1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_record_manager.h"
17
18 #include <algorithm>
19 #include <cinttypes>
20 #include <numeric>
21
22 #ifndef APP_SECURITY_PRIVACY_SERVICE
23 #include "ability_manager_access_loader.h"
24 #endif
25 #include "access_token.h"
26 #include "access_token_helper.h"
27 #include "accesstoken_kit.h"
28 #include "accesstoken_common_log.h"
29 #include "active_status_callback_manager.h"
30 #include "app_manager_access_client.h"
31 #include "audio_manager_adapter.h"
32 #include "camera_manager_adapter.h"
33 #include "constant.h"
34 #include "constant_common.h"
35 #include "data_translator.h"
36 #include "i_state_change_callback.h"
37 #include "ipc_skeleton.h"
38 #include "iservice_registry.h"
39 #include "json_parse_loader.h"
40 #include "libraryloader.h"
41 #include "parameter.h"
42 #include "parcel_utils.h"
43 #include "permission_record_set.h"
44 #include "permission_used_record_db.h"
45 #include "privacy_error.h"
46 #include "privacy_field_const.h"
47 #include "refbase.h"
48 #include "screenlock_manager_loader.h"
49 #include "state_change_callback_proxy.h"
50 #include "system_ability_definition.h"
51 #include "time_util.h"
52
53 namespace OHOS {
54 namespace Security {
55 namespace AccessToken {
56 namespace {
57 static const int32_t VALUE_MAX_LEN = 32;
58 constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA";
59 constexpr const char* CAMERA_BACKGROUND_PERMISSION_NAME = "ohos.permission.CAMERA_BACKGROUND";
60 constexpr const char* MICROPHONE_PERMISSION_NAME = "ohos.permission.MICROPHONE";
61 constexpr const char* MICROPHONE_BACKGROUND_PERMISSION_NAME = "ohos.permission.MICROPHONE_BACKGROUND";
62 constexpr const char* EDM_MIC_MUTE_KEY = "persist.edm.mic_disable";
63 constexpr const char* EDM_CAMERA_MUTE_KEY = "persist.edm.camera_disable";
64 #ifndef APP_SECURITY_PRIVACY_SERVICE
65 constexpr const char* DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME = "com.ohos.permissionmanager";
66 constexpr const char* DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY = "com.ohos.permissionmanager.GlobalExtAbility";
67 #endif
68 static const int32_t DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM = 500000;
69 static const int32_t DEFAULT_PERMISSION_USED_RECORD_AGING_TIME = 7;
70 static const uint32_t NORMAL_TYPE_ADD_VALUE = 1;
71 static const uint32_t PICKER_TYPE_ADD_VALUE = 2;
72 static const uint32_t SEC_COMPONENT_TYPE_ADD_VALUE = 4;
73 static constexpr int64_t ONE_MINUTE_MILLISECONDS = 60 * 1000; // 1 min = 60 * 1000 ms
74 static constexpr int32_t MAX_USER_ID = 10736;
75 static constexpr int32_t BASE_USER_RANGE = 200000;
76 #ifndef MAX_COUNT_TEST
77 static const uint32_t MAX_PERMISSION_USED_TYPE_SIZE = 2000;
78 #else
79 static const uint32_t MAX_PERMISSION_USED_TYPE_SIZE = 20;
80 #endif
81 constexpr const char* EDM_PROCESS_NAME = "edm";
82 std::recursive_mutex g_instanceMutex;
83 }
GetInstance()84 PermissionRecordManager& PermissionRecordManager::GetInstance()
85 {
86 static PermissionRecordManager* instance = nullptr;
87 if (instance == nullptr) {
88 std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
89 if (instance == nullptr) {
90 PermissionRecordManager* tmp = new (std::nothrow) PermissionRecordManager();
91 instance = std::move(tmp);
92 }
93 }
94 return *instance;
95 }
96
PermissionRecordManager()97 PermissionRecordManager::PermissionRecordManager()
98 {
99 bool isEdmMute = false;
100 if (GetMuteParameter(EDM_MIC_MUTE_KEY, isEdmMute)) {
101 ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, EDM, isEdmMute);
102 }
103 }
104
~PermissionRecordManager()105 PermissionRecordManager::~PermissionRecordManager()
106 {
107 if (!hasInited_) {
108 return;
109 }
110 hasInited_ = false;
111 Unregister();
112 }
113
OnAppStateChanged(const AppStateData & appStateData)114 void PrivacyAppStateObserver::OnAppStateChanged(const AppStateData &appStateData)
115 {
116 LOGD(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}d, pid=%{public}d, state=%{public}d).",
117 appStateData.accessTokenId, appStateData.pid, appStateData.state);
118
119 ActiveChangeType status = PERM_INACTIVE;
120 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_FOREGROUND)) {
121 status = PERM_ACTIVE_IN_FOREGROUND;
122 } else if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_BACKGROUND)) {
123 status = PERM_ACTIVE_IN_BACKGROUND;
124 }
125 PermissionRecordManager::GetInstance().NotifyAppStateChange(appStateData.accessTokenId, appStateData.pid, status);
126 }
127
OnAppStopped(const AppStateData & appStateData)128 void PrivacyAppStateObserver::OnAppStopped(const AppStateData &appStateData)
129 {
130 LOGI(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}d, state=%{public}d).",
131 appStateData.accessTokenId, appStateData.state);
132
133 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_TERMINATED)) {
134 PermissionRecordManager::GetInstance().RemoveRecordFromStartListByToken(appStateData.accessTokenId);
135 }
136 }
137
OnProcessDied(const ProcessData & processData)138 void PrivacyAppStateObserver::OnProcessDied(const ProcessData &processData)
139 {
140 LOGD(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}u, pid=%{public}d, state=%{public}d).",
141 processData.accessTokenId, processData.pid, processData.state);
142
143 PermissionRecordManager::GetInstance().RemoveRecordFromStartListByPid(processData.accessTokenId, processData.pid);
144 }
145
NotifyAppManagerDeath()146 void PrivacyAppManagerDeathCallback::NotifyAppManagerDeath()
147 {
148 PermissionRecordManager::GetInstance().OnAppMgrRemoteDiedHandle();
149 }
150
AddRecToCacheAndValueVec(const PermissionRecord & record,std::vector<GenericValues> & values)151 void PermissionRecordManager::AddRecToCacheAndValueVec(const PermissionRecord& record,
152 std::vector<GenericValues>& values)
153 {
154 PermissionRecordCache cache;
155 cache.record = record;
156 permUsedRecList_.emplace_back(cache);
157
158 GenericValues value;
159 PermissionRecord::TranslationIntoGenericValues(record, value);
160 values.emplace_back(value);
161 }
162
RecordMergeCheck(const PermissionRecord & record1,const PermissionRecord & record2)163 static bool RecordMergeCheck(const PermissionRecord& record1, const PermissionRecord& record2)
164 {
165 // timestamp in the same minute
166 if (!AccessToken::TimeUtil::IsTimeStampsSameMinute(record1.timestamp, record2.timestamp)) {
167 return false;
168 }
169
170 // the same tokenID + opCode + status + lockScreenStatus + usedType
171 if ((record1.tokenId != record2.tokenId) ||
172 (record1.opCode != record2.opCode) ||
173 (record1.status != record2.status) ||
174 (record1.lockScreenStatus != record2.lockScreenStatus) ||
175 (record1.type != record2.type)) {
176 return false;
177 }
178
179 // both success
180 if (((record1.accessCount > 0) && (record2.accessCount == 0)) ||
181 ((record1.accessCount == 0) && (record2.accessCount > 0))) {
182 return false;
183 }
184
185 // both failure
186 if (((record1.rejectCount > 0) && (record2.rejectCount == 0)) ||
187 ((record1.rejectCount == 0) && (record2.rejectCount > 0))) {
188 return false;
189 }
190
191 return true;
192 }
193
MergeOrInsertRecord(const PermissionRecord & record)194 int32_t PermissionRecordManager::MergeOrInsertRecord(const PermissionRecord& record)
195 {
196 std::vector<GenericValues> insertRecords;
197 {
198 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
199 if (permUsedRecList_.empty()) {
200 LOGI(PRI_DOMAIN, PRI_TAG, "First record in cache!");
201
202 AddRecToCacheAndValueVec(record, insertRecords);
203 } else {
204 bool mergeFlag = false;
205 for (auto it = permUsedRecList_.begin(); it != permUsedRecList_.end(); ++it) {
206 if (RecordMergeCheck(it->record, record)) {
207 LOGI(PRI_DOMAIN, PRI_TAG, "Merge record, ori timestamp is %{public}s.",
208 std::to_string(it->record.timestamp).c_str());
209
210 // merge new record to older one if match the merge condition
211 it->record.accessCount += record.accessCount;
212 it->record.rejectCount += record.rejectCount;
213
214 // set update flag to true
215 it->needUpdateToDb = true;
216 mergeFlag = true;
217 break;
218 }
219 }
220
221 if (!mergeFlag) {
222 // record can't merge store to database immediately and add to cache
223 AddRecToCacheAndValueVec(record, insertRecords);
224 }
225 }
226 }
227
228 if (insertRecords.empty()) {
229 return Constant::SUCCESS;
230 }
231
232 Utils::UniqueWriteGuard<Utils::RWLock> lk(this->rwLock_);
233 int32_t res = PermissionUsedRecordDb::GetInstance().Add(PermissionUsedRecordDb::DataType::PERMISSION_RECORD,
234 insertRecords);
235 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
236 LOGI(PRI_DOMAIN, PRI_TAG, "Add permission_record_table failed!");
237 return res;
238 }
239
240 LOGI(PRI_DOMAIN, PRI_TAG, "Add record, id %{public}d, op %{public}d, status: %{public}d, sucCnt: %{public}d, "
241 "failCnt: %{public}d, lockScreenStatus %{public}d, timestamp %{public}s, type %{public}d.",
242 record.tokenId, record.opCode, record.status, record.accessCount, record.rejectCount, record.lockScreenStatus,
243 std::to_string(record.timestamp).c_str(), record.type);
244
245 return Constant::SUCCESS;
246 }
247
UpdatePermissionUsedRecordToDb(const PermissionRecord & record)248 bool PermissionRecordManager::UpdatePermissionUsedRecordToDb(const PermissionRecord& record)
249 {
250 GenericValues modifyValue;
251 modifyValue.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, record.accessCount);
252 modifyValue.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, record.rejectCount);
253
254 GenericValues conditionValue;
255 conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(record.tokenId));
256 conditionValue.Put(PrivacyFiledConst::FIELD_OP_CODE, record.opCode);
257 conditionValue.Put(PrivacyFiledConst::FIELD_STATUS, record.status);
258 conditionValue.Put(PrivacyFiledConst::FIELD_TIMESTAMP, record.timestamp);
259 conditionValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, record.type);
260
261 {
262 Utils::UniqueWriteGuard<Utils::RWLock> lk(this->rwLock_);
263 return (PermissionUsedRecordDb::GetInstance().Update(PermissionUsedRecordDb::DataType::PERMISSION_RECORD,
