1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef PERMISSION_MANAGER_H 17 #define PERMISSION_MANAGER_H 18 19 #include <mutex> 20 #include <vector> 21 #include <string> 22 23 #include "ability_manager_access_loader.h" 24 #include "access_token.h" 25 #include "generic_values.h" 26 #include "hap_token_info_inner.h" 27 #include "iremote_broker.h" 28 #include "libraryloader.h" 29 #include "permission_def.h" 30 #include "permission_grant_event.h" 31 #include "permission_list_state.h" 32 #include "permission_list_state_parcel.h" 33 #include "permission_map.h" 34 #include "permission_state_change_info.h" 35 #include "permission_status.h" 36 #include "temp_permission_observer.h" 37 38 #include "rwlock.h" 39 #include "nocopyable.h" 40 41 namespace OHOS { 42 namespace Security { 43 namespace AccessToken { 44 constexpr const char* VAGUE_LOCATION_PERMISSION_NAME = "ohos.permission.APPROXIMATELY_LOCATION"; 45 constexpr const char* ACCURATE_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION"; 46 constexpr const char* BACKGROUND_LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION_IN_BACKGROUND"; 47 const int32_t ACCURATE_LOCATION_API_VERSION = 9; 48 const int32_t BACKGROUND_LOCATION_API_VERSION = 11; 49 const uint32_t PERMISSION_NOT_REQUSET = -1; 50 struct LocationIndex { 51 uint32_t vagueIndex = PERMISSION_NOT_REQUSET; 52 uint32_t accurateIndex = PERMISSION_NOT_REQUSET; 53 uint32_t backIndex = PERMISSION_NOT_REQUSET; 54 }; 55 class PermissionManager { 56 public: 57 static PermissionManager& GetInstance(); 58 PermissionManager(); 59 virtual ~PermissionManager(); 60 61 void RegisterApplicationCallback(); 62 void RegisterAppManagerDeathCallback(); 63 int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); 64 PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); 65 int GetReqPermissions( 66 AccessTokenID tokenID, std::vector<PermissionStatus>& reqPermList, bool isSystemGrant); 67 int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); 68 int32_t RequestAppPermOnSetting(const HapTokenInfo& hapInfo, 69 const std::string& bundleName, const std::string& abilityName); 70 int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, 71 bool isGranted, uint32_t flag); 72 int32_t CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName, 73 bool isGranted, uint32_t flag); 74 int32_t CheckMultiPermissionStatus( 75 AccessTokenID tokenID, const std::vector<std::string>& permissionList, int32_t status, uint32_t flag); 76 int32_t UpdateMultiPermissionStatus( 77 AccessTokenID tokenID, const std::vector<std::string> &permissionList, int32_t status, uint32_t flag); 78 int32_t CheckAndUpdateMultiPermissionStatus( 79 AccessTokenID tokenID, const std::vector<std::string>& permissionList, int32_t status, uint32_t flag); 80 int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, 81 bool isGranted, uint32_t flag, bool needKill); 82 int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); 83 int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); 84 int32_t GrantPermissionForSpecifiedTime( 85 AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); 86 int32_t SetPermissionStatusWithPolicy( 87 AccessTokenID tokenID, const std::vector<std::string>& permissionList, int32_t status, uint32_t flag); 88 void GetSelfPermissionState(const std::vector<PermissionStatus>& permsList, 89 PermissionListState& permState, int32_t apiVersion); 90 int32_t AddPermStateChangeCallback( 91 const PermStateChangeScope& scope, const sptr<IRemoteObject>& callback); 92 int32_t RemovePermStateChangeCallback(const sptr<IRemoteObject>& callback); 93 bool GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& apiVersion); 94 bool LocationPermissionSpecialHandle(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList, 95 std::vector<PermissionStatus>& permsList, int32_t apiVersion); 96 void NotifyPermGrantStoreResult(bool result, uint64_t timestamp); 97 void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); 98 void