTS.end()) {
565 return E_NEED_FURTHER_CHECK;
566 }
567 vector<string> perms;
568 AddHiddenAlbumPermission(cmd, perms);
569 perms.push_back(isWrite ? PERM_WRITE_IMAGEVIDEO : PERM_READ_IMAGEVIDEO);
570 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
571 }
572
HandleSpecialObjectPermission(MediaLibraryCommand & cmd,bool isWrite)573 static int32_t HandleSpecialObjectPermission(MediaLibraryCommand &cmd, bool isWrite)
574 {
575 int err = HandleNoPermCheck(cmd);
576 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
577 return err;
578 }
579
580 OperationObject obj = cmd.GetOprnObject();
581 if (obj == OperationObject::MEDIA_VOLUME) {
582 return HandleMediaVolumePerm(cmd);
583 } else if (obj == OperationObject::BUNDLE_PERMISSION) {
584 return HandleBundlePermCheck(cmd);
585 }
586
587 return E_NEED_FURTHER_CHECK;
588 }
589
UnifyOprnObject(MediaLibraryCommand & cmd)590 static void UnifyOprnObject(MediaLibraryCommand &cmd)
591 {
592 static const unordered_map<OperationObject, OperationObject> UNIFY_OP_OBJECT_MAP = {
593 { OperationObject::UFM_PHOTO, OperationObject::FILESYSTEM_PHOTO },
594 { OperationObject::UFM_AUDIO, OperationObject::FILESYSTEM_AUDIO },
595 { OperationObject::UFM_ALBUM, OperationObject::PHOTO_ALBUM },
596 { OperationObject::UFM_MAP, OperationObject::PHOTO_MAP },
597 { OperationObject::PAH_PHOTO, OperationObject::FILESYSTEM_PHOTO },
598 { OperationObject::PAH_ALBUM, OperationObject::PHOTO_ALBUM },
599 { OperationObject::PAH_MAP, OperationObject::PHOTO_MAP },
600 { OperationObject::TOOL_PHOTO, OperationObject::FILESYSTEM_PHOTO },
601 { OperationObject::TOOL_AUDIO, OperationObject::FILESYSTEM_AUDIO },
602 { OperationObject::TOOL_ALBUM, OperationObject::PHOTO_ALBUM },
603 };
604
605 OperationObject obj = cmd.GetOprnObject();
606 if (UNIFY_OP_OBJECT_MAP.find(obj) != UNIFY_OP_OBJECT_MAP.end()) {
607 cmd.SetOprnObject(UNIFY_OP_OBJECT_MAP.at(obj));
608 }
609 }
610
MediatoolPermCheck(MediaLibraryCommand & cmd)611 static int32_t MediatoolPermCheck(MediaLibraryCommand &cmd)
612 {
613 if (IsMediatoolOperation(cmd)) {
614 CHECK_AND_RETURN_RET(IsDeveloperMediaTool(cmd), E_PERMISSION_DENIED);
615 return E_SUCCESS;
616 } else {
617 return E_NEED_FURTHER_CHECK;
618 }
619 }
620
CheckPermFromUri(MediaLibraryCommand & cmd,bool isWrite)621 static int32_t CheckPermFromUri(MediaLibraryCommand &cmd, bool isWrite)
622 {
623 MEDIA_DEBUG_LOG("uri: %{private}s object: %{public}d, opType: %{public}d isWrite: %{public}d",
624 cmd.GetUri().ToString().c_str(), cmd.GetOprnObject(), cmd.GetOprnType(), isWrite);
625
626 int err = SystemApiCheck(cmd);
627 CHECK_AND_RETURN_RET(err == E_SUCCESS, err);
628 err = MediatoolPermCheck(cmd);
629 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
630 UnifyOprnObject(cmd);
631 return err;
632 }
633 err = PhotoAccessHelperPermCheck(cmd, isWrite);
634 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
635 UnifyOprnObject(cmd);
636 return err;
637 }
638 err = UserFileMgrPermissionCheck(cmd, isWrite);
639 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
640 UnifyOprnObject(cmd);
641 return err;
642 }
643 err = HandleSpecialObjectPermission(cmd, isWrite);
644 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
645 UnifyOprnObject(cmd);
646 return err;
647 }
648
649 // Finally, we should check the permission of medialibrary interfaces.
