1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef SECURITY_COMPONENT_PERMISSION_MANAGER_H 16 #define SECURITY_COMPONENT_PERMISSION_MANAGER_H 17 18 #include <deque> 19 #include <map> 20 #include <set> 21 #include "accesstoken_kit.h" 22 #include "rwlock.h" 23 #include "sec_comp_base.h" 24 #include "sec_event_handler.h" 25 26 namespace OHOS { 27 namespace Security { 28 namespace SecurityComponent { 29 class SecCompPermManager { 30 public: 31 SecCompPermManager() = default; 32 virtual ~SecCompPermManager() = default; 33 static SecCompPermManager& GetInstance(); 34 35 int32_t GrantTempSavePermission(AccessToken::AccessTokenID tokenId); 36 void RevokeTempSavePermission(AccessToken::AccessTokenID tokenId); 37 bool VerifySavePermission(AccessToken::AccessTokenID tokenId); 38 39 int32_t GrantAppPermission(AccessToken::AccessTokenID tokenId, const std::string& permissionName); 40 int32_t RevokeAppPermission(AccessToken::AccessTokenID tokenId, const std::string& permissionName); 41 void RevokeAppPermissions(AccessToken::AccessTokenID tokenId); 42 43 bool InitEventHandler(const std::shared_ptr<SecEventHandler>& secHandler); 44 std::shared_ptr<SecEventHandler> GetSecEventHandler() const; 45 46 void RevokeAppPermisionsDelayed(AccessToken::AccessTokenID tokenId); 47 void CancelAppRevokingPermisions(AccessToken::AccessTokenID tokenId); 48 49 private: 50 bool DelaySaveRevokePermission(AccessToken::AccessTokenID tokenId, const std::string& taskName); 51 bool RevokeSavePermissionTask(const std::string& taskName); 52 void RevokeTempSavePermissionCount(AccessToken::AccessTokenID tokenId); 53 void RevokeAppPermisionsImmediately(AccessToken::AccessTokenID tokenId); 54 55 void AddAppGrantPermissionRecord(AccessToken::AccessTokenID tokenId, 56 const std::string& permissionName); 57 void RemoveAppGrantPermissionRecord(AccessToken::AccessTokenID tokenId, 58 const std::string& permissionName); 59 60 std::unordered_map<AccessToken::AccessTokenID, int32_t> applySaveCountMap_; 61 std::unordered_map<AccessToken::AccessTokenID, std::deque<std::string>> saveTaskDequeMap_; 62 std::mutex mutex_; 63 std::shared_ptr<SecEventHandler> secHandler_; 64 65 std::mutex grantMtx_; 66 std::unordered_map<int32_t, std::set<std::string>> grantMap_; 67 }; 68 } // namespace SecurityComponent 69 } // namespace Security 70 } // namespace OHOS 71 #endif // SECURITY_COMPONENT_PERMISSION_MANAGER_H 72