• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccessToken
18  * @{
19  *
20  * @brief Provides permission management interfaces.
21  *
22  * Provides tokenID-based application permission verification mechanism.
23  * When an application accesses sensitive data or APIs, this module can check
24  * whether the application has the corresponding permission. Allows applications
25  * to query their access token information or APL levcels based on token IDs.
26  *
27  * @since 7.0
28  * @version 7.0
29  */
30 
31 /**
32  * @file access_token.h
33  *
34  * @brief Declares typedefs, enums and const values.
35  *
36  * @since 7.0
37  * @version 7.0
38  */
39 
40 #ifndef ACCESS_TOKEN_H
41 #define ACCESS_TOKEN_H
42 
43 #include <string>
44 
45 namespace OHOS {
46 namespace Security {
47 namespace AccessToken {
48 typedef unsigned int AccessTokenID;
49 typedef uint64_t FullTokenID;
50 typedef unsigned int AccessTokenAttr;
51 constexpr const int DEFAULT_TOKEN_VERSION = 1;
52 constexpr const AccessTokenID INVALID_TOKENID = 0;
53 
54 /**
55  * @brief visit type
56  */
57 enum class PermUsedTypeEnum {
58     /** invalid type */
59     INVALID_USED_TYPE = -1,
60     /** normal type for permision request */
61     NORMAL_TYPE,
62     /** picker type for permision request */
63     PICKER_TYPE,
64     /** security component type for permision request */
65     SEC_COMPONENT_TYPE,
66     /** bottom of type for no use */
67     PERM_USED_TYPE_BUTT,
68 };
69 
70 /**
71  * @brief Access token kit return code
72  */
73 enum AccessTokenKitRet {
74     RET_FAILED = -1,
75     RET_SUCCESS = 0,
76 };
77 
78 /**
79  * @brief AccessTokenID 32 bits map
80  */
81 typedef struct {
82     unsigned int tokenUniqueID : 20;
83     /** reserved, default 00000 */
84     unsigned int res : 4;
85     unsigned int cloneFlag : 1;
86     /** renderflag, default 0 */
87     unsigned int renderFlag : 1;
88     unsigned int dlpFlag : 1;
89     /**
90      * token type, for details about the valid values,
91      * see the definition of ATokenTypeEnum in the access_token.h file.
92      */
93     unsigned int type : 2;
94     /** version, default 001 */
95     unsigned int version : 3;
96 } AccessTokenIDInner;
97 
98 /**
99  * @brief Token id type
100  */
101 typedef enum TypeATokenTypeEnum {
102     TOKEN_INVALID = -1,
103     TOKEN_HAP = 0,
104     TOKEN_NATIVE,
105     TOKEN_SHELL,
106     TOKEN_TYPE_BUTT,
107 } ATokenTypeEnum;
108 
109 /**
110  * @brief Apl level
111  */
112 typedef enum TypeATokenAplEnum {
113     APL_INVALID = 0,
114     APL_NORMAL = 1,
115     APL_SYSTEM_BASIC = 2,
116     APL_SYSTEM_CORE = 3,
117     APL_ENUM_BUTT,
118 } ATokenAplEnum;
119 
120 /**
121  * @brief AvailableType
122  */
123 typedef enum TypeATokenAvailableTypeEnum {
124     INVALID = -1,
125     NORMAL = 0,
126     SYSTEM,
127     MDM,
128     SYSTEM_AND_MDM,
129     SERVICE,
130     ENTERPRISE_NORMAL,
131     AVAILABLE_TYPE_BUTT,
132 } ATokenAvailableTypeEnum;
133 
134 /**
135  * @brief Token id full definition
136  */
137 typedef union {
138     unsigned long long tokenIDEx;
139     struct {
140         AccessTokenID tokenID;
141         /** tokenID attribute */
142         AccessTokenAttr tokenAttr;
143     } tokenIdExStruct;
144 } AccessTokenIDEx;
145 
146 /**
147  * @brief Permission request toggle status
148  */
149 typedef enum TypePermissionRequestToggleStatus {
150     CLOSED = 0,
151     OPEN = 1,
152 } PermissionRequestToggleStatus;
153 
154 /**
155  * @brief Permission states
156  */
157 typedef enum TypePermissionState {
158     PERMISSION_DENIED = -1,
159     PERMISSION_GRANTED = 0,
160 } PermissionState;
161 
162 /**
163  * @brief Permission grant mode
164  */
165 typedef enum TypeGrantMode {
166     /** user grant the permisson by dynamic pop-up window */
167     USER_GRANT = 0,
168     /**
169      * system grant the permission automated when
170      * the permission is decleared and app is installed
171      */
172     SYSTEM_GRANT = 1,
173 } GrantMode;
174 
175 /**
176  * @brief Permission flag
177  */
178 typedef enum TypePermissionFlag {
179     /**
180      * permission has not been set by user.
181      */
182     PERMISSION_DEFAULT_FLAG = 0,
183     /**
184      * permission has been set by user, If the permission is not granted,
185      * a permission window is allowed to apply for permission.
186      */
187     PERMISSION_USER_SET = 1 << 0,
188     /**
189      * permission has been set by user, If the permission is not granted,
190      * a permission window is not allowed to apply for permission.