650 string perm = isWrite ? PERMISSION_NAME_WRITE_MEDIA : PERMISSION_NAME_READ_MEDIA;
651 err = PermissionUtils::CheckCallerPermission(perm) ? E_SUCCESS : E_PERMISSION_DENIED;
652 CHECK_AND_RETURN_RET(err >= 0, err);
653 DfxDeprecatedPermUsage::Record(
654 static_cast<uint32_t>(cmd.GetOprnObject()), static_cast<uint32_t>(cmd.GetOprnType()));
655 UnifyOprnObject(cmd);
656 return E_SUCCESS;
657 }
658
AddOwnerCheck(MediaLibraryCommand & cmd,DataSharePredicates & appidPredicates)659 static bool AddOwnerCheck(MediaLibraryCommand &cmd, DataSharePredicates &appidPredicates)
660 {
661 bool cond = (cmd.GetTableName() != PhotoColumn::PHOTOS_TABLE &&
662 cmd.GetTableName() != AudioColumn::AUDIOS_TABLE && cmd.GetTableName() != MEDIALIBRARY_TABLE);
663 CHECK_AND_RETURN_RET(!cond, false);
664 string clientAppId = GetClientAppId();
665 if (clientAppId.empty()) {
666 return false;
667 }
668 appidPredicates.And()->EqualTo("owner_appid", clientAppId);
669 return true;
670 }
671
AddOwnerCheck(MediaLibraryCommand & cmd,DataSharePredicates & tokenIdPredicates,vector<string> & columns)672 static bool AddOwnerCheck(MediaLibraryCommand &cmd, DataSharePredicates &tokenIdPredicates, vector<string> &columns)
673 {
674 if (cmd.GetTableName() != PhotoColumn::PHOTOS_TABLE && cmd.GetTableName() != AudioColumn::AUDIOS_TABLE &&
675 cmd.GetTableName() != MEDIALIBRARY_TABLE) {
676 return false;
677 }
678 uint32_t tokenid = PermissionUtils::GetTokenId();
679 string onClause = cmd.GetTableName() + "." + MediaColumn::MEDIA_ID + " = " +
680 AppUriPermissionColumn::APP_URI_PERMISSION_TABLE + "." + AppUriPermissionColumn::FILE_ID;
681 vector<string> clauses = { onClause };
682 tokenIdPredicates.InnerJoin(AppUriPermissionColumn::APP_URI_PERMISSION_TABLE)->On(clauses);
683 tokenIdPredicates.EqualTo(AppUriPermissionColumn::TARGET_TOKENID, to_string(tokenid));
684 for (auto &str : columns) {
685 if (str.compare(AppUriPermissionColumn::FILE_ID) == 0) {
686 str = AppUriPermissionColumn::APP_URI_PERMISSION_TABLE + "." + AppUriPermissionColumn::FILE_ID;
687 }
688 }
689 return true;
690 }
691
GetFlagFromMode(const string & mode)692 static uint32_t GetFlagFromMode(const string &mode)
693 {
694 if (mode.find("w") != string::npos) {
695 return AAFwk::Want::FLAG_AUTH_WRITE_URI_PERMISSION;
696 }
697 return AAFwk::Want::FLAG_AUTH_READ_URI_PERMISSION;
698 }
699
CheckPermissionForOpenFile(const Uri & uri,MediaLibraryCommand & command,string & unifyMode)700 int MediaDataShareExtAbility::CheckPermissionForOpenFile(const Uri &uri,
701 MediaLibraryCommand &command, string &unifyMode)
702 {
703 PermParam permParam = {
704 .isWrite = false,
705 .isOpenFile = true,
706 .openFileNode = unifyMode
707 };
708 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
709 int err = permissionHandler_->CheckPermission(command, permParam);
710 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
711 CHECK_AND_EXECUTE(err == E_SUCCESS, err = CheckOpenFilePermission(command, unifyMode));
712
713 if (err == E_PERMISSION_DENIED) {
714 MEDIA_ERR_LOG("Permission Denied! err = %{public}d", err);
715 CollectPermissionInfo(command, unifyMode, false,
716 PermissionUsedTypeValue::SECURITY_COMPONENT_TYPE);
717 }
718 return err;
719 }
720
OpenFile(const Uri & uri,const string & mode)721 int MediaDataShareExtAbility::OpenFile(const Uri &uri, const string &mode)
722 {
723 #ifdef MEDIALIBRARY_COMPATIBILITY
724 string realUriStr = MediaFileUtils::GetRealUriFromVirtualUri(uri.ToString());
725 Uri realUri(realUriStr);
726 MediaLibraryCommand command(realUri, Media::OperationType::OPEN);
727
728 #else
729 MediaLibraryCommand command(uri, Media::OperationType::OPEN);
730 #endif
731
732 string unifyMode = mode;
733 transform(unifyMode.begin(), unifyMode.end(), unifyMode.begin(), ::tolower);
734 int err = CheckPermissionForOpenFile(uri, command, unifyMode);
735 CHECK_AND_RETURN_RET_LOG(err >= 0, err, "permission deny: %{public}d", err);