264 modifyValue, conditionValue) == PermissionUsedRecordDb::ExecuteResult::SUCCESS);
265 }
266 }
267
AddRecord(const PermissionRecord & record)268 int32_t PermissionRecordManager::AddRecord(const PermissionRecord& record)
269 {
270 int32_t res = MergeOrInsertRecord(record);
271 if (res != Constant::SUCCESS) {
272 return res;
273 }
274
275 int64_t updateStamp = record.timestamp - ONE_MINUTE_MILLISECONDS; // timestamp less than 1 min from now
276 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
277 auto it = permUsedRecList_.begin();
278 while (it != permUsedRecList_.end()) {
279 if ((it->record.timestamp > updateStamp) || (it->record.opCode != record.opCode)) {
280 // record from cache less than updateStamp may merge, ignore them
281 ++it;
282 continue;
283 }
284
285 /*
286 needUpdateToDb:
287 - flase means record not merge, when the timestamp of those records less than 1 min from now
288 they can not merge any more, remove them from cache
289 - true means record has merged, need to update database before remove from cache
290 whether update database succeed or not, recod remove from cache
291 */
292 if ((it->needUpdateToDb) && (!UpdatePermissionUsedRecordToDb(it->record))) {
293 LOGE(PRI_DOMAIN, PRI_TAG, "Record with timestamp %{public}s update database failed!",
294 std::to_string(it->record.timestamp).c_str());
295 }
296
297 it = permUsedRecList_.erase(it);
298 }
299
300 return Constant::SUCCESS;
301 }
302
UpdatePermRecImmediately()303 void PermissionRecordManager::UpdatePermRecImmediately()
304 {
305 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
306 for (auto it = permUsedRecList_.begin(); it != permUsedRecList_.end(); ++it) {
307 if (it->needUpdateToDb) {
308 (void)UpdatePermissionUsedRecordToDb(it->record);
309 }
310 }
311 }
312
GetPermissionRecord(const AddPermParamInfo & info,PermissionRecord & record)313 int32_t PermissionRecordManager::GetPermissionRecord(const AddPermParamInfo& info, PermissionRecord& record)
314 {
315 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) {
316 LOGE(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", info.tokenId);
317 return PrivacyError::ERR_PARAM_INVALID;
318 }
319 int32_t opCode;
320 if (!Constant::TransferPermissionToOpcode(info.permissionName, opCode)) {
321 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid perm(%{public}s)", info.permissionName.c_str());
322 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
323 }
324 if (GetMuteStatus(info.permissionName, EDM)) {
325 record.status = PERM_INACTIVE;
326 } else {
327 record.status = GetAppStatus(info.tokenId);
328 }
329 record.lockScreenStatus = GetLockScreenStatus();
330 record.tokenId = info.tokenId;
331 record.accessCount = info.successCount;
332 record.rejectCount = info.failCount;
333 record.opCode = opCode;
334 record.timestamp = AccessToken::TimeUtil::GetCurrentTimestamp();
335 record.accessDuration = 0;
336 record.type = info.type;
337 LOGD(PRI_DOMAIN, PRI_TAG, "Record status: %{public}d", record.status);
338 return Constant::SUCCESS;
339 }
340
TransformEnumToBitValue(const PermissionUsedType type,uint32_t & value)341 void PermissionRecordManager::TransformEnumToBitValue(const PermissionUsedType type, uint32_t& value)
342 {
343 if (type == PermissionUsedType::NORMAL_TYPE) {
344 value = NORMAL_TYPE_ADD_VALUE;
345 } else if (type == PermissionUsedType::PICKER_TYPE) {
346 value = PICKER_TYPE_ADD_VALUE;
347 } else if (type == PermissionUsedType::SECURITY_COMPONENT_TYPE) {
348 value = SEC_COMPONENT_TYPE_ADD_VALUE;
349 }
350 }
351
AddOrUpdateUsedTypeIfNeeded(const AccessTokenID tokenId,const int32_t opCode,const PermissionUsedType type)352 bool PermissionRecordManager::AddOrUpdateUsedTypeIfNeeded(const AccessTokenID tokenId, const int32_t opCode,
353 const PermissionUsedType type)
354 {
355 uint32_t inputType = 0;
356 TransformEnumToBitValue(type, inputType);
357
358 GenericValues conditionValue;
359 conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
360 conditionValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode);
361
362 std::vector<GenericValues> results;
363 int32_t res = PermissionUsedRecordDb::GetInstance().Query(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
364 conditionValue, results);
365 if (res != PermissionUsedRecordDb::SUCCESS) {
366 return false;
367 }
368
369 if (results.empty()) {
370 // empty means there is no permission used type record, add it
371 LOGD(PRI_DOMAIN, PRI_TAG, "No exsit record, add it.");
372
373 GenericValues recordValue;
374 recordValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
375 recordValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode);
376 recordValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast<int32_t>(inputType));
377
378 std::vector<GenericValues> recordValues;
379 recordValues.emplace_back(recordValue);
380 res = PermissionUsedRecordDb::GetInstance().Add(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
381 recordValues);
382 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
383 return false;
384 }
385 } else {
386 // not empty means there is permission used type record exsit, update it if needed
387 uint32_t dbType = static_cast<uint32_t>(results[0].GetInt(PrivacyFiledConst::FIELD_USED_TYPE));
388 LOGD(PRI_DOMAIN, PRI_TAG, "Record exsit, type is %{public}u.", dbType);
389
390 if ((dbType & inputType) == inputType) {
391 // true means visitTypeEnum has exsits, no need to add
392 LOGD(PRI_DOMAIN, PRI_TAG, "Used type has add.");
393 return true;
394 } else {
395 results[0].Remove(PrivacyFiledConst::FIELD_USED_TYPE);
396 dbType |= inputType;
397
398 // false means visitTypeEnum not exsits, update record
399 LOGD(PRI_DOMAIN, PRI_TAG, "Used type not add, generate new %{public}u.", dbType);
400
401 GenericValues newValue;
402 newValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast<int32_t>(dbType));
403 return (PermissionUsedRecordDb::GetInstance().Update(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
404 newValue, results[0]) == PermissionUsedRecordDb::ExecuteResult::SUCCESS);
405 }
406 }
407
408 return true;
409 }
410
CheckPermissionUsedRecordToggleStatus(int32_t userID)411 bool PermissionRecordManager::CheckPermissionUsedRecordToggleStatus(int32_t userID)
412 {
413 auto it = permUsedRecToggleStatusMap_.find(userID);
414 if (it != permUsedRecToggleStatusMap_.end()) {
415 LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d.", it->first, it->second ? 1 : 0);
416 return it->second;
417 }
418 LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d not exist record, return true.", userID);
419 return true;
420 }
421
VerifyNativeRecordPermission(const std::string & permissionName,const AccessTokenID & tokenId)422 bool PermissionRecordManager::VerifyNativeRecordPermission(
423 const std::string& permissionName, const AccessTokenID& tokenId)
424 {
425 bool isGranted = false;
426 if (permissionName == CAMERA_PERMISSION_NAME) {
427 isGranted = (AccessTokenHelper::VerifyAccessToken(
428 tokenId, CAMERA_BACKGROUND_PERMISSION_NAME) == PERMISSION_GRANTED);
429 LOGI(PRI_DOMAIN, PRI_TAG, "Native tokenId %{public}d, isGranted %{public}d, permission %{public}s.",
430 tokenId, isGranted, permissionName.c_str());
431 return isGranted;
432 } else if (permissionName == MICROPHONE_PERMISSION_NAME) {
433 isGranted = (AccessTokenHelper::VerifyAccessToken(
434 tokenId, MICROPHONE_BACKGROUND_PERMISSION_NAME) == PERMISSION_GRANTED);
435 LOGI(PRI_DOMAIN, PRI_TAG, "Native tokenId %{public}d, isGranted %{public}d, permission %{public}s.",
436 tokenId, isGranted, permissionName.c_str());
437 return isGranted;
438 }
439 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission %{public}s.", permissionName.c_str());
440 return isGranted;
441 }
442
AddPermissionUsedRecord(const AddPermParamInfo & info)443 int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& info)
444 {
445 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) == TOKEN_NATIVE) {
446 return VerifyNativeRecordPermission(
447 info.permissionName, info.tokenId) ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID;
448 }
449 HapTokenInfo tokenInfo;
450 if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != Constant::SUCCESS) {
451 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", info.tokenId);
452 return PrivacyError::ERR_TOKENID_NOT_EXIST;
453 }
454
455 if (!CheckPermissionUsedRecordToggleStatus(tokenInfo.userID)) {
456 LOGI(PRI_DOMAIN, PRI_TAG, "The permission used record toggle status is false.");
457 return PrivacyError::PRIVACY_TOGGELE_RESTRICTED;
458 }
459
460 if ((info.successCount == 0) && (info.failCount == 0)) {
461 return PrivacyError::ERR_PARAM_INVALID;
462 }
463
464 PermissionRecord record;
465 int32_t result = GetPermissionRecord(info, record);
466 if ((result != Constant::SUCCESS) || (!GetGlobalSwitchStatus(info.permissionName))) {
467 return result;
468 }
469
470 result = AddRecord(record);
471 if (result != Constant::SUCCESS) {
472 return result;
473 }
474
475 return AddOrUpdateUsedTypeIfNeeded(
476 info.tokenId, record.opCode, info.type) ? Constant::SUCCESS : Constant::FAILURE;
477 }
478
SetPermissionUsedRecordToggleStatus(int32_t userID,bool status)479 int32_t PermissionRecordManager::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status)
480 {
481 if (userID == 0) {
482 userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE;
483 }
484
485 if (!PermissionRecordManager::IsUserIdValid(userID)) {
486 LOGE(PRI_DOMAIN, PRI_TAG, "UserID is invalid.");
487 return PrivacyError::ERR_PARAM_INVALID;
488 }
489
490 if (!status) {
491 std::unordered_set<AccessTokenID> tokenIDList;
492 int32_t ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIDList);
493 if (ret != RET_SUCCESS) {
494 return Constant::FAILURE;
495 }
496 if (!tokenIDList.empty()) {
497 RemoveHistoryPermissionUsedRecords(tokenIDList);
498 }
499 }
500
501 if (!UpdatePermUsedRecToggleStatusMap(userID, status)) {
502 LOGD(PRI_DOMAIN, PRI_TAG, "The status is the same as that set last time, not need to update database.");
503 return Constant::SUCCESS;
504 }
505
506 if (!AddOrUpdateUsedStatusIfNeeded(userID, status)) {
