1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "privacy_kit.h"
17
18 #include <string>
19 #include <vector>
20
21 #include "constant_common.h"
22 #include "data_validator.h"
23 #include "privacy_error.h"
24 #include "privacy_manager_client.h"
25 #include "time_util.h"
26
27 namespace OHOS {
28 namespace Security {
29 namespace AccessToken {
30 namespace {
31 constexpr const int64_t MERGE_TIMESTAMP = 200; // 200ms
32 std::mutex g_lockCache;
33 struct RecordCache {
34 int32_t successCount = 0;
35 int64_t timespamp = 0;
36 };
37 std::map<std::string, RecordCache> g_recordMap;
38 }
GetRecordUniqueStr(const AddPermParamInfo & record)39 static std::string GetRecordUniqueStr(const AddPermParamInfo& record)
40 {
41 return std::to_string(record.tokenId) + "_" + record.permissionName + "_" + std::to_string(record.type);
42 }
43
FindAndInsertRecord(const AddPermParamInfo & record)44 bool FindAndInsertRecord(const AddPermParamInfo& record)
45 {
46 std::lock_guard<std::mutex> lock(g_lockCache);
47 std::string newRecordStr = GetRecordUniqueStr(record);
48 int64_t curTimestamp = TimeUtil::GetCurrentTimestamp();
49 auto iter = g_recordMap.find(newRecordStr);
50 if (iter == g_recordMap.end()) {
51 g_recordMap[newRecordStr].successCount = record.successCount;
52 g_recordMap[newRecordStr].timespamp = curTimestamp;
53 return false;
54 }
55 if (curTimestamp - iter->second.timespamp >= MERGE_TIMESTAMP) {
56 g_recordMap[newRecordStr].successCount = record.successCount;
57 g_recordMap[newRecordStr].timespamp = curTimestamp;
58 return false;
59 }
60 if (iter->second.successCount == 0 && record.successCount != 0) {
61 g_recordMap[newRecordStr].successCount += record.successCount;
62 g_recordMap[newRecordStr].timespamp = curTimestamp;
63 return false;
64 }
65 g_recordMap[newRecordStr].successCount += record.successCount;
66 g_recordMap[newRecordStr].timespamp = curTimestamp;
67 return true;
68 }
69
AddPermissionUsedRecord(AccessTokenID tokenID,const std::string & permissionName,int32_t successCount,int32_t failCount,bool asyncMode)70 int32_t PrivacyKit::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName,
71 int32_t successCount, int32_t failCount, bool asyncMode)
72 {
73 AddPermParamInfo info;
74 info.tokenId = tokenID;
75 info.permissionName = permissionName;
76 info.successCount = successCount;
77 info.failCount = failCount;
78 return AddPermissionUsedRecord(info, asyncMode);
79 }
80
AddPermissionUsedRecord(const AddPermParamInfo & info,bool asyncMode)81 int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode)
82 {
83 if ((!DataValidator::IsTokenIDValid(info.tokenId)) ||
84 (!DataValidator::IsPermissionNameValid(info.permissionName)) ||
85 (info.successCount < 0 || info.failCount < 0) ||
86 (!DataValidator::IsPermissionUsedTypeValid(info.type))) {
87 return PrivacyError::ERR_PARAM_INVALID;
88 }
89 if (!DataValidator::IsHapCaller(info.tokenId) && !DataValidator::IsNativeCaller(info.tokenId)) {
90 return PrivacyError::ERR_PARAM_INVALID;
91 }
92
93 int32_t res = RET_SUCCESS;
94 if (!FindAndInsertRecord(info)) {
95 res = PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode);
96 if (res != RET_SUCCESS) {
97 std::lock_guard<std::mutex> lock(g_lockCache);
98 std::string recordStr = GetRecordUniqueStr(info);
99 g_recordMap.erase(recordStr);
100 }
101 }
102
103 return (res == PrivacyError::PRIVACY_TOGGELE_RESTRICTED) ? RET_SUCCESS : res;
104 }
105
SetPermissionUsedRecordToggleStatus(int32_t userID,bool status)106 int32_t PrivacyKit::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status)
107 {
108 if (!DataValidator::IsUserIdValid(userID)) {
109 return PrivacyError::ERR_PARAM_INVALID;
110 }
111 return PrivacyManagerClient::GetInstance().SetPermissionUsedRecordToggleStatus(userID, status);
112 }
113
GetPermissionUsedRecordToggleStatus(int32_t userID,bool & status)114 int32_t PrivacyKit::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status)
115 {
116 if (!DataValidator::IsUserIdValid(userID)) {
117 return PrivacyError::ERR_PARAM_INVALID;
118 }
119 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecordToggleStatus(userID, status);
120 }
121
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid,PermissionUsedType type)122 int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid,
123 PermissionUsedType type)
124 {
125 if ((!DataValidator::IsTokenIDValid(tokenID)) ||
126 (!DataValidator::IsPermissionNameValid(permissionName)) ||
127 (!DataValidator::IsPermissionUsedTypeValid(type))) {
128 return PrivacyError::ERR_PARAM_INVALID;
129 }
130 if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) {
131 return PrivacyError::ERR_PARAM_INVALID;
132 }
133 return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, type);
134 }
135
StartUsingPermission(AccessTokenID tokenID,const std::string & permissionName,const std::shared_ptr<StateCustomizedCbk> & callback,int32_t pid,PermissionUsedType type)136 int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName,
137 const std::shared_ptr<StateCustomizedCbk>& callback, int32_t pid, PermissionUsedType type)
