1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_permission_kit.h"
17 #include <string>
18 #include <thread>
19 #include <vector>
20 #include "datetime_ex.h"
21 #include "dlp_permission_client.h"
22 #include "dlp_permission_log.h"
23 #include "permission_policy.h"
24
25 namespace OHOS {
26 namespace Security {
27 namespace DlpPermission {
28 namespace {
29 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionKit"};
30 const int64_t TIME_WAIT_TIME_OUT = 10;
31 } // namespace
32
OnGenerateDlpCertificate(int32_t result,const std::vector<uint8_t> & cert)33 void ClientGenerateDlpCertificateCallback::OnGenerateDlpCertificate(int32_t result, const std::vector<uint8_t>& cert)
34 {
35 DLP_LOG_INFO(LABEL, "Callback");
36 this->result_ = result;
37 if (result == DLP_OK) {
38 this->cert_ = cert;
39 }
40 std::unique_lock<std::mutex> lck(generateMtx_);
41 this->isCallBack_ = true;
42 generateCv_.notify_all();
43 }
44
OnParseDlpCertificate(int32_t result,const PermissionPolicy & policy,const std::vector<uint8_t> & cert)45 void ClientParseDlpCertificateCallback::OnParseDlpCertificate(int32_t result, const PermissionPolicy& policy,
46 const std::vector<uint8_t>& cert)
47 {
48 DLP_LOG_INFO(LABEL, "Callback");
49 this->result_ = result;
50 if (result == DLP_OK) {
51 this->policy_.CopyPermissionPolicy(policy);
52 this->offlineCert_ = cert;
53 }
54 std::unique_lock<std::mutex> lck(parseMtx_);
55 this->isCallBack_ = true;
56 parseCv_.notify_all();
57 }
58
GenerateDlpCertificate(const PermissionPolicy & policy,std::vector<uint8_t> & cert)59 int32_t DlpPermissionKit::GenerateDlpCertificate(const PermissionPolicy& policy, std::vector<uint8_t>& cert)
60 {
61 std::shared_ptr<ClientGenerateDlpCertificateCallback> callback =
62 std::make_shared<ClientGenerateDlpCertificateCallback>();
63
64 int32_t res = DlpPermissionClient::GetInstance().GenerateDlpCertificate(policy, callback);
65 if (res != DLP_OK) {
66 DLP_LOG_ERROR(LABEL, "begin generate cert fail, error: %{public}d", res);
67 return res;
68 }
69
70 // wait callback
71 {
72 std::unique_lock<std::mutex> lck(callback->generateMtx_);
73 if (!callback->isCallBack_) {
74 callback->generateCv_.wait_for(lck, std::chrono::seconds(TIME_WAIT_TIME_OUT));
75 }
76 }
77 if (!callback->isCallBack_) {
78 DLP_LOG_ERROR(LABEL, "service did not call back! timeout!");
79 return DLP_SERVICE_ERROR_CREDENTIAL_TASK_TIMEOUT;
80 }
81 DLP_LOG_INFO(LABEL, "get callback succeed!");
82 if (callback->result_ == DLP_OK) {
83 cert = callback->cert_;
84 }
85 return callback->result_;
86 }
87
ParseDlpCertificate(const std::vector<uint8_t> & onlineCert,std::vector<uint8_t> & offlineCert,uint32_t & offlineFlag,PermissionPolicy & policy)88 int32_t DlpPermissionKit::ParseDlpCertificate(const std::vector<uint8_t>& onlineCert, std::vector<uint8_t>& offlineCert,
89 uint32_t& offlineFlag, PermissionPolicy& policy)
90 {
91 std::shared_ptr<ClientParseDlpCertificateCallback> callback = std::make_shared<ClientParseDlpCertificateCallback>();
92
93 std::vector<uint8_t> cert;
94 DlpAuthType authFlag = offlineFlag ? DlpAuthType::ONLINE_AUTH_FOR_OFFLINE_CERT:DlpAuthType::ONLINE_AUTH_ONLY;
95
96 if (offlineCert.size() > 0) {