191      */
192     PERMISSION_USER_FIXED = 1 << 1,
193     /**
194      * permission has been set by system,
195      * the permission can be a user_grant one which is granted for pre-authorization and is non-cancellable.
196      */
197     PERMISSION_SYSTEM_FIXED = 1 << 2,
198     /**
199      * a user_grant permission has been set by system for pre-authorization,
200      * and it is cancellable. it always works with other flags.
201      */
202     PERMISSION_PRE_AUTHORIZED_CANCELABLE = 1 << 3,
203     /**
204      * permission has been set by security component.
205      */
206     PERMISSION_COMPONENT_SET = 1 << 4,
207     /*
208      * permission is fixed by policy and the permission cannot be granted or revoked by user
209      */
210     PERMISSION_FIXED_FOR_SECURITY_POLICY = 1 << 5,
211     /*
212      * permission is only allowed during the current lifecycle foreground period
213      */
214     PERMISSION_ALLOW_THIS_TIME = 1 << 6,
215     /**
216      * permission is fixed by admin policy, it cannot be granted or revoked by user,
217      * and it can be cancelled by admin.
218      */
219     PERMISSION_FIXED_BY_ADMIN_POLICY = 1 << 7,
220     /**
221      * permission which is fixed by admin policy, cancel fixed by admin policy.
222      * it can be granted or revoked by user.
223      */
224     PERMISSION_ADMIN_POLICIES_CANCEL = 1 << 8,
225 } PermissionFlag;
226 
227 /**
228  * @brief Permission operate result
229  */
230 typedef enum TypePermissionOper {
231     /** permission has been set, only can change it in settings */
232     SETTING_OPER = -1,
233     /** operate is passed, no need to do anything */
234     PASS_OPER = 0,
235     /** permission need dynamic pop-up windows to grant it */
236     DYNAMIC_OPER = 1,
237     /** invalid operation, something is wrong, see in md files */
238     INVALID_OPER = 2,
239     /** operate is forbidden */
240     FORBIDDEN_OPER = 3,
241     /** buttom of permission oper */
242     BUTT_OPER,
243 } PermissionOper;
244 
245 
246 /**
247  * @brief Permission operation result details
248  */
249 typedef enum TypePermissionErrorReason {
250     /** The operation is successful */
251     REQ_SUCCESS = 0,
252     /** The permission name is invalid */
253     PERM_INVALID = 1,
254     /** The requested has not been declared */
255     PERM_NOT_DECLEARED = 2,
256     /** The conditions for requesting the permission are not met */
257     CONDITIONS_NOT_MET = 3,
258     /** The user does not agree to the Privacy Statement */
259     PRIVACY_STATEMENT_NOT_AGREED = 4,
260     /** The permission cannot be requested in a pop-up window */
261     UNABLE_POP_UP = 5,
262     /** The permission is fixed by policy */
263     FIXED_BY_POLICY = 6,
264     /** The service is abnormal */
265     SERVICE_ABNORMAL = 12,
266 } PermissionErrorReason;
267 
268 /**
269  * @brief Dlp types
270  */
271 typedef enum DlpType {
272     DLP_COMMON = 0,
273     DLP_READ = 1,
274     DLP_FULL_CONTROL = 2,
275     BUTT_DLP_TYPE,
276 } HapDlpType;
277 
278 /**
279  * @brief User permission policy status.
280  */
281 typedef struct {
282     /** user id */
283     int32_t userId;
284     /** active status */
285     bool isActive;
286 } UserState;
287 
288 /**
289  * @brief Dlp permission type
290  */
291 typedef enum TypeDlpPerm {
292     DLP_PERM_ALL = 0,
293     DLP_PERM_FULL_CONTROL = 1,
294     DLP_PERM_NONE = 2,
295 } DlpPermMode;
296 
297 /**
298  * @brief PermssionRule
299  */
300 typedef enum TypePermissionRulesEnum {
301     PERMISSION_EDM_RULE = 0,
302     PERMISSION_ACL_RULE,
303     PERMISSION_ENTERPRISE_NORMAL_RULE
304 } PermissionRulesEnum;
305 
306 /**
307  * @brief Permission change registration type
308  */
309 typedef enum RegisterPermissionChangeType {
310     /** system app register permissions state change info of selected haps */
311     SYSTEM_REGISTER_TYPE = 0,
312     /** app register permissions state change info of itself */
313     SELF_REGISTER_TYPE = 1,
314 } RegisterPermChangeType;
315 
316 /**
317  * @brief Whether acl check
318  */
319 typedef enum HapPolicyCheckIgnoreType {
320     /** normal */
321     NONE = 0,
322     /** ignore acl check */
323     ACL_IGNORE_CHECK,
324 } HapPolicyCheckIgnore;
325 
326 /**
327  * @brief Apl and isSystemApp info about tokenId
328  */
329 typedef struct {
330     /** apl for tokenId */
331     int32_t apl;
332     /** is system app */
333     bool isSystemApp;
334 } TokenIdInfo;
335 } // namespace AccessToken
336 } // namespace Security
337 } // namespace OHOS
338 #endif // ACCESS_TOKEN_H
339