• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "dlp_permission_set_manager.h"
16 
17 #include <memory>
18 
19 #include "access_token.h"
20 #include "accesstoken_log.h"
21 #include "access_token_error.h"
22 #include "data_validator.h"
23 #include "securec.h"
24 
25 namespace OHOS {
26 namespace Security {
27 namespace AccessToken {
28 namespace {
29 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DlpPermissionSetManager"};
30 }
31 
GetInstance()32 DlpPermissionSetManager& DlpPermissionSetManager::GetInstance()
33 {
34     static DlpPermissionSetManager instance;
35     return instance;
36 }
37 
DlpPermissionSetManager()38 DlpPermissionSetManager::DlpPermissionSetManager()
39 {}
40 
~DlpPermissionSetManager()41 DlpPermissionSetManager::~DlpPermissionSetManager()
42 {}
43 
ProcessDlpPermInfos(const std::vector<PermissionDlpMode> & dlpPermInfos)44 void DlpPermissionSetManager::ProcessDlpPermInfos(const std::vector<PermissionDlpMode>& dlpPermInfos)
45 {
46     for (auto iter = dlpPermInfos.begin(); iter != dlpPermInfos.end(); iter++) {
47         auto it = dlpPermissionModeMap_.find(iter->permissionName);
48         if (it != dlpPermissionModeMap_.end()) {
49             ACCESSTOKEN_LOG_WARN(LABEL,
50                 "info for permission: %{public}s dlpMode %{public}d has been insert, please check!",
51                 iter->permissionName.c_str(), iter->dlpMode);
52             continue;
53         }
54         dlpPermissionModeMap_[iter->permissionName] = iter->dlpMode;
55     }
56 }
57 
GetPermDlpMode(const std::string & permissionName)58 int32_t DlpPermissionSetManager::GetPermDlpMode(const std::string& permissionName)
59 {
60     auto it = dlpPermissionModeMap_.find(permissionName);
61     if (it == dlpPermissionModeMap_.end()) {
62         ACCESSTOKEN_LOG_DEBUG(LABEL, "can not find permission: %{public}s in dlp permission cfg",
63             permissionName.c_str());
64         return DLP_PERM_ALL;
65     }
66     return dlpPermissionModeMap_[permissionName];
67 }
68 
UpdatePermStateWithDlpInfo(int32_t hapDlpType,std::vector<PermissionStateFull> & permStateList)69 int32_t DlpPermissionSetManager::UpdatePermStateWithDlpInfo(int32_t hapDlpType,
70     std::vector<PermissionStateFull>& permStateList)
71 {
72     ACCESSTOKEN_LOG_DEBUG(LABEL, "dlpType: %{public}d", hapDlpType);
73     for (auto iter = permStateList.begin(); iter != permStateList.end(); ++iter) {
74         if (iter->grantStatus[0] == PERMISSION_DENIED) {
75             continue;
76         }
77         int32_t permissionDlpMode = GetPermDlpMode(iter->permissionName);
78         bool res = IsPermDlpModeAvailableToDlpHap(hapDlpType, permissionDlpMode);
79         if (!res) {
80             iter->grantStatus[0] = PERMISSION_DENIED;
81         }
82     }
83     return RET_SUCCESS;
84 }
85 
IsPermissionAvailableToDlpHap(int32_t hapDlpType,const std::string & permissionName)86 bool DlpPermissionSetManager::IsPermissionAvailableToDlpHap(int32_t hapDlpType,
87     const std::string& permissionName)
88 {
89     int32_t permissionDlpMode = GetPermDlpMode(permissionName);
90     return IsPermDlpModeAvailableToDlpHap(hapDlpType, permissionDlpMode);
91 }
92 
IsPermDlpModeAvailableToDlpHap(int32_t hapDlpType,int32_t permDlpMode)93 bool DlpPermissionSetManager::IsPermDlpModeAvailableToDlpHap(int32_t hapDlpType, int32_t permDlpMode)
94 {
95     ACCESSTOKEN_LOG_DEBUG(LABEL, "dlpType: %{public}d dlpMode %{public}d", hapDlpType, permDlpMode);
96 
97     /* permission is available to all dlp hap */
98     if ((hapDlpType == DLP_COMMON) || (permDlpMode == DLP_PERM_ALL)) {
99         return true;
100     }
101 
102     /* permission is available to full control */
103     if (permDlpMode == DLP_PERM_FULL_CONTROL && hapDlpType == DLP_FULL_CONTROL) {
104         return true;
105     }
106     /* permission is available to none */
107     return false;
108 }
109 } // namespace AccessToken
110 } // namespace Security
111 } // namespace OHOS
112