1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_TEST_ACCESS_TOKEN_H 17 #define FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_TEST_ACCESS_TOKEN_H 18 19 #include <vector> 20 #include <string> 21 #include <map> 22 23 namespace OHOS { 24 namespace Security { 25 namespace AccessToken { 26 typedef unsigned int AccessTokenID; 27 typedef unsigned int AccessTokenAttr; 28 static const int DEFAULT_TOKEN_VERSION = 1; 29 static const int FIRSTCALLER_TOKENID_DEFAULT = 0; 30 static AccessTokenID INVALID_TOKENID = 0; 31 32 enum AccessTokenKitRet { 33 RET_FAILED = -1, 34 RET_SUCCESS = 0, 35 }; 36 37 typedef struct { 38 unsigned int tokenUniqueID : 24; 39 unsigned int res : 3; 40 unsigned int type : 2; 41 unsigned int version : 3; 42 } AccessTokenIDInner; 43 44 typedef enum TypeATokenTypeEnum { 45 TOKEN_INVALID = -1, 46 TOKEN_HAP = 0, 47 TOKEN_NATIVE, 48 TOKEN_SHELL, 49 } ATokenTypeEnum; 50 51 typedef enum TypeATokenAplEnum { 52 APL_NORMAL = 1, 53 APL_SYSTEM_BASIC = 2, 54 APL_SYSTEM_CORE = 3, 55 } ATokenAplEnum; 56 57 typedef union { 58 unsigned long long tokenIDEx; 59 struct { 60 AccessTokenID tokenID; 61 AccessTokenAttr tokenAttr; 62 } tokenIdExStruct; 63 } AccessTokenIDEx; 64 65 typedef enum TypePermissionState { 66 PERMISSION_DENIED = -1, 67 PERMISSION_GRANTED = 0, 68 } PermissionState; 69 70 typedef enum TypeGrantMode { 71 USER_GRANT = 0, 72 SYSTEM_GRANT = 1, 73 } GrantMode; 74 75 typedef enum TypeATokenAvailableTypeEnum { 76 INVALID = 0, 77 NORMAL = 1, 78 MDM = 2, 79 } ATokenAvailableTypeEnum; 80 81 typedef enum TypePermissionFlag { 82 PERMISSION_DEFAULT_FLAG = 0, 83 PERMISSION_USER_SET = 1 << 0, 84 PERMISSION_USER_FIXED = 1 << 1, 85 PERMISSION_SYSTEM_FIXED = 1 << 2, 86 PERMISSION_GRANTED_BY_POLICY = 1 << 3, 87 } PermissionFlag; 88 89 class NativeTokenInfo final { 90 public: 91 ATokenTypeEnum apl; 92 std::string processName; 93 std::vector<std::string> dcap; 94 AccessTokenID tokenID; 95 AccessTokenAttr tokenAttr; 96 std::vector<std::string> nativeAcls; 97 }; 98 99 class PermissionDef final { 100 public: 101 std::string permissionName; 102 std::string bundleName; 103 int grantMode; 104 TypeATokenAplEnum availableLevel; 105 bool provisionEnable; 106 bool distributedSceneEnable; 107 bool isKernelEffect = false; 108 bool hasValue = false; 109 std::string label; 110 int labelId; 111 std::string description; 112 int descriptionId; 113 ATokenAvailableTypeEnum availableType = ATokenAvailableTypeEnum::NORMAL; 114 }; 115 116 class PermissionStateFull final { 117 public: 118 std::string permissionName; 119 bool isGeneral; 120 std::vector<std::string> resDeviceID; 121 std::vector<int> grantStatus; 122 std::vector<int> grantFlags; 123 }; 124 125 class HapInfoParams final { 126 public: 127 int userID; 128 std::string bundleName; 129 /** instance index */ 130 int instIndex; 131 /** 132 * dlp type, for details about the valid values, 133 * see the definition of HapDlpType in the access_token.h file. 134 */ 135 int dlpType; 136 std::string appIDDesc; 137 /** which version of the SDK is used to develop the hap */ 138 int32_t apiVersion; 139 /** indicates whether the hap is a system app */ 140 bool isSystemApp; 141 /* app type */ 142 std::string appDistributionType; 143 bool isRestore = false; 144 AccessTokenID tokenID = INVALID_TOKENID; 145 bool isAtomicService; 146 }; 147 148 /** 149 * @brief Declares hap info params class 150 */ 151 class UpdateHapInfoParams final { 152 public: 153 std::string appIDDesc; 154 /** which version of the SDK is used to develop the hap */ 155 int32_t apiVersion; 156 /** indicates whether the hap is a system app */ 157 bool isSystemApp; 158 /* app type */ 159 std::string appDistributionType; 160 bool isAtomicService; 161 bool dataRefresh = false; 162 }; 163 164 class PreAuthorizationInfo final { 165 public: 166 std::string permissionName; 167 /** Whether the pre-authorization is non-cancelable */ 168 bool userCancelable = false; 169 }; 170 171 /** 172 * @brief Whether acl check 173 */ 174 typedef enum HapPolicyCheckIgnoreType { 175 /** normal */ 176 None = 0, 177 /** ignore acl check */ 178 ACL_IGNORE_CHECK, 179 } HapPolicyCheckIgnore; 180 181 class HapPolicyParams final { 182 public: 183 /** 184 * apl level, for details about the valid values, 185 * see the definition of ATokenAplEnum in the access_token.h file. 186 */ 187 ATokenAplEnum apl; 188 std::string domain; 189 std::vector<PermissionDef> permList; 190 std::vector<PermissionStateFull> permStateList; 191 std::vector<std::string> aclRequestedList; 192 std::vector<PreAuthorizationInfo> preAuthorizationInfo; 193 HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::None; 194 std::map<std::string, std::string> aclExtendedMap; 195 }; 196 197 /** 198 * @brief PermssionRule 199 */ 200 typedef enum TypePermissionRulesEnum { 201 PERMISSION_EDM_RULE = 0, 202 PERMISSION_ACL_RULE 203 } PermissionRulesEnum; 204 205 /** 206 * @brief Declares hap token info class 207 */ 208 class HapTokenInfo final { 209 public: 210 char ver; 211 int userID = 0; 212 std::string bundleName; 213 /** which version of the SDK is used to develop this hap */ 214 int32_t apiVersion; 215 /** instance index */ 216 int instIndex = 0; 217 /** 218 * dlp type, for details about the valid values, 219 * see the definition of HapDlpType in the access_token.h file. 220 */ 221 int dlpType; 222 AccessTokenID tokenID; 223 /** token attribute */ 224 AccessTokenAttr tokenAttr; 225 }; 226 } // namespace AccessToken 227 } // namespace Security 228 } // namespace OHOS 229 #endif // FOUNDATION_APPEXECFWK_SERVICES_BUNDLEMGR_TEST_ACCESS_TOKEN_H