507 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to AddOrUpdateUsedStatusIfNeeded.");
508 return Constant::FAILURE;
509 }
510
511 return Constant::SUCCESS;
512 }
513
UpdatePermUsedRecToggleStatusMap(int32_t userID,bool status)514 bool PermissionRecordManager::UpdatePermUsedRecToggleStatusMap(int32_t userID, bool status)
515 {
516 std::lock_guard<std::mutex> lock(permUsedRecToggleStatusMutex_);
517 auto it = permUsedRecToggleStatusMap_.find(userID);
518 if (it == permUsedRecToggleStatusMap_.end()) {
519 permUsedRecToggleStatusMap_.insert(std::make_pair(userID, status));
520 return true;
521 } else {
522 if (it->second != status) {
523 it->second = status;
524 return true;
525 }
526 }
527
528 return false;
529 }
530
AddOrUpdateUsedStatusIfNeeded(int32_t userID,bool status)531 bool PermissionRecordManager::AddOrUpdateUsedStatusIfNeeded(int32_t userID, bool status)
532 {
533 GenericValues conditionValue;
534 conditionValue.Put(PrivacyFiledConst::FIELD_USER_ID, userID);
535
536 std::vector<GenericValues> results;
537 int32_t res = PermissionUsedRecordDb::GetInstance().Query(
538 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, conditionValue, results);
539 if (res != PermissionUsedRecordDb::SUCCESS) {
540 return false;
541 }
542
543 if (results.empty()) {
544 // empty means there is no user record, add it
545 LOGD(PRI_DOMAIN, PRI_TAG, "No exist record, add it.");
546
547 GenericValues recordValue;
548 recordValue.Put(PrivacyFiledConst::FIELD_USER_ID, userID);
549 recordValue.Put(PrivacyFiledConst::FIELD_STATUS, status);
550
551 std::vector<GenericValues> recordValues;
552 recordValues.emplace_back(recordValue);
553 int32_t res = PermissionUsedRecordDb::GetInstance().Add(
554 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, recordValues);
555 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
556 return false;
557 }
558 } else {
559 LOGD(PRI_DOMAIN, PRI_TAG, "Exsit record, update it.");
560 GenericValues newValue;
561 newValue.Put(PrivacyFiledConst::FIELD_STATUS, static_cast<int32_t>(status));
562 return (PermissionUsedRecordDb::GetInstance().Update(
563 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS,
564 newValue, conditionValue) == PermissionUsedRecordDb::ExecuteResult::SUCCESS);
565 }
566
567 return true;
568 }
569
GetPermissionUsedRecordToggleStatus(int32_t userID,bool & status)570 int32_t PermissionRecordManager::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status)
571 {
572 if (userID == 0) {
573 userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE;
574 }
575
576 if (!PermissionRecordManager::IsUserIdValid(userID)) {
577 LOGE(PRI_DOMAIN, PRI_TAG, "UserID is invalid.");
578 return PrivacyError::ERR_PARAM_INVALID;
579 }
580
581 auto it = permUsedRecToggleStatusMap_.find(userID);
582 if (it == permUsedRecToggleStatusMap_.end()) {
583 status = true;
584 } else {
585 status = it->second;
586 }
587
588 return Constant::SUCCESS;
589 }
590
UpdatePermUsedRecToggleStatusMapFromDb()591 void PermissionRecordManager::UpdatePermUsedRecToggleStatusMapFromDb()
592 {
593 std::vector<GenericValues> permUsedRecordToggleStatusRes;
594 GenericValues conditionValue;
595
596 int32_t res = PermissionUsedRecordDb::GetInstance().Query(
597 PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS,
598 conditionValue, permUsedRecordToggleStatusRes);
599 if (res != PermissionUsedRecordDb::SUCCESS || permUsedRecordToggleStatusRes.empty()) {
600 LOGE(PRI_DOMAIN, PRI_TAG, "Not exsit record, res:%{public}d.", res);
601 return;
602 }
603
604 int32_t userID = 0;
605 bool status = true;
606 auto it = permUsedRecordToggleStatusRes.begin();
607 while (it != permUsedRecordToggleStatusRes.end()) {
608 userID = it->GetInt(PrivacyFiledConst::FIELD_USER_ID);
609 status = static_cast<bool>(it->GetInt(PrivacyFiledConst::FIELD_STATUS));
610 (void)UpdatePermUsedRecToggleStatusMap(userID, status);
611 ++it;
612 }
613
614 return;
615 }
616
RemoveHistoryPermissionUsedRecords(std::unordered_set<AccessTokenID> tokenIDList)617 void PermissionRecordManager::RemoveHistoryPermissionUsedRecords(std::unordered_set<AccessTokenID> tokenIDList)
618 {
619 // remove from database
620 std::vector<PermissionUsedRecordDb::DataType> dataTypes;
621 dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_RECORD);
622 dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE);
623 (void)PermissionUsedRecordDb::GetInstance().DeleteHistoryRecordsInTables(dataTypes, tokenIDList);
624
625 {
626 // remove from record cache
627 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
628 permUsedRecList_.erase(std::remove_if(permUsedRecList_.begin(), permUsedRecList_.end(),
629 [&tokenIDList](const PermissionRecordCache& recordCache) {
630 return tokenIDList.find(recordCache.record.tokenId) != tokenIDList.end();
631 }), permUsedRecList_.end());
632 }
633 }
634
RemovePermissionUsedRecords(AccessTokenID tokenId)635 void PermissionRecordManager::RemovePermissionUsedRecords(AccessTokenID tokenId)
636 {
637 {
638 // remove from record cache
639 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
640 permUsedRecList_.erase(std::remove_if(permUsedRecList_.begin(), permUsedRecList_.end(),
641 [tokenId](const PermissionRecordCache& recordCache) {
642 return recordCache.record.tokenId == tokenId;
643 }), permUsedRecList_.end());
644 }
645
646 GenericValues conditions;
647 conditions.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
648 {
649 // remove from database
650 Utils::UniqueWriteGuard<Utils::RWLock> lk(this->rwLock_);
651 PermissionUsedRecordDb::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, conditions);
652 PermissionUsedRecordDb::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
653 conditions);
654 }
655
656 // remove from start list
657 RemoveRecordFromStartListByToken(tokenId);
658 }
659
GetPermissionUsedRecords(const PermissionUsedRequest & request,PermissionUsedResult & result)660 int32_t PermissionRecordManager::GetPermissionUsedRecords(
661 const PermissionUsedRequest& request, PermissionUsedResult& result)
662 {
663 if (!request.isRemote && !GetRecordsFromLocalDB(request, result)) {
664 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to GetRecordsFromLocalDB");
665 return PrivacyError::ERR_PARAM_INVALID;
666 }
667 return Constant::SUCCESS;
668 }
669
GetPermissionUsedRecordsAsync(const PermissionUsedRequest & request,const sptr<OnPermissionUsedRecordCallback> & callback)670 int32_t PermissionRecordManager::GetPermissionUsedRecordsAsync(
671 const PermissionUsedRequest& request, const sptr<OnPermissionUsedRecordCallback>& callback)
672 {
673 if (callback == nullptr) {
674 return PrivacyError::ERR_PARAM_INVALID;
675 }
676 auto task = [request, callback]() {
677 LOGI(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordsAsync task called");
678 PermissionUsedResult result;
679 int32_t retCode = PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request, result);
680 callback->OnQueried(retCode, result);
681 };
682 std::thread recordThread(task);
683 recordThread.detach();
684 return Constant::SUCCESS;
685 }
686
TransferToOpcode(const std::vector<std::string> & permissionList,std::set<int32_t> & opCodeList)687 static void TransferToOpcode(const std::vector<std::string>& permissionList, std::set<int32_t>& opCodeList)
688 {
689 for (const auto& permission : permissionList) {
690 int32_t opCode = Constant::OP_INVALID;
691 (void)Constant::TransferPermissionToOpcode(permission, opCode);
692 opCodeList.insert(opCode);
693 }
694 }
695
GetMergedRecordsFromCache(std::vector<PermissionRecord> & mergedRecords)696 void PermissionRecordManager::GetMergedRecordsFromCache(std::vector<PermissionRecord>& mergedRecords)
697 {
698 std::lock_guard<std::mutex> lock(permUsedRecMutex_);
699 for (const auto& cache : permUsedRecList_) {
700 if (cache.needUpdateToDb) {
701 mergedRecords.emplace_back(cache.record);
702 }
703 }
704 }
705
InsteadMergedRecIfNecessary(GenericValues & queryValue,std::vector<PermissionRecord> & mergedRecords)706 void PermissionRecordManager::InsteadMergedRecIfNecessary(GenericValues& queryValue,
707 std::vector<PermissionRecord>& mergedRecords)
708 {
709 uint32_t tokenId = static_cast<uint32_t>(queryValue.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID));
710 int32_t opCode = queryValue.GetInt(PrivacyFiledConst::FIELD_OP_CODE);
711 int32_t status = queryValue.GetInt(PrivacyFiledConst::FIELD_STATUS);
712 int64_t timestamp = queryValue.GetInt64(PrivacyFiledConst::FIELD_TIMESTAMP);
713 PermissionUsedType type = static_cast<PermissionUsedType>(queryValue.GetInt(PrivacyFiledConst::FIELD_USED_TYPE));
714
715 for (const auto& record : mergedRecords) {
716 if ((tokenId == record.tokenId) &&
717 (opCode == record.opCode) &&
718 (status == record.status) &&
719 (timestamp == record.timestamp) &&
720 (type == record.type)) {
721 // find merged record, instead accessCount and rejectCount
722 queryValue.Remove(PrivacyFiledConst::FIELD_ACCESS_COUNT);
723 queryValue.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, record.accessCount);
724 queryValue.Remove(PrivacyFiledConst::FIELD_REJECT_COUNT);
725 queryValue.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, record.rejectCount);
726 return;
727 }
728 }
729 }
730
MergeSamePermission(const PermissionUsageFlag & flag,const PermissionUsedRecord & inRecord,PermissionUsedRecord & outRecord)731 void PermissionRecordManager::MergeSamePermission(const PermissionUsageFlag& flag, const PermissionUsedRecord& inRecord,
732 PermissionUsedRecord& outRecord)
733 {
734 outRecord.accessCount += inRecord.accessCount;
735 outRecord.secAccessCount += inRecord.secAccessCount;
736 outRecord.rejectCount += inRecord.rejectCount;
737
738 // update lastAccessTime、lastRejectTime and lastAccessDuration to the nearer one
739 outRecord.lastAccessTime = (inRecord.lastAccessTime > outRecord.lastAccessTime) ?
740 inRecord.lastAccessTime : outRecord.lastAccessTime;
741 outRecord.lastAccessDuration = (inRecord.lastAccessTime > outRecord.lastAccessTime) ?
742 inRecord.lastAccessDuration : outRecord.lastAccessDuration;
743 outRecord.lastRejectTime = (inRecord.lastRejectTime > outRecord.lastRejectTime) ?
