• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H
17 #define FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H
18 
19 #include <string>
20 #include <vector>
21 #include "parcel.h"
22 #include "dlp_permission_types.h"
23 
24 namespace OHOS {
25 namespace Security {
26 namespace DlpPermission {
27 static const uint32_t DLP_MAX_CERT_SIZE = 1024 * 1024; // 1M
28 static const uint32_t DLP_MAX_EXTRA_INFO_LEN = 100 * 1024; // 100K
29 
30 #define DLP_CERT_UPDATED 0xff56
31 
32 enum DlpAccountType : uint32_t {
33     INVALID_ACCOUNT = 0,
34     CLOUD_ACCOUNT = 1,
35     DOMAIN_ACCOUNT = 2,
36     APPLICATION_ACCOUNT = 3,
37 };
38 
39 enum GatheringPolicyType : uint32_t {
40     GATHERING = 1,
41     NON_GATHERING = 2
42 };
43 
44 enum class DlpAuthType : uint32_t {
45     ONLINE_AUTH_ONLY = 0,
46     ONLINE_AUTH_FOR_OFFLINE_CERT = 1,
47     OFFLINE_AUTH_ONLY = 2,
48 };
49 
50 enum ActionFlags : uint32_t {
51     ACTION_INVALID = 0,
52     ACTION_VIEW = 1,
53     ACTION_SAVE = 1 << 1,
54     ACTION_SAVE_AS = 1 << 2,
55     ACTION_EDIT = 1 << 3,
56     ACTION_SCREEN_CAPTURE = 1 << 4,
57     ACTION_SCREEN_SHARE = 1 << 5,
58     ACTION_SCREEN_RECORD = 1 << 6,
59     ACTION_COPY = 1 << 7,
60     ACTION_PRINT = 1 << 8,
61     ACTION_EXPORT = 1 << 9,
62     ACTION_PERMISSION_CHANGE = 1 << 10
63 };
64 
65 typedef struct DLPPermissionInfo {
66     DLPFileAccess dlpFileAccess = DLPFileAccess::NO_PERMISSION;
67     ActionFlags flags = ACTION_INVALID;
68 } DLPPermissionInfo;
69 
70 typedef struct AuthUserInfo {
71     std::string authAccount;
72     DLPFileAccess authPerm = DLPFileAccess::NO_PERMISSION;
73     uint64_t permExpiryTime = 0;
74     DlpAccountType authAccountType = INVALID_ACCOUNT;
75 } AuthUserInfo;
76 
77 typedef struct SandboxInfo : public Parcelable {
78     int32_t appIndex = -1;
79     uint32_t tokenId = 0;
80     bool Marshalling(Parcel &parcel) const;
81     static SandboxInfo* Unmarshalling(Parcel &data);
82 } SandboxInfo;
83 
84 enum ActionType : uint32_t {
85     NOTOPEN = 0,
86     OPEN = 1
87 };
88 
89 struct CustomProperty {
90     std::string enterprise = "";
91 };
92 
93 struct DlpProperty {
94     std::string ownerAccount;
95     std::string ownerAccountId;
96     std::vector<AuthUserInfo> authUsers;
97     std::string contactAccount;
98     DlpAccountType ownerAccountType = INVALID_ACCOUNT;
99     bool offlineAccess = false;
100     bool supportEveryone = false;
101     DLPFileAccess everyonePerm = DLPFileAccess::NO_PERMISSION;
102     uint64_t expireTime = 0;
103     ActionType actionUponExpiry = ActionType::NOTOPEN;
104     CustomProperty customProperty;
105 };
106 
107 class PermissionPolicy final {
108 public:
109     PermissionPolicy();
110     PermissionPolicy(const DlpProperty& property);
111     ~PermissionPolicy();
112     void CopyPermissionPolicy(const PermissionPolicy& srcPolicy);
113     void FreePermissionPolicyMem();
114     void CopyPolicyHmac(const PermissionPolicy& srcPolicy);
115 
116     bool IsValid() const;
117     void SetDebug(bool debug);
118     void SetAeskey(const uint8_t* key, uint32_t keyLen);
119     uint8_t* GetAeskey() const;
120     uint32_t GetAeskeyLen() const;
121     void SetIv(const uint8_t* iv, uint32_t ivLen);
122     uint8_t* GetIv() const;
123     uint32_t GetIvLen() const;
124     void SetHmacKey(const uint8_t* key, uint32_t keyLen);
125     uint8_t* GetHmacKey() const;
126     uint32_t GetHmacKeyLen() const;
127     int32_t CheckActionUponExpiry();
128 
129     std::string ownerAccount_;
130     std::string ownerAccountId_;
131     DlpAccountType ownerAccountType_;
132     std::string accountName_ = "";
133     std::string acountId_ = "";
134     DlpAccountType acountType_ = INVALID_ACCOUNT;
135     DLPFileAccess perm_ = DLPFileAccess::NO_PERMISSION;
136     std::vector<AuthUserInfo> authUsers_;
137     bool supportEveryone_ = false;
138     DLPFileAccess everyonePerm_ = DLPFileAccess::NO_PERMISSION;
139     uint64_t expireTime_ = 0;
140     uint32_t needOnline_ = 0;
141     uint32_t dlpVersion_ = 0;
142     bool debug_ = false;
143     uint32_t actionUponExpiry_ = 0;
144     std::string customProperty_ = "";
145 
146 private:
147     uint8_t* aeskey_;
148     uint32_t aeskeyLen_;
149     uint8_t* iv_;
150     uint32_t ivLen_;
151     uint8_t* hmacKey_;
152     uint32_t hmacKeyLen_;
153 };
154 
155 void FreeCharBuffer(char* buff, uint32_t buffLen);
156 bool CheckAccountType(DlpAccountType accountType);
157 bool CheckAesParamLen(uint32_t len);
158 }  // namespace DlpPermission
159 }  // namespace Security
160 }  // namespace OHOS
161 #endif  // FRAMEWORKS_COMMON_INCLUDE_DLP_POLICY__H
162