736 int32_t object = static_cast<int32_t>(command.GetOprnObject());
737 int32_t type = static_cast<int32_t>(command.GetOprnType());
738 DfxTimer dfxTimer(type, object, OPEN_FILE_TIME_OUT, true);
739
740 CHECK_AND_EXECUTE(command.GetUri().ToString().find(MEDIA_DATA_DB_THUMBNAIL) == string::npos,
741 command.SetOprnObject(OperationObject::THUMBNAIL));
742
743 CHECK_AND_EXECUTE(command.GetUri().ToString().find(MEDIA_DATA_DB_THUMB_ASTC) == string::npos,
744 command.SetOprnObject(OperationObject::THUMBNAIL_ASTC));
745
746 CHECK_AND_EXECUTE(command.GetUri().ToString().find(PhotoColumn::PHOTO_CACHE_URI_PREFIX) == string::npos,
747 command.SetOprnObject(OperationObject::FILESYSTEM_PHOTO));
748
749 if (command.GetUri().ToString().find(PhotoColumn::HIGHTLIGHT_URI) != string::npos) {
750 command.SetOprnObject(OperationObject::HIGHLIGHT_URI);
751 } else if (command.GetUri().ToString().find(MEDIA_DATA_DB_HIGHLIGHT) != string::npos) {
752 command.SetOprnObject(OperationObject::HIGHLIGHT_COVER);
753 }
754
755 CHECK_AND_EXECUTE(command.GetUri().ToString().find(PhotoColumn::PHOTO_REQUEST_PICTURE) == string::npos,
756 command.SetOprnObject(OperationObject::REQUEST_PICTURE));
757
758 CHECK_AND_EXECUTE(command.GetUri().ToString().find(PhotoColumn::PHOTO_REQUEST_PICTURE_BUFFER) == string::npos,
759 command.SetOprnObject(OperationObject::PHOTO_REQUEST_PICTURE_BUFFER));
760
761 CHECK_AND_EXECUTE(command.GetUri().ToString().find(MEDIA_DATA_DB_KEY_FRAME) == string::npos,
762 command.SetOprnObject(OperationObject::KEY_FRAME));
763 return MediaLibraryDataManager::GetInstance()->OpenFile(command, unifyMode);
764 }
765
OpenRawFile(const Uri & uri,const string & mode)766 int MediaDataShareExtAbility::OpenRawFile(const Uri &uri, const string &mode)
767 {
768 return 0;
769 }
770
Insert(const Uri & uri,const DataShareValuesBucket & value)771 int MediaDataShareExtAbility::Insert(const Uri &uri, const DataShareValuesBucket &value)
772 {
773 MediaLibraryCommand cmd(uri);
774 PermParam permParam = {
775 .isWrite = true,
776 };
777 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
778 int err = permissionHandler_->CheckPermission(cmd, permParam);
779 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
780 CHECK_AND_RETURN_RET(err == E_SUCCESS, err);
781 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
782 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
783 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
784 return MediaLibraryDataManager::GetInstance()->Insert(cmd, value);
785 }
786
InsertExt(const Uri & uri,const DataShareValuesBucket & value,string & result)787 int MediaDataShareExtAbility::InsertExt(const Uri &uri, const DataShareValuesBucket &value, string &result)
788 {
789 MediaLibraryCommand cmd(uri);
790 PermParam permParam = {
791 .isWrite = true,
792 };
793 bool needToResetTime = false;
794 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
795 int err = permissionHandler_->CheckPermission(cmd, permParam);
796 MEDIA_INFO_LOG("OperationObject=%{public}d, permissionHandler_ err=%{public}d", cmd.GetOprnObject(), err);
797 CHECK_AND_RETURN_RET(err != -E_CHECK_SYSTEMAPP_FAIL, err);
798 CHECK_AND_EXECUTE(err == E_SUCCESS, err = HandleShortPermission(cmd, needToResetTime));
799
800 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
801 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
802 if (err < 0) {
803 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
804 return err;
805 }
806
807 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
808 int32_t ret = MediaLibraryDataManager::GetInstance()->InsertExt(cmd, value, result);
809 if (needToResetTime) {
810 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
811 err = Security::AccessToken::AccessTokenKit::GrantPermissionForSpecifiedTime(tokenCaller,
812 PERM_SHORT_TERM_WRITE_IMAGEVIDEO, SHORT_TERM_PERMISSION_DURATION_300S);
