1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "permission_manager.h"
17 #include "edm_log.h"
18
19 namespace OHOS {
20 namespace EDM {
PermissionManager()21 PermissionManager::PermissionManager() {}
22
~PermissionManager()23 PermissionManager::~PermissionManager()
24 {
25 permissions_.clear();
26 }
27
AddPermission(const std::string & permission,IPlugin::PermissionType permissionType,std::uint32_t code)28 ErrCode PermissionManager::AddPermission(const std::string &permission, IPlugin::PermissionType permissionType,
29 std::uint32_t code)
30 {
31 if (permission.empty()) {
32 return ERR_OK;
33 }
34 if (static_cast<std::int32_t>(permissionType) <
35 static_cast<std::int32_t>(IPlugin::PermissionType::NORMAL_DEVICE_ADMIN) ||
36 static_cast<std::int32_t>(permissionType) >= static_cast<std::int32_t>(IPlugin::PermissionType::UNKNOWN)) {
37 EDMLOGE("AddPermission::unknow permission type");
38 return ERR_EDM_UNKNOWN_PERMISSION;
39 }
40 auto entry = permissions_.find(permission);
41 if (entry == permissions_.end()) {
42 permissions_.insert(std::make_pair(permission, PermissionTypeToAdminType(permissionType)));
43 EDMLOGI("AddPermission::insert permission : %{public}s permissionType : %{public}d",
44 permission.c_str(), static_cast<int32_t>(permissionType));
45 } else if (entry->second != PermissionTypeToAdminType(permissionType)) {
46 EDMLOGE("AddPermission::conflict permission type");
47 return ERR_EDM_DENY_PERMISSION;
48 } else {
49 EDMLOGI("AddPermission::same permission has been added : %{public}s", permission.c_str());
50 }
51 permissionToCodes_[permission].insert(code);
52 EDMLOGD("AddPermission::return ok");
53 return ERR_OK;
54 }
55
PermissionTypeToAdminType(IPlugin::PermissionType permissionType)56 AdminType PermissionManager::PermissionTypeToAdminType(IPlugin::PermissionType permissionType)
57 {
58 if (permissionType == IPlugin::PermissionType::BYOD_DEVICE_ADMIN) {
59 return AdminType::BYOD;
60 }
61 return static_cast<AdminType>(permissionType);
62 }
63
GetAdminGrantedPermission(const std::vector<std::string> & permissions,AdminType adminType,std::vector<std::string> & reqPermission)64 void PermissionManager::GetAdminGrantedPermission(const std::vector<std::string> &permissions, AdminType adminType,
65 std::vector<std::string> &reqPermission)
66 {
67 reqPermission.clear();
68 for (const auto &item : permissions) {
69 auto entry = permissions_.find(item);
70 if (entry == permissions_.end()) {
71 continue;
72 }
73 if (adminType == AdminType::NORMAL && (entry->second == AdminType::ENT || entry->second == AdminType::BYOD)) {
74 EDMLOGE("GetAdminGrantedPermission normal admin can not request super and byod admin permission.");
75 continue;
76 }
77 if (adminType == AdminType::BYOD && entry->second == AdminType::ENT) {
78 EDMLOGE("GetAdminGrantedPermission byod admin can not request super admin permission.");
79 continue;
80 }
81 if (adminType == AdminType::ENT && entry->second == AdminType::BYOD) {
82 EDMLOGE("GetAdminGrantedPermission super admin can not request byod admin permission.");
83 continue;
84 }
85 reqPermission.emplace_back(entry->first);
86 EDMLOGI("reqPermission.emplace_back:%{public}s:", entry->first.c_str());
87 }
88 }
89 } // namespace EDM
90 } // namespace OHOS
91