744 inRecord.lastRejectTime : outRecord.lastRejectTime;
745
746 // summary do not handle detail
747 if (flag == FLAG_PERMISSION_USAGE_SUMMARY) {
748 return;
749 }
750
751 if (inRecord.lastAccessTime > 0) {
752 outRecord.accessRecords.emplace_back(inRecord.accessRecords[0]);
753 }
754 if (inRecord.lastRejectTime > 0) {
755 outRecord.rejectRecords.emplace_back(inRecord.rejectRecords[0]);
756 }
757 }
758
FillPermissionUsedRecords(const PermissionUsedRecord & record,const PermissionUsageFlag & flag,std::vector<PermissionUsedRecord> & permissionRecords)759 void PermissionRecordManager::FillPermissionUsedRecords(const PermissionUsedRecord& record,
760 const PermissionUsageFlag& flag, std::vector<PermissionUsedRecord>& permissionRecords)
761 {
762 // check whether the permission has exsit
763 auto iter = std::find_if(permissionRecords.begin(), permissionRecords.end(),
764 [record](const PermissionUsedRecord& rec) {
765 return record.permissionName == rec.permissionName;
766 });
767 if (iter != permissionRecords.end()) {
768 // permission exsit, merge it
769 MergeSamePermission(flag, record, *iter);
770 } else {
771 // permission not exsit, add it
772 permissionRecords.emplace_back(record);
773 }
774 }
775
FillBundleUsedRecord(const GenericValues & value,const PermissionUsageFlag & flag,std::map<int32_t,BundleUsedRecord> & tokenIdToBundleMap,std::map<int32_t,int32_t> & tokenIdToCountMap,PermissionUsedResult & result)776 bool PermissionRecordManager::FillBundleUsedRecord(const GenericValues& value, const PermissionUsageFlag& flag,
777 std::map<int32_t, BundleUsedRecord>& tokenIdToBundleMap, std::map<int32_t, int32_t>& tokenIdToCountMap,
778 PermissionUsedResult& result)
779 {
780 // translate database value into PermissionUsedRecord value
781 PermissionUsedRecord record;
782 if (DataTranslator::TranslationGenericValuesIntoPermissionUsedRecord(flag, value, record) != Constant::SUCCESS) {
783 LOGE(PRI_DOMAIN, PRI_TAG, "Failed to transform op(%{public}d)",
784 value.GetInt(PrivacyFiledConst::FIELD_OP_CODE));
785 return false;
786 }
787
788 // update beginTimeMillis and endTimeMillis if necessary
789 int64_t timestamp = value.GetInt64(PrivacyFiledConst::FIELD_TIMESTAMP);
790 result.beginTimeMillis = ((result.beginTimeMillis == 0) || (timestamp < result.beginTimeMillis)) ?
791 timestamp : result.beginTimeMillis;
792 result.endTimeMillis = (timestamp > result.endTimeMillis) ? timestamp : result.endTimeMillis;
793
794 int32_t tokenId = value.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID);
795 FillPermissionUsedRecords(record, flag, tokenIdToBundleMap[tokenId].permissionRecords);
796 tokenIdToCountMap[tokenId] += 1;
797
798 return true;
799 }
800
AddDebugLog(const AccessTokenID tokenId,const BundleUsedRecord & bundleRecord,const int32_t queryCount,int32_t & totalSuccCount,int32_t & totalFailCount)801 static void AddDebugLog(const AccessTokenID tokenId, const BundleUsedRecord& bundleRecord, const int32_t queryCount,
802 int32_t& totalSuccCount, int32_t& totalFailCount)
803 {
804 int32_t tokenTotalSuccCount = 0;
805 int32_t tokenTotalFailCount = 0;
806 for (const auto& permissionRecord : bundleRecord.permissionRecords) {
807 tokenTotalSuccCount += permissionRecord.accessCount;
808 tokenTotalFailCount += permissionRecord.rejectCount;
809 }
810 LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}d[%{public}s] get %{public}d records, success %{public}d,"
811 " failure %{public}d", tokenId, bundleRecord.bundleName.c_str(), queryCount, tokenTotalSuccCount,
812 tokenTotalFailCount);
813 totalSuccCount += tokenTotalSuccCount;
814 totalFailCount += tokenTotalFailCount;
815 }
816
GetRecordsFromLocalDB(const PermissionUsedRequest & request,PermissionUsedResult & result)817 bool PermissionRecordManager::GetRecordsFromLocalDB(const PermissionUsedRequest& request, PermissionUsedResult& result)
818 {
819 GenericValues andConditionValues;
820 if (DataTranslator::TranslationIntoGenericValues(request, andConditionValues) != Constant::SUCCESS) {
821 LOGE(PRI_DOMAIN, PRI_TAG, "Query time or flag is invalid");
822 return false;
823 }
824
825 int32_t dataLimitNum = request.flag == FLAG_PERMISSION_USAGE_DETAIL ? MAX_ACCESS_RECORD_SIZE : recordSizeMaximum_;
826 int32_t totalSuccCount = 0;
827 int32_t totalFailCount = 0;
828 std::vector<GenericValues> findRecordsValues; // summary don't limit querry data num, detail do
829
830 std::set<int32_t> opCodeList;
831 TransferToOpcode(request.permissionList, opCodeList);
832 PermissionUsedRecordDb::GetInstance().FindByConditions(PermissionUsedRecordDb::DataType::PERMISSION_RECORD,
833 opCodeList, andConditionValues, findRecordsValues, dataLimitNum);
834
835 uint32_t currentCount = findRecordsValues.size(); // handle query result
836 if (currentCount == 0) {
837 LOGI(PRI_DOMAIN, PRI_TAG, "No record match the condition.");
838 return true;
839 }
840
841 std::vector<PermissionRecord> mergedRecords;
842 GetMergedRecordsFromCache(mergedRecords);
843
844 std::set<int32_t> tokenIdList;
845 std::map<int32_t, BundleUsedRecord> tokenIdToBundleMap;
846 std::map<int32_t, int32_t> tokenIdToCountMap;
847
848 for (auto& recordValue : findRecordsValues) {
849 InsteadMergedRecIfNecessary(recordValue, mergedRecords);
850
851 int32_t tokenId = recordValue.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID);
852 if (tokenIdList.count(tokenId) == 0) {
853 tokenIdList.insert(tokenId); // new tokenId, inset into set
854
855 BundleUsedRecord bundleRecord; // get bundle info
856 if (!CreateBundleUsedRecord(tokenId, bundleRecord)) {
857 continue;
858 }
859
860 tokenIdToBundleMap[tokenId] = bundleRecord; // add into map
861 tokenIdToCountMap[tokenId] = 0;
862 }
863
864 if (!FillBundleUsedRecord(recordValue, request.flag, tokenIdToBundleMap, tokenIdToCountMap, result)) {
865 continue;
866 }
867 }
868
869 for (auto iter = tokenIdToBundleMap.begin(); iter != tokenIdToBundleMap.end(); ++iter) {
870 result.bundleRecords.emplace_back(iter->second);
871
872 AddDebugLog(iter->first, iter->second, tokenIdToCountMap[iter->first], totalSuccCount, totalFailCount);
873 }
874
875 if (request.flag == FLAG_PERMISSION_USAGE_SUMMARY) {
876 LOGI(PRI_DOMAIN, PRI_TAG, "Total success count is %{public}d, total failure count is %{public}d",
877 totalSuccCount, totalFailCount);
878 }
879
880 return true;
881 }
882
CreateBundleUsedRecord(const AccessTokenID tokenId,BundleUsedRecord & bundleRecord)883 bool PermissionRecordManager::CreateBundleUsedRecord(const AccessTokenID tokenId, BundleUsedRecord& bundleRecord)
884 {
885 HapTokenInfo tokenInfo;
886 if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) {
887 LOGE(PRI_DOMAIN, PRI_TAG, "GetHapTokenInfo failed, tokenId is %{public}u.", tokenId);
888 return false;
889 }
890 bundleRecord.tokenId = tokenId;
891 bundleRecord.isRemote = false;
892 bundleRecord.deviceId = "";
893 bundleRecord.bundleName = tokenInfo.bundleName;
894 return true;
895 }
896
897 // call this when receive screen off common event
ExecuteDeletePermissionRecordTask()898 void PermissionRecordManager::ExecuteDeletePermissionRecordTask()
899 {
900 if (GetCurDeleteTaskNum() > 1) {
901 LOGI(PRI_DOMAIN, PRI_TAG, "Has delete task!");
902 return;
903 }
904 AddDeleteTaskNum();
905
906 std::function<void()> delayed = ([this]() {
907 (void)DeletePermissionRecord(recordAgingTime_);
908 LOGI(PRI_DOMAIN, PRI_TAG, "Delete record end.");
909 // Sleep for one minute to avoid frequent refresh of the file.
910 std::this_thread::sleep_for(std::chrono::minutes(1));
911 ReduceDeleteTaskNum();
912 });
913
914 std::thread deleteThread(delayed);
915 deleteThread.detach();
916 }
917
GetCurDeleteTaskNum()918 int32_t PermissionRecordManager::GetCurDeleteTaskNum()
919 {
920 return deleteTaskNum_.load();
921 }
922
AddDeleteTaskNum()923 void PermissionRecordManager::AddDeleteTaskNum()
924 {
925 deleteTaskNum_++;
926 }
927
ReduceDeleteTaskNum()928 void PermissionRecordManager::ReduceDeleteTaskNum()
929 {
930 deleteTaskNum_--;
931 }
932
DeletePermissionRecord(int32_t days)933 int32_t PermissionRecordManager::DeletePermissionRecord(int32_t days)
934 {
935 int64_t interval = days * Constant::ONE_DAY_MILLISECONDS;
936 int32_t total = PermissionUsedRecordDb::GetInstance().Count(PermissionUsedRecordDb::DataType::PERMISSION_RECORD);
937 if (total > recordSizeMaximum_) {
938 LOGI(PRI_DOMAIN, PRI_TAG, "The count of record is %{public}d, begin to delete aging data.", total);
939 uint32_t excessiveSize = static_cast<uint32_t>(total) - static_cast<uint32_t>(recordSizeMaximum_);
940 int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExcessiveRecords(
941 PermissionUsedRecordDb::DataType::PERMISSION_RECORD, excessiveSize);
942 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
943 LOGE(PRI_DOMAIN, PRI_TAG, "Delete excessive records failed, res %{public}d.", res);
944 return Constant::FAILURE;
945 }
946 }
947 GenericValues andConditionValues;
948 int64_t deleteTimestamp = AccessToken::TimeUtil::GetCurrentTimestamp() - interval;
949 andConditionValues.Put(PrivacyFiledConst::FIELD_TIMESTAMP_END, deleteTimestamp);
950 int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExpireRecords(
951 PermissionUsedRecordDb::DataType::PERMISSION_RECORD, andConditionValues);
952 if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
953 LOGE(PRI_DOMAIN, PRI_TAG, "Delete expire records failed, res %{public}d.", res);
954 return Constant::FAILURE;
955 }
956 return Constant::SUCCESS;
957 }
958
AddRecordToStartList(const PermissionUsedTypeInfo & info,int32_t status,int32_t callerPid,bool isCamera)959 int32_t PermissionRecordManager::AddRecordToStartList(
960 const PermissionUsedTypeInfo &info, int32_t status, int32_t callerPid, bool isCamera)
961 {
962 int32_t opCode;
963 int ret = Constant::SUCCESS;
964 const std::string& permissionName = info.permissionName;
965 if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) {
966 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid perm(%{public}s)", permissionName.c_str());
967 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