97 authFlag = DlpAuthType::OFFLINE_AUTH_ONLY;
98 cert = offlineCert;
99 DLP_LOG_DEBUG(LABEL, "try offline auth");
100 } else {
101 cert = onlineCert;
102 DLP_LOG_DEBUG(LABEL, "try online auth");
103 }
104
105 AUTH_RETRY:
106 int32_t res = DlpPermissionClient::GetInstance().ParseDlpCertificate(cert,
107 static_cast<uint32_t>(authFlag), callback);
108 if (res != DLP_OK) {
109 if (authFlag == DlpAuthType::OFFLINE_AUTH_ONLY) {
110 cert = onlineCert;
111 authFlag = DlpAuthType::ONLINE_AUTH_FOR_OFFLINE_CERT;
112 DLP_LOG_INFO(LABEL, "return %{public}d, try online auth", res);
113 goto AUTH_RETRY;
114 }
115 return res;
116 }
117
118 // wait callback
119 {
120 std::unique_lock<std::mutex> lck(callback->parseMtx_);
121 if (!callback->isCallBack_) {
122 callback->parseCv_.wait_for(lck, std::chrono::seconds(TIME_WAIT_TIME_OUT));
123 }
124 }
125
126 if (!callback->isCallBack_) {
127 return DLP_SERVICE_ERROR_CREDENTIAL_TASK_TIMEOUT;
128 }
129
130 if (callback->result_ == DLP_OK) {
131 policy.CopyPermissionPolicy(callback->policy_);
132 if (authFlag == DlpAuthType::ONLINE_AUTH_FOR_OFFLINE_CERT) {
133 offlineCert = callback->offlineCert_;
134 offlineFlag = DLP_CERT_UPDATED;
135 }
136 } else {
137 if (authFlag == DlpAuthType::OFFLINE_AUTH_ONLY) {
138 cert = onlineCert;
139 authFlag = DlpAuthType::ONLINE_AUTH_FOR_OFFLINE_CERT;
140 callback->isCallBack_ = false;
141 DLP_LOG_INFO(LABEL, "callback return %{public}d, try online auth", callback->result_);
142 goto AUTH_RETRY;
143 }
144 }
145
146 return callback->result_;
147 }
148
InstallDlpSandbox(const std::string & bundleName,DLPFileAccess dlpFileAccess,int32_t userId,SandboxInfo & sandboxInfo,const std::string & uri)149 int32_t DlpPermissionKit::InstallDlpSandbox(const std::string& bundleName, DLPFileAccess dlpFileAccess, int32_t userId,
150 SandboxInfo& sandboxInfo, const std::string& uri)
151 {
152 return DlpPermissionClient::GetInstance().InstallDlpSandbox(bundleName, dlpFileAccess, userId, sandboxInfo, uri);
153 }
154
UninstallDlpSandbox(const std::string & bundleName,int32_t appIndex,int32_t userId)155 int32_t DlpPermissionKit::UninstallDlpSandbox(const std::string& bundleName, int32_t appIndex, int32_t userId)
156 {
157 return DlpPermissionClient::GetInstance().UninstallDlpSandbox(bundleName, appIndex, userId);
158 }
159
GetSandboxExternalAuthorization(int sandboxUid,const AAFwk::Want & want,SandBoxExternalAuthorType & authType)160 int32_t DlpPermissionKit::GetSandboxExternalAuthorization(int sandboxUid,
161 const AAFwk::Want& want, SandBoxExternalAuthorType& authType)
162 {
163 return DlpPermissionClient::GetInstance().GetSandboxExternalAuthorization(sandboxUid, want, authType);
164 }
165
QueryDlpFileCopyableByTokenId(bool & copyable,uint32_t tokenId)166 int32_t DlpPermissionKit::QueryDlpFileCopyableByTokenId(bool& copyable, uint32_t tokenId)
167 {
168 return DlpPermissionClient::GetInstance().QueryDlpFileCopyableByTokenId(copyable, tokenId);
169 }
170
QueryDlpFileAccess(DLPPermissionInfo & permInfo)171 int32_t DlpPermissionKit::QueryDlpFileAccess(DLPPermissionInfo& permInfo)
172 {
173 return DlpPermissionClient::GetInstance().QueryDlpFileAccess(permInfo);
174 }
175
