• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H
17 #define FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H
18 
19 #include "accesstoken_kit.h"
20 #include "bundle_constants.h"
21 #include "default_permission.h"
22 #include "inner_bundle_info.h"
23 #include "permission_define.h"
24 
25 namespace OHOS {
26 namespace AppExecFwk {
27 class BundlePermissionMgr {
28 public:
29     /**
30      * @brief Initialize BundlePermissionMgr, which is only called when the system starts.
31      * @return Returns true if successfully initialized BundlePermissionMgr; returns false otherwise.
32      */
33     static bool Init();
34 
35     static void UnInit();
36 
37     /**
38      * @brief Verify whether a specified bundle has been granted a specific permission.
39      * @param bundleName Indicates the name of the bundle to check.
40      * @param permission Indicates the permission to check.
41      * @param userId Indicates the userId of the bundle.
42      * @return Returns 0 if the bundle has the permission; returns -1 otherwise.
43      */
44     static int32_t VerifyPermission(const std::string &bundleName, const std::string &permissionName,
45         const int32_t userId);
46     /**
47      * @brief Obtains detailed information about a specified permission.
48      * @param permissionName Indicates the name of the permission.
49      * @param permissionDef Indicates the object containing detailed information about the given permission.
50      * @return Returns true if the PermissionDef object is successfully obtained; returns false otherwise.
51      */
52     static ErrCode GetPermissionDef(const std::string &permissionName, PermissionDef &permissionDef);
53     /**
54      * @brief Requests a certain permission from user.
55      * @param bundleName Indicates the name of the bundle.
56      * @param permission Indicates the permission to request.
57      * @param userId Indicates the userId of the bundle.
58      * @return Returns true if the permission request successfully; returns false otherwise.
59      */
60     static bool RequestPermissionFromUser(
61         const std::string &bundleName, const std::string &permissionName, const int32_t userId);
62 
63     static int32_t InitHapToken(const InnerBundleInfo &innerBundleInfo, const int32_t userId,
64         const int32_t dlpType, Security::AccessToken::AccessTokenIDEx &tokenIdeEx,
65         Security::AccessToken::HapInfoCheckResult &checkResult, const std::string &appServiceCapabilities);
66 
67     static int32_t UpdateHapToken(Security::AccessToken::AccessTokenIDEx &tokenIdeEx,
68         const InnerBundleInfo &innerBundleInfo, int32_t userId,
69         Security::AccessToken::HapInfoCheckResult &checkResult, const std::string &appServiceCapabilities,
70         bool dataRefresh = false);
71 
72     static std::string GetCheckResultMsg(const Security::AccessToken::HapInfoCheckResult &checkResult);
73 
74     static int32_t DeleteAccessTokenId(const Security::AccessToken::AccessTokenID tokenId);
75 
76     static bool GetRequestPermissionStates(BundleInfo &bundleInfo, uint32_t tokenId, const std::string deviceId);
77 
78     static int32_t ClearUserGrantedPermissionState(const Security::AccessToken::AccessTokenID tokenId);
79 
80     static bool GetAllReqPermissionStateFull(Security::AccessToken::AccessTokenID tokenId,
81         std::vector<Security::AccessToken::PermissionStateFull> &newPermissionState);
82 
83     static bool VerifySystemApp(int32_t beginApiVersion = Constants::INVALID_API_VERSION);
84 
85     static bool IsSystemApp();
86 
87     static int32_t GetHapApiVersion();
88 
89     static bool IsNativeTokenType();
90 
91     static bool IsShellTokenType();
92 
93     static bool VerifyCallingUid();
94 
95     static bool VerifyPreload(const AAFwk::Want &want);
96 
97     static bool VerifyPermissionByCallingTokenId(const std::string &permissionName,
98         const Security::AccessToken::AccessTokenID callerToken);
99 
100     static bool VerifyCallingPermissionForAll(const std::string &permissionName);
101 
102     static bool VerifyCallingPermissionsForAll(const std::vector<std::string> &permissionNames);
103 
104     static bool IsSelfCalling();
105 
106     static bool VerifyUninstallPermission();
107 
108     static bool VerifyRecoverPermission();
109 
110     static void AddPermissionUsedRecord(const std::string &permission, int32_t successCount, int32_t failCount);
111 
112     static bool IsBundleSelfCalling(const std::string &bundleName);
113     static bool IsBundleSelfCalling(const std::string &bundleName, const int32_t &appIndex);
114 
115     // for old api
116     static bool VerifyCallingBundleSdkVersion(int32_t beginApiVersion = Constants::INVALID_API_VERSION);
117 
118     static bool IsCallingUidValid(int32_t uid);
119 
120     static bool CheckUserFromShell(int32_t userId);
121 
122 private:
123     static std::vector<Security::AccessToken::PermissionDef> GetPermissionDefList(
124         const InnerBundleInfo &innerBundleInfo);
125 
126     static std::vector<Security::AccessToken::PermissionStateFull> GetPermissionStateFullList(
127         const InnerBundleInfo &innerBundleInfo);
128 
129     static Security::AccessToken::ATokenAplEnum GetTokenApl(const std::string &apl);
130 
131     static Security::AccessToken::HapPolicyParams CreateHapPolicyParam(const InnerBundleInfo &innerBundleInfo,
132         const std::string &appServiceCapabilities);
133 
134     static Security::AccessToken::HapInfoParams CreateHapInfoParams(const InnerBundleInfo &innerBundleInfo,
135         const int32_t userId, const int32_t dlpType);
136 
137     static void ConvertPermissionDef(const Security::AccessToken::PermissionDef &permDef,
138         PermissionDef &permissionDef);
139     static void ConvertPermissionDef(
140         Security::AccessToken::PermissionDef &permDef, const DefinePermission &defPermission,
141         const std::string &bundleName);
142 
143     static Security::AccessToken::ATokenAvailableTypeEnum GetAvailableType(const std::string &availableType);
144 
145     static bool GetDefaultPermission(const std::string &bundleName, DefaultPermission &permission);
146 
147     static bool MatchSignature(const DefaultPermission &permission, const std::vector<std::string> &signatures);
148 
149     static bool MatchSignature(const DefaultPermission &permission, const std::string &signature);
150 
151     static bool CheckPermissionInDefaultPermissions(const DefaultPermission &defaultPermission,
152         const std::string &permissionName, bool &userCancellable);
153 
154     static std::map<std::string, DefaultPermission> defaultPermissions_;
155 };
156 }  // namespace AppExecFwk
157 }  // namespace OHOS
158 #endif  // FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_INCLUDE_BUNDLE_PERMISSION_MGR_H