968 }
969
970 ContinusPermissionRecord newRecord = {
971 .tokenId = info.tokenId,
972 .opCode = opCode,
973 .status = status,
974 .pid = (isCamera ? -1 : info.pid),
975 .callerPid = callerPid,
976 };
977
978 std::lock_guard<std::mutex> lock(startRecordListMutex_);
979 for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) {
980 if (it->IsEqualRecord(newRecord)) {
981 ret = PrivacyError::ERR_PERMISSION_ALREADY_START_USING;
982 break;
983 }
984 }
985 if (ret != PrivacyError::ERR_PERMISSION_ALREADY_START_USING) {
986 startRecordList_.emplace(newRecord);
987 newRecord.pid = info.pid;
988 CallbackExecute(newRecord, permissionName, info.type);
989 }
990
991 return ret;
992 }
993
ExecuteAndUpdateRecord(uint32_t tokenId,int32_t pid,ActiveChangeType status)994 void PermissionRecordManager::ExecuteAndUpdateRecord(uint32_t tokenId, int32_t pid, ActiveChangeType status)
995 {
996 std::vector<std::string> camPermList;
997 std::lock_guard<std::mutex> lock(startRecordListMutex_);
998 std::set<ContinusPermissionRecord> updateList;
999 for (auto it = startRecordList_.begin(); it != startRecordList_.end();) {
1000 if ((it->tokenId == tokenId) && // tokenId
1001 ((it->pid == -1) || (it->pid == pid)) && // pid
1002 ((it->status != PERM_INACTIVE) && (it->status != status))) { // status
1003 std::string perm;
1004 Constant::TransferOpcodeToPermission(it->opCode, perm);
1005 if ((GetMuteStatus(perm, EDM)) || (!GetGlobalSwitchStatus(perm))) {
1006 ++it;
1007 continue;
1008 }
1009
1010 #ifdef CAMERA_FLOAT_WINDOW_ENABLE
1011 if ((perm == CAMERA_PERMISSION_NAME) && (status == PERM_ACTIVE_IN_BACKGROUND)) {
1012 LOGI(PRI_DOMAIN, PRI_TAG, "Camera float window is close!");
1013 camPermList.emplace_back(perm);
1014 ++it;
1015 continue;
1016 }
1017 #endif
1018
1019 // update status to input and timestamp to now in cache
1020 auto record = *it;
1021 record.status = status;
1022 updateList.emplace(record);
1023 it = startRecordList_.erase(it);
1024 LOGD(PRI_DOMAIN, PRI_TAG, "TokenId %{public}d pid %{public}d get permission %{public}s.", tokenId, pid,
1025 perm.c_str());
1026 continue;
1027 }
1028 ++it;
1029 }
1030
1031 startRecordList_.insert(updateList.begin(), updateList.end());
1032
1033 if (!camPermList.empty()) {
1034 ExecuteCameraCallbackAsync(tokenId, pid);
1035 }
1036 }
1037
1038 /*
1039 * when foreground change background or background change foreground,change accessDuration and store in database,
1040 * change status and accessDuration and timestamp in cache
1041 */
NotifyAppStateChange(AccessTokenID tokenId,int32_t pid,ActiveChangeType status)1042 void PermissionRecordManager::NotifyAppStateChange(AccessTokenID tokenId, int32_t pid, ActiveChangeType status)
1043 {
1044 LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}u, pid %{public}d, status %{public}d", tokenId, pid, status);
1045
1046 // only handle camera turn background now, send callback only when app without process foreground
1047 if (GetAppStatus(tokenId) == PERM_ACTIVE_IN_FOREGROUND) {
1048 return;
1049 }
1050
1051 ExecuteAndUpdateRecord(tokenId, pid, status);
1052 }
1053
SetLockScreenStatus(int32_t lockScreenStatus)1054 void PermissionRecordManager::SetLockScreenStatus(int32_t lockScreenStatus)
1055 {
1056 LOGI(PRI_DOMAIN, PRI_TAG, "LockScreenStatus %{public}d", lockScreenStatus);
1057 std::lock_guard<std::mutex> lock(lockScreenStateMutex_);
1058 lockScreenStatus_ = lockScreenStatus;
1059 }
1060
GetLockScreenStatus(bool isIpc)1061 int32_t PermissionRecordManager::GetLockScreenStatus(bool isIpc)
1062 {
1063 int32_t lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED;
1064
1065 if (isIpc) {
1066 LibraryLoader loader(SCREENLOCK_MANAGER_LIBPATH);
1067 ScreenLockManagerAccessLoaderInterface* screenlockManagerLoader =
1068 loader.GetObject<ScreenLockManagerAccessLoaderInterface>();
1069 if (screenlockManagerLoader != nullptr) {
1070 if (screenlockManagerLoader->IsScreenLocked()) {
1071 lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED;
1072 }
1073 }
1074 } else {
1075 std::lock_guard<std::mutex> lock(lockScreenStateMutex_);
1076 lockScreenStatus = lockScreenStatus_;
1077 }
1078
1079 return lockScreenStatus;
1080 }
1081
RemoveRecordFromStartList(AccessTokenID tokenId,int32_t pid,const std::string & permissionName,int32_t callerPid)1082 int32_t PermissionRecordManager::RemoveRecordFromStartList(
1083 AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid)
1084 {
1085 int32_t opCode;
1086 if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) {
1087 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission(%{public}s)", permissionName.c_str());
1088 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
1089 }
1090
1091 LOGD(PRI_DOMAIN, PRI_TAG, "Id %{public}u, pid %{public}d, perm %{public}s, callerPid %{public}d",
1092 tokenId, pid, permissionName.c_str(), callerPid);
1093 ContinusPermissionRecord record = {
1094 .tokenId = tokenId,
1095 .opCode = opCode,
1096 .pid = pid,
1097 .callerPid = callerPid,
1098 };
1099 if (!ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualRecord, true)) {
1100 LOGE(PRI_DOMAIN, PRI_TAG, "No records started, tokenId=%{public}u, pid=%{public}d, " \
1101 "opCode=%{public}d, callerPid=%{public}d", tokenId, pid, opCode, callerPid);
1102 return PrivacyError::ERR_PERMISSION_NOT_START_USING;
1103 }
1104 return Constant::SUCCESS;
1105 }
1106
1107 /*
1108 * remove all record of pid,
1109 * when pidList is empty, execute active callback
1110 */
RemoveRecordFromStartListByPid(const AccessTokenID tokenId,int32_t pid)1111 void PermissionRecordManager::RemoveRecordFromStartListByPid(const AccessTokenID tokenId, int32_t pid)
1112 {
1113 LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u, pid %{public}d", tokenId, pid);
1114 ContinusPermissionRecord record = {0};
1115 record.tokenId = tokenId;
1116 record.pid = pid;
1117 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualPid);
1118 }
1119
1120 /*
1121 * remove all record of token, and execute active callback
1122 */
RemoveRecordFromStartListByToken(const AccessTokenID tokenId)1123 void PermissionRecordManager::RemoveRecordFromStartListByToken(const AccessTokenID tokenId)
1124 {
1125 LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u", tokenId);
1126 ContinusPermissionRecord record = {0};
1127 record.tokenId = tokenId;
1128 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualTokenId);
1129 }
1130
RemoveRecordFromStartListByOp(int32_t opCode)1131 void PermissionRecordManager::RemoveRecordFromStartListByOp(int32_t opCode)
1132 {
1133 LOGI(PRI_DOMAIN, PRI_TAG, "OpCode %{public}d", opCode);
1134 ContinusPermissionRecord record = {0};
1135 record.opCode = opCode;
1136 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualPermCode);
1137 }
1138
RemoveRecordFromStartListByCallerPid(int32_t callerPid)1139 void PermissionRecordManager::RemoveRecordFromStartListByCallerPid(int32_t callerPid)
1140 {
1141 LOGI(PRI_DOMAIN, PRI_TAG, "CallerPid %{public}d", callerPid);
1142 ContinusPermissionRecord record = {0};
1143 record.callerPid = callerPid;
1144 (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualCallerPid);
1145 }
1146
ToRemoveRecord(const ContinusPermissionRecord & targetRecord,const IsEqualFunc & isEqualFunc,bool needClearCamera)1147 bool PermissionRecordManager::ToRemoveRecord(const ContinusPermissionRecord& targetRecord,
1148 const IsEqualFunc& isEqualFunc, bool needClearCamera)
1149 {
1150 std::vector<ContinusPermissionRecord> unusedCameraRecord;
1151 {
1152 std::string perm;
1153 std::vector<ContinusPermissionRecord> removeList, inactiveList;
1154 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1155 PermissionRecordSet::RemoveByKey(startRecordList_, targetRecord, isEqualFunc, removeList);
1156 if (removeList.empty()) {
1157 return false;
1158 }
1159 PermissionRecordSet::GetInActiveUniqueRecord(startRecordList_, removeList, inactiveList);
1160 for (const auto& record: inactiveList) {
1161 Constant::TransferOpcodeToPermission(record.opCode, perm);
1162 ContinusPermissionRecord newRecord;
1163 newRecord.tokenId = record.tokenId;
1164 newRecord.status = PERM_INACTIVE;
1165 newRecord.pid = record.pid;
1166 newRecord.callerPid = record.callerPid;
1167 CallbackExecute(newRecord, perm);
1168 }
1169 if (!needClearCamera) {
1170 return true;
1171 }
1172 PermissionRecordSet::GetUnusedCameraRecords(startRecordList_, removeList, unusedCameraRecord);
1173 }
1174
1175 for (const auto& record: unusedCameraRecord) {
1176 cameraCallbackMap_.Erase(GetUniqueId(record.tokenId, record.pid));
1177 }
1178 LOGI(PRI_DOMAIN, PRI_TAG, "cameraCallbackMap size = %{public}d after clearing",
1179 cameraCallbackMap_.Size());
1180 return true;
1181 }
1182
CallbackExecute(const ContinusPermissionRecord & record,const std::string & permissionName,PermissionUsedType type)1183 void PermissionRecordManager::CallbackExecute(const ContinusPermissionRecord& record, const std::string& permissionName,
1184 PermissionUsedType type)
1185 {
1186 LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteCallbackAsync, tokenId %{public}d using permission %{public}s, "
1187 "status %{public}d, type %{public}d, pid %{public}d, callerPid %{public}d.", record.tokenId,
1188 permissionName.c_str(), record.status, type, record.pid, record.callerPid);
1189
1190 ActiveChangeResponse info;
1191 info.callingTokenID = IPCSkeleton::GetCallingTokenID();
1192 info.tokenID = record.tokenId;
1193 info.permissionName = permissionName;
1194 info.deviceId = "";
1195 info.type = static_cast<ActiveChangeType>(record.status);
1196 info.usedType = type;
1197 info.pid = record.pid;
1198
1199 ActiveStatusCallbackManager::GetInstance().ExecuteCallbackAsync(info);
1200 }
1201
GetGlobalSwitchStatus(const std::string & permissionName)1202 bool PermissionRecordManager::GetGlobalSwitchStatus(const std::string& permissionName)
1203 {
1204 bool isOpen = true;
1205 // only manage camera and microphone global switch now, other default true
1206 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1207 isOpen = !isMicMixMute_;
