1 /* 2 * Copyright (c) 2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"){return 0;} 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef OHOS_MEDIALIBRARY_PERMISSION_CHECK_H 16 #define OHOS_MEDIALIBRARY_PERMISSION_CHECK_H 17 18 #include <stdint.h> 19 #include <string> 20 #include <unordered_map> 21 #include <memory> 22 #include "medialibrary_business_code.h" 23 #include "media_log.h" 24 #include "medialibrary_errno.h" 25 #include "permission_utils.h" 26 #include "datashare_helper.h" 27 #include "rdb_utils.h" 28 #include "medialibrary_rdbstore.h" 29 #include "parcel.h" 30 #include "media_permission_header_req.h" 31 #include "media_file_utils.h" 32 #include "ipc_skeleton.h" 33 #include "media_permission_policy_type.h" 34 35 namespace OHOS::Media { 36 class PermissionCheck { 37 protected: 38 bool needPermissionCheck_ = true; 39 bool GetNeedPermissionCheck() const; 40 void SetNeedPermissionCheck(bool needPermissionCheck); 41 42 static std::unordered_map<PermissionType, std::shared_ptr<PermissionCheck>> permissionRegistry; 43 // API blacklist for deprecated read or write permission 44 static std::unordered_set<uint32_t> deprecatedReadPermissionSet; 45 static std::unordered_set<uint32_t> deprecatedWritePermissionSet; 46 // API whitelist for check grant operation permission 47 static std::unordered_set<uint32_t> grantOperationPermissionSet; 48 // API whitelist for check media tool operation permission 49 static std::unordered_set<uint32_t> mediaToolOperationPermissionSet; 50 51 static std::shared_ptr<PermissionCheck> BuildPermissionCheckChain(uint32_t businessCode, 52 const PermissionHeaderReq &data); 53 static int32_t VerifyOpenFilePermissions(uint32_t businessCode, const PermissionHeaderReq &data); 54 public: 55 virtual ~PermissionCheck() = default; 56 virtual int32_t CheckPermission(uint32_t businessCode, const PermissionHeaderReq &data) = 0; 57 EXPORT static int32_t VerifyPermissions(uint32_t businessCode, const PermissionHeaderReq &data); 58 }; 59 60 inline EXPORT bool (*isCalledBySelfPtr)() = MediaFileUtils::IsCalledBySelf; 61 inline EXPORT pid_t (*getCallingUidPtr)() = IPCSkeleton::GetCallingUid; 62 } // namespace OHOS::Media 63 #endif // OHOS_MEDIALIBRARY_PERMISSION_CHECK_H