813 CHECK_AND_RETURN_RET_LOG(err >= 0, err, "queryResultSet is nullptr! errCode: %{public}d", err);
814 }
815 return ret;
816 }
817
CheckCloudSyncPermission()818 static bool CheckCloudSyncPermission()
819 {
820 CHECK_AND_RETURN_RET_LOG(PermissionUtils::CheckCallerPermission(PERM_CLOUD_SYNC_MANAGER),
821 false, "permission denied");
822 return true;
823 }
824
Update(const Uri & uri,const DataSharePredicates & predicates,const DataShareValuesBucket & value)825 int MediaDataShareExtAbility::Update(const Uri &uri, const DataSharePredicates &predicates,
826 const DataShareValuesBucket &value)
827 {
828 MediaLibraryCommand cmd(uri);
829 if (cmd.GetOprnObject() == OperationObject::CLOUD_MEDIA_ASSET_OPERATE) {
830 if (!CheckCloudSyncPermission()) {
831 return E_PERMISSION_DENIED;
832 }
833 return CloudMediaAssetManager::GetInstance().HandleCloudMediaAssetUpdateOperations(cmd);
834 }
835 PermParam permParam = {
836 .isWrite = true,
837 };
838 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
839 cmd.SetDataSharePred(predicates);
840 int err = permissionHandler_->CheckPermission(cmd, permParam);
841 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
842 CHECK_AND_RETURN_RET(err != -E_CHECK_SYSTEMAPP_FAIL, err);
843 if (err != E_SUCCESS) {
844 err = HandleRestorePermission(cmd);
845 }
846 bool isMediatoolOperation = IsMediatoolOperation(cmd);
847 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
848 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
849
850 DataSharePredicates appidPredicates = predicates;
851 if (err != E_SUCCESS) {
852 if (isMediatoolOperation) {
853 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
854 return err;
855 }
856 if (!AddOwnerCheck(cmd, appidPredicates)) {
857 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
858 return err;
859 }
860 }
861
862 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
863 auto updateRet = MediaLibraryDataManager::GetInstance()->Update(cmd, value, appidPredicates);
864 bool cond = (err < 0 && updateRet <= 0);
865 CHECK_AND_RETURN_RET_LOG(!cond, err, "permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
866 return updateRet;
867 }
868
Delete(const Uri & uri,const DataSharePredicates & predicates)869 int MediaDataShareExtAbility::Delete(const Uri &uri, const DataSharePredicates &predicates)
870 {
871 MediaLibraryCommand cmd(uri, Media::OperationType::DELETE);
872 PermParam permParam = {
873 .isWrite = true,
874 };
875 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
876 cmd.SetDataSharePred(predicates);
877 int err = permissionHandler_->CheckPermission(cmd, permParam);
878 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
879 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
880 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
881 if (err != E_SUCCESS) {
882 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
883 return err;
884 }
885
886 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
887 return MediaLibraryDataManager::GetInstance()->Delete(cmd, predicates);
888 }
889
Query(const Uri & uri,const DataSharePredicates & predicates,vector<string> & columns,DatashareBusinessError & businessError)890 shared_ptr<DataShareResultSet> MediaDataShareExtAbility::Query(const Uri &uri,
891 const DataSharePredicates &predicates, vector<string> &columns, DatashareBusinessError &businessError)
892 {
893 MediaLibraryCommand cmd(uri);
894 PermParam permParam = {.isWrite = false};
895 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, nullptr, "permissionHandler_ is nullptr");
896 cmd.SetDataSharePred(predicates);
897 int err = permissionHandler_->CheckPermission(cmd, permParam);
898 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
899 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
900 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
901 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
902 bool isMediatoolOperation = IsMediatoolOperation(cmd);