1208 LOGI(PRI_DOMAIN, PRI_TAG, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen);
1209 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1210 isOpen = !isCamMixMute_;
1211 LOGI(PRI_DOMAIN, PRI_TAG, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen);
1212 }
1213 return isOpen;
1214 }
1215 #ifndef APP_SECURITY_PRIVACY_SERVICE
1216 /*
1217 * StartUsing when close and choose open, update status to foreground or background from inactive
1218 * StartUsing when open and choose close, update status to inactive and store in database
1219 */
ExecuteAndUpdateRecordByPerm(const std::string & permissionName,bool switchStatus)1220 void PermissionRecordManager::ExecuteAndUpdateRecordByPerm(const std::string& permissionName, bool switchStatus)
1221 {
1222 int32_t opCode;
1223 Constant::TransferPermissionToOpcode(permissionName, opCode);
1224 std::set<ContinusPermissionRecord> updatedRecordList;
1225 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1226 for (auto it = startRecordList_.begin(); it != startRecordList_.end();) {
1227 ContinusPermissionRecord record = *it;
1228 if ((record.opCode) != static_cast<int32_t>(opCode)) {
1229 ++it;
1230 continue;
1231 }
1232 if (switchStatus) {
1233 LOGI(PRI_DOMAIN, PRI_TAG, "Global switch is open, update record from inactive");
1234 // no need to store in database when status from inactive to foreground or background
1235 record.status = GetAppStatus(record.tokenId);
1236 } else {
1237 LOGI(PRI_DOMAIN, PRI_TAG, "Global switch is close, update record to inactive");
1238 record.status = PERM_INACTIVE;
1239 }
1240 updatedRecordList.emplace(record);
1241 it = startRecordList_.erase(it);
1242 }
1243 startRecordList_.insert(updatedRecordList.begin(), updatedRecordList.end());
1244 // each permission sends a status change notice
1245 for (const auto& record : updatedRecordList) {
1246 CallbackExecute(record, permissionName);
1247 }
1248 }
1249
ShowGlobalDialog(const std::string & permissionName)1250 bool PermissionRecordManager::ShowGlobalDialog(const std::string& permissionName)
1251 {
1252 std::string resource;
1253 if (permissionName == CAMERA_PERMISSION_NAME) {
1254 resource = "camera";
1255 } else if (permissionName == MICROPHONE_PERMISSION_NAME) {
1256 resource = "microphone";
1257 } else {
1258 LOGI(PRI_DOMAIN, PRI_TAG, "Invalid permissionName(%{public}s).", permissionName.c_str());
1259 return true;
1260 }
1261
1262 InnerWant innerWant = {
1263 .bundleName = globalDialogBundleName_,
1264 .abilityName = globalDialogAbilityName_,
1265 .resource = resource
1266 };
1267
1268 std::lock_guard<std::mutex> lock(abilityManagerMutex_);
1269 if (abilityManagerLoader_ == nullptr) {
1270 abilityManagerLoader_ = std::make_shared<LibraryLoader>(ABILITY_MANAGER_LIBPATH);
1271 }
1272
1273 AbilityManagerAccessLoaderInterface* abilityManager =
1274 abilityManagerLoader_->GetObject<AbilityManagerAccessLoaderInterface>();
1275 if (abilityManager == nullptr) {
1276 LOGE(PRI_DOMAIN, PRI_TAG, "AbilityManager is nullptr!");
1277 return false;
1278 }
1279 ErrCode err = abilityManager->StartAbility(innerWant, nullptr);
1280 if (err != ERR_OK) {
1281 LOGE(PRI_DOMAIN, PRI_TAG, "Fail to StartAbility, err:%{public}d", err);
1282 return false;
1283 }
1284 return true;
1285 }
1286 #endif
1287
ExecuteAllCameraExecuteCallback()1288 void PermissionRecordManager::ExecuteAllCameraExecuteCallback()
1289 {
1290 LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteAllCameraExecuteCallback called");
1291 auto it = [&](uint64_t id, sptr<IRemoteObject> cameraCallback) {
1292 auto callback = iface_cast<IStateChangeCallback>(cameraCallback);
1293 AccessTokenID tokenId = static_cast<AccessTokenID>(id);
1294 if (callback != nullptr) {
1295 LOGI(PRI_DOMAIN, PRI_TAG,
1296 "CameraCallback tokenId %{public}d changeType %{public}d.", tokenId, PERM_INACTIVE);
1297 callback->StateChangeNotify(tokenId, false);
1298 }
1299 };
1300 this->cameraCallbackMap_.Iterate(it);
1301 }
1302
ExecuteCameraCallbackAsync(AccessTokenID tokenId,int32_t callbackPid)1303 void PermissionRecordManager::ExecuteCameraCallbackAsync(AccessTokenID tokenId, int32_t callbackPid)
1304 {
1305 LOGD(PRI_DOMAIN, PRI_TAG, "Entry.");
1306 auto task = [tokenId, callbackPid, this]() {
1307 uint64_t uniqueId = GetUniqueId(tokenId, callbackPid);
1308 LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteCameraCallbackAsync task called.");
1309 auto it = [&](uint64_t id, sptr<IRemoteObject> cameraCallback) {
1310 auto callback = iface_cast<IStateChangeCallback>(cameraCallback);
1311 int32_t pid = static_cast<int32_t>(id >> 32);
1312 if (((pid == 0) || (uniqueId == id)) && (callback != nullptr)) {
1313 LOGI(PRI_DOMAIN, PRI_TAG, "CameraCallback tokenId(%{public}u) pid( %{public}d) changeType %{public}d",
1314 tokenId, pid, PERM_INACTIVE);
1315 callback->StateChangeNotify(tokenId, false);
1316 }
1317 };
1318 this->cameraCallbackMap_.Iterate(it);
1319 };
1320 std::thread executeThread(task);
1321 executeThread.detach();
1322 LOGD(PRI_DOMAIN, PRI_TAG, "The cameraCallback execution is complete.");
1323 }
1324
StartUsingPermission(const PermissionUsedTypeInfo & info,int32_t callerPid)1325 int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeInfo &info, int32_t callerPid)
1326 {
1327 AccessTokenID tokenId = info.tokenId;
1328 const std::string &permissionName = info.permissionName;
1329 LOGI(PRI_DOMAIN, PRI_TAG,
1330 "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.",
1331 tokenId, info.pid, permissionName.c_str(), info.type, callerPid);
1332
1333 if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) {
1334 return VerifyNativeRecordPermission(
1335 permissionName, tokenId) ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID;
1336 }
1337
1338 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1339 LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId);
1340 return PrivacyError::ERR_PARAM_INVALID;
1341 }
1342
1343 InitializeMuteState(permissionName);
1344 if (GetMuteStatus(permissionName, EDM)) {
1345 LOGE(PRI_DOMAIN, PRI_TAG, "EDM not allow.");
1346 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1347 }
1348 if (!Register()) {
1349 return PrivacyError::ERR_MALLOC_FAILED;
1350 }
1351
1352 int32_t status = GetAppStatus(tokenId);
1353 #ifndef APP_SECURITY_PRIVACY_SERVICE
1354 if (!GetGlobalSwitchStatus(permissionName)) {
1355 if (!ShowGlobalDialog(permissionName)) {
1356 return ERR_SERVICE_ABNORMAL;
1357 }
1358 status = PERM_INACTIVE;
1359 }
1360 #endif
1361 return AddRecordToStartList(info, status, callerPid);
1362 }
1363
StartUsingPermission(const PermissionUsedTypeInfo & info,const sptr<IRemoteObject> & callback,int32_t callerPid)1364 int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeInfo &info,
1365 const sptr<IRemoteObject>& callback, int32_t callerPid)
1366 {
1367 AccessTokenID tokenId = info.tokenId;
1368 const std::string &permissionName = info.permissionName;
1369 LOGI(PRI_DOMAIN, PRI_TAG,
1370 "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.",
1371 tokenId, info.pid, permissionName.c_str(), info.type, callerPid);
1372
1373 if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) {
1374 return VerifyNativeRecordPermission(
1375 permissionName, tokenId) ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID;
1376 }
1377
1378 if ((permissionName != CAMERA_PERMISSION_NAME) || (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP)) {
1379 LOGD(PRI_DOMAIN, PRI_TAG, "Token(%{public}u), perm(%{public}s).", tokenId, permissionName.c_str());
1380 return PrivacyError::ERR_PARAM_INVALID;
1381 }
1382
1383 InitializeMuteState(permissionName);
1384 if (GetMuteStatus(permissionName, EDM)) {
1385 LOGE(PRI_DOMAIN, PRI_TAG, "EDM not allow.");
1386 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1387 }
1388
1389 if (!Register()) {
1390 return PrivacyError::ERR_MALLOC_FAILED;
1391 }
1392 int32_t status = GetAppStatus(tokenId);
1393 #ifndef APP_SECURITY_PRIVACY_SERVICE
1394 if (!GetGlobalSwitchStatus(permissionName)) {
1395 if (!ShowGlobalDialog(permissionName)) {
1396 return ERR_SERVICE_ABNORMAL;
1397 }
1398 status = PERM_INACTIVE;
1399 }
1400 #endif
1401 uint64_t id = GetUniqueId(tokenId, -1);
1402 cameraCallbackMap_.EnsureInsert(id, callback);
1403 int32_t ret = AddRecordToStartList(info, status, callerPid, true);
1404 if (ret != RET_SUCCESS) {
1405 cameraCallbackMap_.Erase(id);
1406 }
1407 return ret;
1408 }
1409
StopUsingPermission(AccessTokenID tokenId,int32_t pid,const std::string & permissionName,int32_t callerPid)1410 int32_t PermissionRecordManager::StopUsingPermission(
1411 AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid)
1412 {
1413 if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) {
1414 return VerifyNativeRecordPermission(
1415 permissionName, tokenId) ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID;
1416 }
1417
1418 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1419 LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId);
1420 return PrivacyError::ERR_PARAM_INVALID;
1421 }
1422
1423 return RemoveRecordFromStartList(tokenId, pid, permissionName, callerPid);
1424 }
1425
HasCallerInStartList(int32_t callerPid)1426 bool PermissionRecordManager::HasCallerInStartList(int32_t callerPid)
1427 {
1428 std::lock_guard<std::mutex> lock(startRecordListMutex_);
1429 for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) {
1430 if (it->callerPid == callerPid) {
1431 return true;
1432 }
1433 }
1434 return false;
1435 }
1436
PermListToString(const std::vector<std::string> & permList)1437 void PermissionRecordManager::PermListToString(const std::vector<std::string>& permList)
1438 {
1439 std::string permStr;
1440 permStr = accumulate(permList.begin(), permList.end(), std::string(" "));
1441
1442 LOGI(PRI_DOMAIN, PRI_TAG, "PermStr =%{public}s.", permStr.c_str());
1443 }
1444
PermissionListFilter(const std::vector<std::string> & listSrc,std::vector<std::string> & listRes)1445 int32_t PermissionRecordManager::PermissionListFilter(
1446 const std::vector<std::string>& listSrc, std::vector<std::string>& listRes)