138 {
139 if ((!DataValidator::IsTokenIDValid(tokenID)) ||
140 (!DataValidator::IsPermissionNameValid(permissionName)) ||
141 (!DataValidator::IsPermissionUsedTypeValid(type))) {
142 return PrivacyError::ERR_PARAM_INVALID;
143 }
144 if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) {
145 return PrivacyError::ERR_PARAM_INVALID;
146 }
147 return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, callback, type);
148 }
149
StopUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid)150 int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid)
151 {
152 if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) {
153 return PrivacyError::ERR_PARAM_INVALID;
154 }
155 if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) {
156 return PrivacyError::ERR_PARAM_INVALID;
157 }
158 return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, pid, permissionName);
159 }
160
RemovePermissionUsedRecords(AccessTokenID tokenID)161 int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID)
162 {
163 if (!DataValidator::IsTokenIDValid(tokenID)) {
164 return PrivacyError::ERR_PARAM_INVALID;
165 }
166 if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) {
167 return PrivacyError::ERR_PARAM_INVALID;
168 }
169 return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID);
170 }
171
IsPermissionFlagValid(const PermissionUsedRequest & request)172 static bool IsPermissionFlagValid(const PermissionUsedRequest& request)
173 {
174 int64_t begin = request.beginTimeMillis;
175 int64_t end = request.endTimeMillis;
176 if ((begin < 0) || (end < 0) || (begin > end)) {
177 return false;
178 }
179 return DataValidator::IsPermissionUsedFlagValid(request.flag);
180 }
181
GetPermissionUsedRecords(const PermissionUsedRequest & request,PermissionUsedResult & result)182 int32_t PrivacyKit::GetPermissionUsedRecords(const PermissionUsedRequest& request, PermissionUsedResult& result)
183 {
184 if (!IsPermissionFlagValid(request)) {
185 return PrivacyError::ERR_PARAM_INVALID;
186 }
187 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecords(request, result);
188 }
189
GetPermissionUsedRecords(const PermissionUsedRequest & request,const sptr<OnPermissionUsedRecordCallback> & callback)190 int32_t PrivacyKit::GetPermissionUsedRecords(
191 const PermissionUsedRequest& request, const sptr<OnPermissionUsedRecordCallback>& callback)
192 {
193 if (!IsPermissionFlagValid(request)) {
194 return PrivacyError::ERR_PARAM_INVALID;
195 }
196 return PrivacyManagerClient::GetInstance().GetPermissionUsedRecords(request, callback);
197 }
198
RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk> & callback)199 int32_t PrivacyKit::RegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback)
200 {
201 return PrivacyManagerClient::GetInstance().RegisterPermActiveStatusCallback(callback);
202 }
203
UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk> & callback)204 int32_t PrivacyKit::UnRegisterPermActiveStatusCallback(const std::shared_ptr<PermActiveStatusCustomizedCbk>& callback)
205 {
206 return PrivacyManagerClient::GetInstance().UnRegisterPermActiveStatusCallback(callback);
207 }
208
IsAllowedUsingPermission(AccessTokenID tokenID,const std::string & permissionName,int32_t pid)209 bool PrivacyKit::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid)
210 {
211 if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) {
212 return false;
213 }
214 return PrivacyManagerClient::GetInstance().IsAllowedUsingPermission(tokenID, permissionName, pid);
215 }
216
GetPermissionUsedTypeInfos(const AccessTokenID tokenId,const std::string & permissionName,std::vector<PermissionUsedTypeInfo> & results)217 int32_t PrivacyKit::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName,
218 std::vector<PermissionUsedTypeInfo>& results)
219 {
220 if (permissionName.empty()) {
221 return PrivacyManagerClient::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results);
222 }
223
224 if (!DataValidator::IsPermissionNameValid(permissionName)) {
225 return PrivacyError::ERR_PARAM_INVALID;
226 }
227 return PrivacyManagerClient::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results);
228 }
229
SetMutePolicy(uint32_t policyType,uint32_t callerType,bool isMute,AccessTokenID tokenID)230 int32_t PrivacyKit::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID)
231 {
232 if (!DataValidator::IsPolicyTypeValid(policyType) ||
233 !DataValidator::IsCallerTypeValid(callerType) ||
234 (tokenID == 0)) {
235 return PrivacyError::ERR_PARAM_INVALID;
236 }
237 return PrivacyManagerClient::GetInstance().SetMutePolicy(policyType, callerType, isMute, tokenID);
238 }
239
SetHapWithFGReminder(uint32_t tokenId,bool isAllowed)240 int32_t PrivacyKit::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed)
241 {
242 if (!DataValidator::IsTokenIDValid(tokenId)) {
243 return PrivacyError::ERR_PARAM_INVALID;
244 }
245 return PrivacyManagerClient::GetInstance().SetHapWithFGReminder(tokenId, isAllowed);
246 }
247 } // namespace AccessToken
248 } // namespace Security
249 } // namespace OHOS
250