IsInDlpSandbox(bool & inSandbox)176 int32_t DlpPermissionKit::IsInDlpSandbox(bool& inSandbox)
177 {
178 return DlpPermissionClient::GetInstance().IsInDlpSandbox(inSandbox);
179 }
180
GetDlpSupportFileType(std::vector<std::string> & supportFileType)181 int32_t DlpPermissionKit::GetDlpSupportFileType(std::vector<std::string>& supportFileType)
182 {
183 return DlpPermissionClient::GetInstance().GetDlpSupportFileType(supportFileType);
184 }
185
RegisterDlpSandboxChangeCallback(const std::shared_ptr<DlpSandboxChangeCallbackCustomize> & callback)186 int32_t DlpPermissionKit::RegisterDlpSandboxChangeCallback(
187 const std::shared_ptr<DlpSandboxChangeCallbackCustomize> &callback)
188 {
189 return DlpPermissionClient::GetInstance().RegisterDlpSandboxChangeCallback(callback);
190 }
191
UnregisterDlpSandboxChangeCallback(bool & result)192 int32_t DlpPermissionKit::UnregisterDlpSandboxChangeCallback(bool &result)
193 {
194 return DlpPermissionClient::GetInstance().UnregisterDlpSandboxChangeCallback(result);
195 }
196
RegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize> & callback)197 int32_t DlpPermissionKit::RegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize>& callback)
198 {
199 return DlpPermissionClient::GetInstance().RegisterOpenDlpFileCallback(callback);
200 }
201
UnRegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize> & callback)202 int32_t DlpPermissionKit::UnRegisterOpenDlpFileCallback(const std::shared_ptr<OpenDlpFileCallbackCustomize>& callback)
203 {
204 return DlpPermissionClient::GetInstance().UnRegisterOpenDlpFileCallback(callback);
205 }
206
GetDlpGatheringPolicy(bool & isGathering)207 int32_t DlpPermissionKit::GetDlpGatheringPolicy(bool& isGathering)
208 {
209 return DlpPermissionClient::GetInstance().GetDlpGatheringPolicy(isGathering);
210 }
211
SetRetentionState(const std::vector<std::string> & docUriVec)212 int32_t DlpPermissionKit::SetRetentionState(const std::vector<std::string>& docUriVec)
213 {
214 return DlpPermissionClient::GetInstance().SetRetentionState(docUriVec);
215 }
216
CancelRetentionState(const std::vector<std::string> & docUriVec)217 int32_t DlpPermissionKit::CancelRetentionState(const std::vector<std::string>& docUriVec)
218 {
219 return DlpPermissionClient::GetInstance().CancelRetentionState(docUriVec);
220 }
221
GetRetentionSandboxList(const std::string & bundleName,std::vector<RetentionSandBoxInfo> & retentionSandBoxInfoVec)222 int32_t DlpPermissionKit::GetRetentionSandboxList(const std::string& bundleName,
223 std::vector<RetentionSandBoxInfo>& retentionSandBoxInfoVec)
224 {
225 return DlpPermissionClient::GetInstance().GetRetentionSandboxList(bundleName, retentionSandBoxInfoVec);
226 }
227
ClearUnreservedSandbox()228 int32_t DlpPermissionKit::ClearUnreservedSandbox()
229 {
230 return DlpPermissionClient::GetInstance().ClearUnreservedSandbox();
231 }
232
GetDLPFileVisitRecord(std::vector<VisitedDLPFileInfo> & infoVec)233 int32_t DlpPermissionKit::GetDLPFileVisitRecord(std::vector<VisitedDLPFileInfo>& infoVec)
234 {
235 return DlpPermissionClient::GetInstance().GetDLPFileVisitRecord(infoVec);
236 }
237 } // namespace DlpPermission
238 } // namespace Security
239 } // namespace OHOS
240