1447 {
1448 // filter legal permissions
1449 PermissionDef permissionDef;
1450 std::set<std::string> permSet;
1451 for (const auto& perm : listSrc) {
1452 if (AccessTokenKit::GetDefPermission(perm, permissionDef) == Constant::SUCCESS &&
1453 permSet.count(perm) == 0) {
1454 listRes.emplace_back(perm);
1455 permSet.insert(perm);
1456 continue;
1457 }
1458 LOGE(PRI_DOMAIN, PRI_TAG, "Permission %{public}s invalid!", perm.c_str());
1459 }
1460 if ((listRes.empty()) && (!listSrc.empty())) {
1461 LOGE(PRI_DOMAIN, PRI_TAG, "Valid permission size is 0!");
1462 return PrivacyError::ERR_PARAM_INVALID;
1463 }
1464 PermListToString(listRes);
1465 return Constant::SUCCESS;
1466 }
1467
IsAllowedUsingCamera(AccessTokenID tokenId,int32_t pid)1468 bool PermissionRecordManager::IsAllowedUsingCamera(AccessTokenID tokenId, int32_t pid)
1469 {
1470 // allow foregound application or background application with CAMERA_BACKGROUND permission use camera
1471 int32_t status = GetAppStatus(tokenId, pid);
1472
1473 LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}d, appStatus %{public}d(1-foreground 2-background).", tokenId, status);
1474 if (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) {
1475 return true;
1476 }
1477
1478 return (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGROUND") == PERMISSION_GRANTED);
1479 }
1480
IsAllowedUsingMicrophone(AccessTokenID tokenId,int32_t pid)1481 bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId, int32_t pid)
1482 {
1483 int32_t status = GetAppStatus(tokenId, pid);
1484 LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}d, status is %{public}d(1-foreground 2-background).", tokenId, status);
1485 if (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) {
1486 return true;
1487 }
1488
1489 std::lock_guard<std::mutex> lock(foreReminderMutex_);
1490 auto iter = std::find(foreTokenIdList_.begin(), foreTokenIdList_.end(), tokenId);
1491 if (iter != foreTokenIdList_.end()) {
1492 return true;
1493 }
1494
1495 return (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED);
1496 }
1497
IsAllowedUsingPermission(AccessTokenID tokenId,const std::string & permissionName,int32_t pid)1498 bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName,
1499 int32_t pid)
1500 {
1501 if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) {
1502 return VerifyNativeRecordPermission(permissionName, tokenId);
1503 }
1504
1505 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1506 LOGD(PRI_DOMAIN, PRI_TAG, "Id(%{public}d) is not hap.", tokenId);
1507 return false;
1508 }
1509
1510 if (permissionName == CAMERA_PERMISSION_NAME) {
1511 return IsAllowedUsingCamera(tokenId, pid);
1512 } else if (permissionName == MICROPHONE_PERMISSION_NAME) {
1513 return IsAllowedUsingMicrophone(tokenId, pid);
1514 }
1515 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission(%{public}s).", permissionName.c_str());
1516 return false;
1517 }
1518
SetMutePolicy(const PolicyType & policyType,const CallerType & callerType,bool isMute,AccessTokenID tokenID)1519 int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute,
1520 AccessTokenID tokenID)
1521 {
1522 std::string permissionName;
1523 if (callerType == MICROPHONE) {
1524 permissionName = MICROPHONE_PERMISSION_NAME;
1525 } else if (callerType == CAMERA) {
1526 permissionName = CAMERA_PERMISSION_NAME;
1527 } else {
1528 return PrivacyError::ERR_PARAM_INVALID;
1529 }
1530
1531 if (policyType == EDM) {
1532 static uint32_t edmTokenID = AccessTokenKit::GetNativeTokenId(EDM_PROCESS_NAME);
1533 if (edmTokenID != tokenID) {
1534 return PrivacyError::ERR_FIRST_CALLER_NOT_EDM;
1535 }
1536
1537 return SetEdmMutePolicy(permissionName, isMute);
1538 }
1539
1540 if (policyType == PRIVACY) {
1541 return SetPrivacyMutePolicy(permissionName, isMute);
1542 }
1543
1544 if (policyType == TEMPORARY) {
1545 return SetTempMutePolicy(permissionName, isMute);
1546 }
1547 return ERR_PARAM_INVALID;
1548 }
1549
SetHapWithFGReminder(uint32_t tokenId,bool isAllowed)1550 int32_t PermissionRecordManager::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed)
1551 {
1552 if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) {
1553 LOGE(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId);
1554 return PrivacyError::ERR_PARAM_INVALID;
1555 }
1556 std::lock_guard<std::mutex> lock(foreReminderMutex_);
1557 auto iter = std::find(foreTokenIdList_.begin(), foreTokenIdList_.end(), tokenId);
1558 if (iter == foreTokenIdList_.end() && isAllowed) {
1559 foreTokenIdList_.emplace_back(tokenId);
1560 LOGI(PRI_DOMAIN, PRI_TAG, "Set hap(%{public}d) foreground.", tokenId);
1561 return RET_SUCCESS;
1562 }
1563 if (iter != foreTokenIdList_.end() && !isAllowed) {
1564 foreTokenIdList_.erase(iter);
1565 LOGI(PRI_DOMAIN, PRI_TAG, "cancel hap(%{public}d) foreground.", tokenId);
1566 return RET_SUCCESS;
1567 }
1568 LOGE(PRI_DOMAIN, PRI_TAG, "(%{public}d) is invalid to be operated.", tokenId);
1569 return PrivacyError::ERR_PARAM_INVALID;
1570 }
1571
SetEdmMutePolicy(const std::string permissionName,bool isMute)1572 int32_t PermissionRecordManager::SetEdmMutePolicy(const std::string permissionName, bool isMute)
1573 {
1574 if (isMute) {
1575 ModifyMuteStatus(permissionName, EDM, isMute);
1576 ModifyMuteStatus(permissionName, MIXED, isMute);
1577 #ifndef APP_SECURITY_PRIVACY_SERVICE
1578 ExecuteAndUpdateRecordByPerm(permissionName, false);
1579 #endif
1580 } else {
1581 ModifyMuteStatus(permissionName, EDM, isMute);
1582 if (GetMuteStatus(permissionName, MIXED)) {
1583 return ERR_PRIVACY_POLICY_CHECK_FAILED;
1584 }
1585 }
1586 return RET_SUCCESS;
1587 }
1588
SetPrivacyMutePolicy(const std::string permissionName,bool isMute)1589 int32_t PermissionRecordManager::SetPrivacyMutePolicy(const std::string permissionName, bool isMute)
1590 {
1591 if (isMute) {
1592 ModifyMuteStatus(permissionName, MIXED, isMute);
1593 } else {
1594 if (GetMuteStatus(permissionName, EDM)) {
1595 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1596 }
1597 ModifyMuteStatus(permissionName, MIXED, isMute);
1598 }
1599 #ifndef APP_SECURITY_PRIVACY_SERVICE
1600 ExecuteAndUpdateRecordByPerm(permissionName, !isMute);
1601 #endif
1602 return RET_SUCCESS;
1603 }
1604
SetTempMutePolicy(const std::string permissionName,bool isMute)1605 int32_t PermissionRecordManager::SetTempMutePolicy(const std::string permissionName, bool isMute)
1606 {
1607 if (!isMute) {
1608 if (GetMuteStatus(permissionName, EDM)) {
1609 return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED;
1610 }
1611 if (GetMuteStatus(permissionName, MIXED)) {
1612 AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
1613 ContinusPermissionRecord record;
1614 record.tokenId = callingTokenID;
1615 record.status = PERM_TEMPORARY_CALL;
1616 record.pid = -1; // pid -1 with no meaning
1617 record.callerPid = -1; // pid -1 with no meaning
1618 CallbackExecute(record, permissionName);
1619 return PrivacyError::ERR_PRIVACY_POLICY_CHECK_FAILED;
1620 }
1621 }
1622 return RET_SUCCESS;
1623 }
1624
ModifyMuteStatus(const std::string & permissionName,int32_t index,bool isMute)1625 void PermissionRecordManager::ModifyMuteStatus(const std::string& permissionName, int32_t index, bool isMute)
1626 {
1627 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1628 std::lock_guard<std::mutex> lock(micMuteMutex_);
1629 if (index == EDM) {
1630 isMicEdmMute_ = isMute;
1631 } else {
1632 isMicMixMute_ = isMute;
1633 }
1634 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1635 std::lock_guard<std::mutex> lock(camMuteMutex_);
1636 if (index == EDM) {
1637 isCamEdmMute_ = isMute;
1638 } else {
1639 isCamMixMute_ = isMute;
1640 }
1641 }
1642 LOGI(PRI_DOMAIN, PRI_TAG, "permissionName: %{public}s, isMute: %{public}d, index: %{public}d.",
1643 permissionName.c_str(), isMute, index);
1644 }
1645
GetMuteStatus(const std::string & permissionName,int32_t index)1646 bool PermissionRecordManager::GetMuteStatus(const std::string& permissionName, int32_t index)
1647 {
1648 bool isMute = false;
1649 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1650 std::lock_guard<std::mutex> lock(micMuteMutex_);
1651 isMute = (index == EDM) ? isMicEdmMute_ : isMicMixMute_;
1652 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1653 std::lock_guard<std::mutex> lock(camMuteMutex_);
1654 isMute = (index == EDM) ? isCamEdmMute_ : isCamMixMute_;
1655 } else {
1656 return false;
1657 }
1658 LOGI(PRI_DOMAIN, PRI_TAG, "perm: %{public}s, isMute: %{public}d, index: %{public}d.",
1659 permissionName.c_str(), isMute, index);
1660 return isMute;
1661 }
1662
RegisterPermActiveStatusCallback(AccessTokenID regiterTokenId,const std::vector<std::string> & permList,const sptr<IRemoteObject> & callback)1663 int32_t PermissionRecordManager::RegisterPermActiveStatusCallback(
1664 AccessTokenID regiterTokenId, const std::vector<std::string>& permList, const sptr<IRemoteObject>& callback)
1665 {
1666 std::vector<std::string> permListRes;
1667 int32_t res = PermissionListFilter(permList, permListRes);
1668 if (res != Constant::SUCCESS) {
1669 return res;
1670 }
1671 return ActiveStatusCallbackManager::GetInstance().AddCallback(regiterTokenId, permListRes, callback);
1672 }
1673
UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject> & callback)1674 int32_t PermissionRecordManager::UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject>& callback)
1675 {
1676 return ActiveStatusCallbackManager::GetInstance().RemoveCallback(callback);
1677 }
1678
AddDataValueToResults(const GenericValues value,std::vector<PermissionUsedTypeInfo> & results)1679 void PermissionRecordManager::AddDataValueToResults(const GenericValues value,
1680 std::vector<PermissionUsedTypeInfo>& results)
1681 {
1682 PermissionUsedTypeInfo info;
1683 info.tokenId = static_cast<AccessTokenID>(value.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID));
1684 Constant::TransferOpcodeToPermission(value.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE), info.permissionName);
1685 uint32_t type = static_cast<uint32_t>(value.GetInt(PrivacyFiledConst::FIELD_USED_TYPE));