903 int errCode = businessError.GetCode();
904 DataSharePredicates appidPredicates = predicates;
905 if (err != E_SUCCESS) {
906 if (isMediatoolOperation) {
907 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
908 businessError.SetCode(err);
909 return nullptr;
910 }
911 auto& uriPermissionClient = AAFwk::UriPermissionManagerClient::GetInstance();
912 if (!AddOwnerCheck(cmd, appidPredicates)) {
913 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
914 businessError.SetCode(err);
915 return nullptr;
916 }
917 }
918 auto queryResultSet = MediaLibraryDataManager::GetInstance()->Query(cmd, columns, appidPredicates, errCode);
919 businessError.SetCode(to_string(errCode));
920 if (queryResultSet == nullptr) {
921 MEDIA_ERR_LOG("queryResultSet is nullptr! errCode: %{public}d", errCode);
922 businessError.SetCode(errCode);
923 return nullptr;
924 }
925 auto count = 0;
926 queryResultSet->GetRowCount(count);
927 if (err < 0 && count == 0) {
928 businessError.SetCode(err);
929 return nullptr;
930 }
931 shared_ptr<DataShareResultSet> resultSet = make_shared<DataShareResultSet>(queryResultSet);
932 return resultSet;
933 }
934
GetType(const Uri & uri)935 string MediaDataShareExtAbility::GetType(const Uri &uri)
936 {
937 MEDIA_INFO_LOG("%{public}s begin.", __func__);
938 MediaLibraryCommand cmd(uri);
939 PermParam permParam = {.isWrite = false};
940 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, "", "permissionHandler_ is nullptr");
941 int err = permissionHandler_->CheckPermission(cmd, permParam);
942 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
943 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
944 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
945 if (err != E_SUCCESS) {
946 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
947 return "";
948 }
949 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
950 string getTypeRet = MediaLibraryDataManager::GetInstance()->GetType(uri);
951 return getTypeRet;
952 }
953
BatchInsert(const Uri & uri,const vector<DataShareValuesBucket> & values)954 int MediaDataShareExtAbility::BatchInsert(const Uri &uri, const vector<DataShareValuesBucket> &values)
955 {
956 MediaLibraryCommand cmd(uri);
957 PermParam permParam = {
958 .isWrite = true,
959 };
960 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
961 int err = permissionHandler_->CheckPermission(cmd, permParam);
962 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
963 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
964 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
965 if (err != E_SUCCESS) {
966 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
967 return err;
968 }
969 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
970 return MediaLibraryDataManager::GetInstance()->BatchInsert(cmd, values);
971 }
972
RegisterObserver(const Uri & uri,const sptr<AAFwk::IDataAbilityObserver> & dataObserver)973 bool MediaDataShareExtAbility::RegisterObserver(const Uri &uri, const sptr<AAFwk::IDataAbilityObserver> &dataObserver)
974 {
975 MEDIA_INFO_LOG("%{public}s begin.", __func__);
976 auto obsMgrClient = DataObsMgrClient::GetInstance();
977 if (obsMgrClient == nullptr) {
978 MEDIA_ERR_LOG("%{public}s obsMgrClient is nullptr", __func__);
979 return false;
980 }
981
982 ErrCode ret = obsMgrClient->RegisterObserver(uri, dataObserver);
983 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
984 "%{public}s obsMgrClient->RegisterObserver error return %{public}d", __func__, ret);
985 MEDIA_INFO_LOG("%{public}s end.", __func__);
986 return true;
987 }
988
UnregisterObserver(const Uri & uri,const sptr<AAFwk::IDataAbilityObserver> & dataObserver)989 bool MediaDataShareExtAbility::UnregisterObserver(const Uri &uri, const sptr<AAFwk::IDataAbilityObserver> &dataObserver)
990 {
991 MEDIA_INFO_LOG("%{public}s begin.", __func__);
992 auto obsMgrClient = DataObsMgrClient::GetInstance();
