• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SERVICES_EDM_INCLUDE_EDM_PERMISSION_CHECKER_H
17 #define SERVICES_EDM_INCLUDE_EDM_PERMISSION_CHECKER_H
18 
19 #include <map>
20 #include <string>
21 #include <vector>
22 
23 #include "admin.h"
24 #include "admin_type.h"
25 #include "external_manager_factory.h"
26 #include "iexternal_manager_factory.h"
27 #include "iplugin.h"
28 #include "singleton.h"
29 
30 namespace OHOS {
31 namespace EDM {
32 class PermissionChecker : public std::enable_shared_from_this<PermissionChecker> {
33 public:
34     static std::shared_ptr<PermissionChecker> GetInstance();
35 
36     ErrCode CheckCallerPermission(std::shared_ptr<Admin> admin, const std::string &permission, bool isNeedSuperAdmin);
37 
38     ErrCode CheckAuthorizeAdminPermission(std::shared_ptr<Admin> admin, const std::string &permission);
39 
40     ErrCode CheckCallingUid(const std::string &bundleName);
41 
42     ErrCode CheckSystemCalling(IPlugin::ApiType apiType, const std::string &permissionTag);
43 
44     ErrCode GetAllPermissionsByAdmin(const std::string &bundleInfoName, AdminType adminType, int32_t userId,
45         std::vector<std::string> &permissionList);
46 
47     ErrCode CheckHandlePolicyPermission(FuncOperateType operateType, const std::string &bundleName,
48         const std::string &policyName, const std::string &permissionName, int32_t userId);
49 
50     ErrCode CheckAndUpdatePermission(std::shared_ptr<Admin> admin, Security::AccessToken::AccessTokenID tokenId,
51         const std::string &permission, int32_t userId);
52 
53     bool CheckElementNullPermission(uint32_t code, const std::string &permissionName);
54 
55     bool CheckIsDebug();
56     bool CheckIsSystemAppOrNative();
57     bool CheckSpecialPolicyCallQuery(uint32_t code);
58     bool VerifyCallingPermission(Security::AccessToken::AccessTokenID tokenId, const std::string &permissionName);
59     bool IsAllowDelegatedPolicy(const std::string &policy);
60     virtual std::shared_ptr<IExternalManagerFactory> GetExternalManagerFactory();
61     virtual ~PermissionChecker() = default;
62 
63     IPlugin::PermissionType AdminTypeToPermissionType(AdminType adminType);
64     int32_t GetCurrentUserId();
65 
66 private:
67     PermissionChecker() = default;
68     static std::once_flag flag_;
69     static std::shared_ptr<PermissionChecker> instance_;
70     static std::vector<uint32_t> supportAdminNullPolicyCode_;
71     static std::unordered_set<std::string> allowDelegatedPolicies_;
72     std::shared_ptr<IExternalManagerFactory> externalManagerFactory_ = std::make_shared<ExternalManagerFactory>();
73 };
74 } // namespace EDM
75 } // namespace OHOS
76 
77 #endif // SERVICES_EDM_INCLUDE_EDM_PERMISSION_CHECKER_H
78