1686 if ((type & NORMAL_TYPE_ADD_VALUE) == NORMAL_TYPE_ADD_VALUE) { // normal first
1687 info.type = PermissionUsedType::NORMAL_TYPE;
1688 results.emplace_back(info);
1689 }
1690 if ((type & PICKER_TYPE_ADD_VALUE) == PICKER_TYPE_ADD_VALUE) { // picker second
1691 info.type = PermissionUsedType::PICKER_TYPE;
1692 results.emplace_back(info);
1693 }
1694 if ((type & SEC_COMPONENT_TYPE_ADD_VALUE) == SEC_COMPONENT_TYPE_ADD_VALUE) { // security component last
1695 info.type = PermissionUsedType::SECURITY_COMPONENT_TYPE;
1696 results.emplace_back(info);
1697 }
1698 }
1699
GetPermissionUsedTypeInfos(AccessTokenID tokenId,const std::string & permissionName,std::vector<PermissionUsedTypeInfo> & results)1700 int32_t PermissionRecordManager::GetPermissionUsedTypeInfos(AccessTokenID tokenId, const std::string& permissionName,
1701 std::vector<PermissionUsedTypeInfo>& results)
1702 {
1703 GenericValues value;
1704
1705 if (tokenId != INVALID_TOKENID) {
1706 HapTokenInfo tokenInfo;
1707 if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) {
1708 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", tokenId);
1709 return PrivacyError::ERR_TOKENID_NOT_EXIST;
1710 }
1711 value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast<int32_t>(tokenId));
1712 }
1713
1714 if (!permissionName.empty()) {
1715 int32_t opCode;
1716 if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) {
1717 LOGE(PRI_DOMAIN, PRI_TAG, "Invalid (%{public}s).", permissionName.c_str());
1718 return PrivacyError::ERR_PERMISSION_NOT_EXIST;
1719 }
1720 value.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode);
1721 }
1722
1723 std::vector<GenericValues> valueResults;
1724 if (PermissionUsedRecordDb::GetInstance().Query(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE,
1725 value, valueResults) != PermissionUsedRecordDb::ExecuteResult::SUCCESS) {
1726 return Constant::FAILURE;
1727 }
1728
1729 for (const auto& valueResult : valueResults) {
1730 AddDataValueToResults(valueResult, results);
1731 }
1732
1733 if (results.size() > MAX_PERMISSION_USED_TYPE_SIZE) {
1734 return PrivacyError::ERR_OVERSIZE;
1735 }
1736
1737 LOGI(PRI_DOMAIN, PRI_TAG, "Get %{public}zu permission used type records.", results.size());
1738
1739 return Constant::SUCCESS;
1740 }
1741
GetAppStatus(AccessTokenID tokenId,int32_t pid)1742 int32_t PermissionRecordManager::GetAppStatus(AccessTokenID tokenId, int32_t pid)
1743 {
1744 int32_t status = PERM_ACTIVE_IN_BACKGROUND;
1745 std::vector<AppStateData> foreGroundAppList;
1746 (void)AppManagerAccessClient::GetInstance().GetForegroundApplications(foreGroundAppList);
1747 if (std::any_of(foreGroundAppList.begin(), foreGroundAppList.end(),
1748 [=](const auto& foreGroundApp) {
1749 if (pid == -1) {
1750 return foreGroundApp.accessTokenId == tokenId;
1751 }
1752
1753 return ((foreGroundApp.accessTokenId == tokenId) && (foreGroundApp.pid == pid));
1754 })) {
1755 status = PERM_ACTIVE_IN_FOREGROUND;
1756 }
1757 return status;
1758 }
1759
Register()1760 bool PermissionRecordManager::Register()
1761 {
1762 // app manager death callback register
1763 {
1764 std::lock_guard<std::mutex> lock(appManagerDeathMutex_);
1765 if (appManagerDeathCallback_ == nullptr) {
1766 appManagerDeathCallback_ = std::make_shared<PrivacyAppManagerDeathCallback>();
1767 if (appManagerDeathCallback_ == nullptr) {
1768 LOGE(PRI_DOMAIN, PRI_TAG, "Register appManagerDeathCallback failed.");
1769 return false;
1770 }
1771 AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_);
1772 }
1773 }
1774 // app state change callback register
1775 {
1776 std::lock_guard<std::mutex> lock(appStateMutex_);
1777 if (appStateCallback_ == nullptr) {
1778 appStateCallback_ = new (std::nothrow) PrivacyAppStateObserver();
1779 if (appStateCallback_ == nullptr) {
1780 LOGE(PRI_DOMAIN, PRI_TAG, "Register appStateCallback failed.");
1781 return false;
1782 }
1783 int32_t result = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_);
1784 if (result != ERR_OK) {
1785 LOGE(PRI_DOMAIN, PRI_TAG, "Register application state observer failed(%{public}d).", result);
1786 return false;
1787 }
1788 }
1789 }
1790 return true;
1791 }
1792
InitializeMuteState(const std::string & permissionName)1793 void PermissionRecordManager::InitializeMuteState(const std::string& permissionName)
1794 {
1795 if (permissionName == MICROPHONE_PERMISSION_NAME) {
1796 bool isMicMute = AudioManagerAdapter::GetInstance().GetPersistentMicMuteState();
1797 LOGI(PRI_DOMAIN, PRI_TAG, "Mic mute state: %{public}d.", isMicMute);
1798 ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, MIXED, isMicMute);
1799 {
1800 std::lock_guard<std::mutex> lock(micLoadMutex_);
1801 if (!isMicLoad_) {
1802 LOGI(PRI_DOMAIN, PRI_TAG, "Mic mute state: %{public}d.", isMicLoad_);
1803 bool isEdmMute = false;
1804 if (!GetMuteParameter(EDM_MIC_MUTE_KEY, isEdmMute)) {
1805 LOGE(PRI_DOMAIN, PRI_TAG, "Get param failed");
1806 return;
1807 }
1808 ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, EDM, isEdmMute);
1809 }
1810 }
1811 } else if (permissionName == CAMERA_PERMISSION_NAME) {
1812 bool isCameraMute = CameraManagerAdapter::GetInstance().IsCameraMuted();
1813 LOGI(PRI_DOMAIN, PRI_TAG, "Camera mute state: %{public}d.", isCameraMute);
1814 ModifyMuteStatus(CAMERA_PERMISSION_NAME, MIXED, isCameraMute);
1815 {
1816 std::lock_guard<std::mutex> lock(camLoadMutex_);
1817 if (!isCamLoad_) {
1818 bool isEdmMute = false;
1819 if (!GetMuteParameter(EDM_CAMERA_MUTE_KEY, isEdmMute)) {
1820 LOGE(PRI_DOMAIN, PRI_TAG, "Get camera param failed");
1821 return;
1822 }
1823 ModifyMuteStatus(CAMERA_PERMISSION_NAME, EDM, isEdmMute);
1824 }
1825 }
1826 }
1827 }
1828
Unregister()1829 void PermissionRecordManager::Unregister()
1830 {
1831 // app state change callback unregister
1832 std::lock_guard<std::mutex> lock(appStateMutex_);
1833 if (appStateCallback_ != nullptr) {
1834 AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStateCallback_);
1835 appStateCallback_= nullptr;
1836 }
1837 }
1838
GetMuteParameter(const char * key,bool & isMute)1839 bool PermissionRecordManager::GetMuteParameter(const char* key, bool& isMute)
1840 {
1841 char value[VALUE_MAX_LEN] = {0};
1842 int32_t ret = GetParameter(key, "", value, VALUE_MAX_LEN - 1);
1843 if (ret < 0) {
1844 LOGE(PRI_DOMAIN, PRI_TAG, "Return default value, ret=%{public}d", ret);
1845 return false;
1846 }
1847 isMute = false;
1848 if (strncmp(value, "true", VALUE_MAX_LEN) == 0) {
1849 LOGI(PRI_DOMAIN, PRI_TAG, "EDM not allow.");
1850 isMute = true;
1851 }
1852 return true;
1853 }
1854
OnAppMgrRemoteDiedHandle()1855 void PermissionRecordManager::OnAppMgrRemoteDiedHandle()
1856 {
1857 LOGI(PRI_DOMAIN, PRI_TAG, "Handle app fwk died.");
1858 std::lock_guard<std::mutex> lock(appStateMutex_);
1859 appStateCallback_ = nullptr;
1860 }
1861
OnAudioMgrRemoteDiedHandle()1862 void PermissionRecordManager::OnAudioMgrRemoteDiedHandle()
1863 {
1864 LOGI(PRI_DOMAIN, PRI_TAG, "Handle audio fwk died.");
1865 {
1866 std::lock_guard<std::mutex> lock(micLoadMutex_);
1867 isMicLoad_ = false;
1868 }
1869 }
1870
OnCameraMgrRemoteDiedHandle()1871 void PermissionRecordManager::OnCameraMgrRemoteDiedHandle()
1872 {
1873 LOGI(PRI_DOMAIN, PRI_TAG, "Handle camera fwk died.");
1874 {
1875 std::lock_guard<std::mutex> lock(camLoadMutex_);
1876 isCamLoad_ = false;
1877 }
1878 }
1879
SetDefaultConfigValue()1880 void PermissionRecordManager::SetDefaultConfigValue()
1881 {
1882 recordSizeMaximum_ = DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM;
1883 recordAgingTime_ = DEFAULT_PERMISSION_USED_RECORD_AGING_TIME;
1884 #ifndef APP_SECURITY_PRIVACY_SERVICE
1885 globalDialogBundleName_ = DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME;
1886 globalDialogAbilityName_ = DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY;
1887 #endif
1888 }
1889
GetConfigValue()1890 void PermissionRecordManager::GetConfigValue()
1891 {
1892 LibraryLoader loader(CONFIG_PARSE_LIBPATH);
1893 ConfigPolicyLoaderInterface* policy = loader.GetObject<ConfigPolicyLoaderInterface>();
1894 if (policy == nullptr) {
1895 LOGE(PRI_DOMAIN, PRI_TAG, "Dlopen libaccesstoken_json_parse failed.");
1896 return;
1897 }
1898 AccessTokenConfigValue value;
1899 if (policy->GetConfigValue(ServiceType::PRIVACY_SERVICE, value)) {
1900 // set value from config
1901 recordSizeMaximum_ = value.pConfig.sizeMaxImum == 0
1902 ? DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM : value.pConfig.sizeMaxImum;
1903 recordAgingTime_ = value.pConfig.agingTime == 0
1904 ? DEFAULT_PERMISSION_USED_RECORD_AGING_TIME : value.pConfig.agingTime;
1905 #ifndef APP_SECURITY_PRIVACY_SERVICE
1906 globalDialogBundleName_ = value.pConfig.globalDialogBundleName.empty()
1907 ? DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME : value.pConfig.globalDialogBundleName;
1908 globalDialogAbilityName_ = value.pConfig.globalDialogAbilityName.empty()
1909 ? DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY : value.pConfig.globalDialogAbilityName;
1910 #endif
1911 } else {
1912 SetDefaultConfigValue();
1913 }
1914
1915 LOGI(PRI_DOMAIN, PRI_TAG, "RecordSizeMaximum_ is %{public}d, recordAgingTime_ is %{public}d",
1916 recordSizeMaximum_, recordAgingTime_);
1917 }
1918
GetUniqueId(uint32_t tokenId,int32_t pid) const1919 uint64_t PermissionRecordManager::GetUniqueId(uint32_t tokenId, int32_t pid) const
1920 {
1921 uint32_t tmpPid = (pid <= 0) ? 0 : (uint32_t)pid;
1922 return ((uint64_t)tmpPid << 32) | ((uint64_t)tokenId & 0xFFFFFFFF); // 32: bit
1923 }
1924
IsUserIdValid(int32_t userID) const1925 bool PermissionRecordManager::IsUserIdValid(int32_t userID) const
1926 {
1927 return userID >= 0 && userID <= MAX_USER_ID;
1928 }
1929
Init()1930 void PermissionRecordManager::Init()
1931 {
1932 if (hasInited_) {
1933 return;
1934 }
1935 LOGI(PRI_DOMAIN, PRI_TAG, "Init");
1936 hasInited_ = true;
1937
1938 UpdatePermUsedRecToggleStatusMapFromDb();
1939
1940 GetConfigValue();
1941 }
1942 } // namespace AccessToken
1943 } // namespace Security
1944 } // namespace OHOS