993 CHECK_AND_RETURN_RET_LOG(obsMgrClient != nullptr, false, "%{public}s obsMgrClient is nullptr", __func__);
994
995 ErrCode ret = obsMgrClient->UnregisterObserver(uri, dataObserver);
996 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
997 "%{public}s obsMgrClient->UnregisterObserver error return %{public}d", __func__, ret);
998 MEDIA_INFO_LOG("%{public}s end.", __func__);
999 return true;
1000 }
1001
NotifyChange(const Uri & uri)1002 bool MediaDataShareExtAbility::NotifyChange(const Uri &uri)
1003 {
1004 auto obsMgrClient = DataObsMgrClient::GetInstance();
1005 CHECK_AND_RETURN_RET_LOG(obsMgrClient != nullptr, false, "%{public}s obsMgrClient is nullptr", __func__);
1006
1007 ErrCode ret = obsMgrClient->NotifyChange(uri);
1008 CHECK_AND_RETURN_RET_LOG(ret == ERR_OK, false,
1009 "%{public}s obsMgrClient->NotifyChange error return %{public}d", __func__, ret);
1010 return true;
1011 }
1012
NormalizeUri(const Uri & uri)1013 Uri MediaDataShareExtAbility::NormalizeUri(const Uri &uri)
1014 {
1015 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1016 auto ret = uri;
1017 MEDIA_INFO_LOG("%{public}s end.", __func__);
1018 return ret;
1019 }
1020
DenormalizeUri(const Uri & uri)1021 Uri MediaDataShareExtAbility::DenormalizeUri(const Uri &uri)
1022 {
1023 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1024 auto ret = uri;
1025 MEDIA_INFO_LOG("%{public}s end.", __func__);
1026 return ret;
1027 }
1028
UserDefineFunc(MessageParcel & data,MessageParcel & reply,MessageOption & option)1029 int32_t MediaDataShareExtAbility::UserDefineFunc(MessageParcel &data, MessageParcel &reply, MessageOption &option)
1030 {
1031 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_ERR, "permissionHandler_ is nullptr");
1032 IPC::MediaReqVo<IPC::MediaEmptyObjVo> reqVo;
1033 bool retReq = reqVo.Unmarshalling(data);
1034 CHECK_AND_RETURN_RET_LOG(retReq, E_IPC_SEVICE_UNMARSHALLING_FAIL, "read reqVo from parcel failed");
1035 uint32_t operationCode = reqVo.GetCode();
1036 std::string traceId = reqVo.GetTraceId();
1037 int32_t userId = reqVo.GetUserId();
1038 int64_t startTime = MediaFileUtils::UTCTimeMilliSeconds();
1039 int32_t ret = E_IPC_SEVICE_NOT_FOUND;
1040 for (auto &controllerService : this->serviceFactory_.GetAllMediaControllerService()) {
1041 if (!controllerService->Accept(operationCode)) {
1042 continue;
1043 }
1044
1045 std::vector<std::vector<PermissionType>> permissionPolicy;
1046 bool isDBBypass = false;
1047 if (controllerService->GetPermissionPolicy(operationCode, permissionPolicy, isDBBypass)) {
1048 ret = IPC::UserDefineIPC().WriteResponseBody(reply, Media::E_PERMISSION_DENIED);
1049 break;
1050 }
1051 PermissionHeaderReq permHeaderReq = PermissionHeaderReq::convertToPermissionHeaderReq(reqVo.GetHeader(),
1052 userId, permissionPolicy, isDBBypass);
1053 int32_t errCode = PermissionCheck::VerifyPermissions(operationCode, permHeaderReq);
1054 if (errCode != E_SUCCESS && errCode != E_PERMISSION_DB_BYPASS) {
1055 ret = IPC::UserDefineIPC().WriteResponseBody(reply, errCode);
1056 break;
1057 }
1058 MEDIA_INFO_LOG("API code %{public}d verify permission success", operationCode);
1059 IPCContext context(option, errCode);
1060 ret = controllerService->OnRemoteRequest(operationCode, data, reply, context);
1061 break;
1062 }
1063 if (ret != E_SUCCESS) {
1064 MEDIA_INFO_LOG("API code %{public}d return fail %{public}d", operationCode, ret);
1065 DfxManager::GetInstance()->HandleControllerServiceError(operationCode, ret);
1066 }
1067 int64_t endTime = MediaFileUtils::UTCTimeMilliSeconds();
1068 int64_t costTime = endTime - startTime;
1069 MEDIA_INFO_LOG("API excuted, userId: %{public}d, traceId: %{public}s, "
1070 "code: %{public}d, ret: %{public}d, costTime: %{public}ld",
1071 userId,
1072 traceId.c_str(),
1073 static_cast<int32_t>(operationCode),
1074 ret,
1075 static_cast<long>(costTime));
1076 return ret;
1077 }
1078 } // namespace AbilityRuntime
1079 } // namespace OHOS
1080