• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "dlp_permission_set_parser.h"
16 
17 #include <fcntl.h>
18 #include <memory>
19 #include <sys/stat.h>
20 #include <sys/types.h>
21 #include <unistd.h>
22 
23 #include "access_token_error.h"
24 #include "accesstoken_log.h"
25 #include "data_validator.h"
26 #include "dlp_permission_set_manager.h"
27 #include "securec.h"
28 
29 namespace OHOS {
30 namespace Security {
31 namespace AccessToken {
32 namespace {
33 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DlpPermissionSetParser"};
34 }
35 
36 // nlohmann json need the function named from_json to parse
from_json(const nlohmann::json & j,PermissionDlpMode & p)37 void from_json(const nlohmann::json& j, PermissionDlpMode& p)
38 {
39     if (j.find("name") == j.end() || (!j.at("name").is_string())) {
40         return;
41     }
42     p.permissionName = j.at("name").get<std::string>();
43     if (!DataValidator::IsProcessNameValid(p.permissionName)) {
44         return;
45     }
46 
47     if (j.find("dlpGrantRange") == j.end() || (!j.at("dlpGrantRange").is_string())) {
48         return;
49     }
50     std::string dlpModeStr = j.at("dlpGrantRange").get<std::string>();
51     if (dlpModeStr == "all") {
52         p.dlpMode = DLP_PERM_ALL;
53         return;
54     }
55     if (dlpModeStr == "full_control") {
56         p.dlpMode = DLP_PERM_FULL_CONTROL;
57         return;
58     }
59     p.dlpMode = DLP_PERM_NONE;
60     return;
61 }
62 
ParserDlpPermsRawData(const std::string & dlpPermsRawData,std::vector<PermissionDlpMode> & dlpPerms)63 int32_t DlpPermissionSetParser::ParserDlpPermsRawData(const std::string& dlpPermsRawData,
64     std::vector<PermissionDlpMode>& dlpPerms)
65 {
66     nlohmann::json jsonRes = nlohmann::json::parse(dlpPermsRawData, nullptr, false);
67     if (jsonRes.is_discarded()) {
68         ACCESSTOKEN_LOG_ERROR(LABEL, "jsonRes is invalid.");
69         return ERR_PARAM_INVALID;
70     }
71 
72     if ((jsonRes.find("dlpPermissions") != jsonRes.end()) && (jsonRes.at("dlpPermissions").is_array())) {
73         nlohmann::json dlpPermTokenJson = jsonRes.at("dlpPermissions").get<nlohmann::json>();
74         dlpPerms = dlpPermTokenJson.get<std::vector<PermissionDlpMode>>();
75     }
76 
77     return RET_SUCCESS;
78 }
79 
ReadCfgFile(std::string & dlpPermsRawData)80 int32_t DlpPermissionSetParser::ReadCfgFile(std::string& dlpPermsRawData)
81 {
82     int32_t fd = open(CLONE_PERMISSION_CONFIG_FILE.c_str(), O_RDONLY);
83     if (fd < 0) {
84         ACCESSTOKEN_LOG_ERROR(LABEL, "open failed errno %{public}d.", errno);
85         return ERR_FILE_OPERATE_FAILED;
86     }
87     struct stat statBuffer;
88 
89     if (fstat(fd, &statBuffer) != 0) {
90         ACCESSTOKEN_LOG_ERROR(LABEL, "fstat failed errno %{public}d.", errno);
91         close(fd);
92         return ERR_FILE_OPERATE_FAILED;
93     }
94 
95     if (statBuffer.st_size == 0) {
96         ACCESSTOKEN_LOG_ERROR(LABEL, "config file size is 0.");
97         close(fd);
98         return ERR_PARAM_INVALID;
99     }
100     if (statBuffer.st_size > MAX_CLONE_PERMISSION_CONFIG_FILE_SIZE) {
101         ACCESSTOKEN_LOG_ERROR(LABEL, "config file size is too large.");
102         close(fd);
103         return ERR_OVERSIZE;
104     }
105     dlpPermsRawData.reserve(statBuffer.st_size);
106 
107     char buff[MAX_BUFFER_SIZE] = { 0 };
108     ssize_t readLen = 0;
109     while ((readLen = read(fd, buff, MAX_BUFFER_SIZE)) > 0) {
110         dlpPermsRawData.append(buff, readLen);
111     }
112     close(fd);
113 
114     if (readLen == 0) {
115         return RET_SUCCESS;
116     }
117     return ERR_FILE_OPERATE_FAILED;
118 }
119 
Init()120 int32_t DlpPermissionSetParser::Init()
121 {
122     if (ready_) {
123         ACCESSTOKEN_LOG_ERROR(LABEL, "dlp permission has been set.");
124         return RET_SUCCESS;
125     }
126 
127     std::string dlpPermsRawData;
128     int32_t ret = ReadCfgFile(dlpPermsRawData);
129     if (ret != RET_SUCCESS) {
130         ACCESSTOKEN_LOG_ERROR(LABEL, "readCfgFile failed.");
131         return ret;
132     }
133     std::vector<PermissionDlpMode> dlpPerms;
134     ret = ParserDlpPermsRawData(dlpPermsRawData, dlpPerms);
135     if (ret != RET_SUCCESS) {
136         ACCESSTOKEN_LOG_ERROR(LABEL, "ParserDlpPermsRawData failed.");
137         return ERR_FILE_OPERATE_FAILED;
138     }
139     DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms);
140 
141     ready_ = true;
142     ACCESSTOKEN_LOG_INFO(LABEL, "init ok.");
143     return RET_SUCCESS;
144 }
145 
GetInstance()146 DlpPermissionSetParser& DlpPermissionSetParser::GetInstance()
147 {
148     static DlpPermissionSetParser instance;
149     return instance;
150 }
151 } // namespace AccessToken
152 } // namespace Security
153 } // namespace OHOS
154