ParamFlagUpdate(); 99 void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, 100 bool isGranted, uint32_t flag, const std::shared_ptr<HapTokenInfoInner>& infoPtr); 101 void AddNativePermToKernel( 102 AccessTokenID tokenID, const std::vector<uint32_t>& opCodeList, const std::vector<bool>& statusList); 103 void AddHapPermToKernel(AccessTokenID tokenID, const std::vector<std::string>& permList); 104 void RemovePermFromKernel(AccessTokenID tokenID); 105 void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); 106 bool InitPermissionList(const HapInitInfo& initInfo, std::vector<PermissionStatus>& initializedList, 107 HapInfoCheckResult& result, std::vector<GenericValues>& undefValues); 108 bool InitDlpPermissionList(const std::string& bundleName, int32_t userId, 109 std::vector<PermissionStatus>& initializedList, std::vector<GenericValues>& undefValues); 110 void NotifyUpdatedPermList(const std::vector<std::string>& grantedPermListBefore, 111 const std::vector<std::string>& grantedPermListAfter, AccessTokenID tokenID); 112 bool IsPermAvailableRangeSatisfied(const PermissionBriefDef& briefDef, const std::string& appDistributionType, 113 bool isSystemApp, PermissionRulesEnum& rule, const HapInitInfo& initInfo); 114 115 protected: 116 static void RegisterImpl(PermissionManager* implInstance); 117 private: 118 void ScopeToString( 119 const std::vector<AccessTokenID>& tokenIDs, const std::vector<std::string>& permList); 120 int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); 121 int32_t UpdateTokenPermissionState(const std::shared_ptr<HapTokenInfoInner>& infoPtr, AccessTokenID tokenID, 122 const std::string& permission, bool isGranted, uint32_t flag, bool needKill); 123 int32_t UpdateMultiTokenPermissionState(const std::shared_ptr<HapTokenInfoInner> &infoPtr, AccessTokenID tokenID, 124 const std::vector<std::string> &permissionList, bool isGranted, uint32_t flag, bool needKill); 125 int32_t UpdateMultiTokenPermissionStateCheck(const std::shared_ptr<HapTokenInfoInner> &infoPtr, 126 AccessTokenID tokenID, const std::vector<std::string> &permissionList); 127 int32_t UpdateTokenPermissionState( 128 AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); 129 int32_t UpdateTokenPermissionStateCheck(const std::shared_ptr<HapTokenInfoInner>& infoPtr, 130 AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag); 131 bool IsPermissionVaild(const std::string& permissionName); 132 bool GetLocationPermissionIndex(std::vector<PermissionListStateParcel>& reqPermList, LocationIndex& locationIndex); 133 bool GetLocationPermissionState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList, 134 std::vector<PermissionStatus>& permsList, int32_t apiVersion, const LocationIndex& locationIndex); 135 void FillUndefinedPermVector(const std::string& permissionName, const std::string& appDistributionType, 136 const HapPolicy& policy, std::vector<GenericValues>& undefValues); 137 bool AclAndEdmCheck(const PermissionBriefDef& briefDef, const HapInitInfo& initInfo, 138 const std::string& permissionName, const std::string& appDistributionType, HapInfoCheckResult& result); 139 void GetMasterAppUndValues(AccessTokenID tokenId, std::vector<GenericValues>& undefValues); 140 std::shared_ptr<LibraryLoader> GetAbilityManager(); 141 bool HandlePermissionDeniedCase(uint32_t goalGrantFlag, PermissionListState& permState); 142 143 PermissionGrantEvent grantEvent_; 144 static std::recursive_mutex mutex_; 145 static PermissionManager* implInstance_; 146 147 OHOS::Utils::RWLock permParamSetLock_; 148 uint64_t paramValue_ = 0; 149 150 OHOS::Utils::RWLock permFlagParamSetLock_; 151 uint64_t paramFlagValue_ = 0; 152 153 OHOS::Utils::RWLock permToggleStateLock_; 154 DISALLOW_COPY_AND_MOVE(PermissionManager); 155 156 std::mutex abilityManagerMutex_; 157 std::shared_ptr<LibraryLoader> abilityManagerLoader_; 158 }; 159 } // namespace AccessToken 160 } // namespace Security 161 } // namespace OHOS 162 #endif // PERMISSION_MANAGER_H 163