1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "temp_permission_observer.h"
17
18 #include "access_token.h"
19 #include "access_token_error.h"
20 #include "config_policy_loader.h"
21 #include "accesstoken_info_manager.h"
22 #include "accesstoken_log.h"
23 #include "libraryloader.h"
24 #include "app_manager_access_client.h"
25 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
26 #include "background_task_manager_access_client.h"
27 #endif
28 #include "form_manager_access_client.h"
29 #include "hisysevent.h"
30 #include "hisysevent_adapter.h"
31 #include "ipc_skeleton.h"
32
33 namespace OHOS {
34 namespace Security {
35 namespace AccessToken {
36 namespace {
37 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TempPermissionObserver"};
38 static const std::string TASK_NAME_TEMP_PERMISSION = "atm_permission_manager_temp_permission";
39 static const std::string FORM_INVISIBLE_NAME = "#0";
40 static const std::string FORM_VISIBLE_NAME = "#1";
41 static constexpr int32_t ROOT_UID = 0;
42 static constexpr int32_t FOREGROUND_FLAG = 0;
43 static constexpr int32_t FORMS_FLAG = 1;
44 static constexpr int32_t CONTINUOUS_TASK_FLAG = 2;
45 #ifdef EVENTHANDLER_ENABLE
46 static constexpr int32_t DEFAULT_CANCLE_MILLISECONDS = 10 * 1000; // 10s
47 #endif
48 std::recursive_mutex g_instanceMutex;
49 static const std::vector<std::string> g_tempPermission = {
50 "ohos.permission.READ_PASTEBOARD",
51 "ohos.permission.APPROXIMATELY_LOCATION",
52 "ohos.permission.LOCATION",
53 "ohos.permission.LOCATION_IN_BACKGROUND"
54 };
55 }
56
GetInstance()57 TempPermissionObserver& TempPermissionObserver::GetInstance()
58 {
59 static TempPermissionObserver* instance = nullptr;
60 if (instance == nullptr) {
61 std::lock_guard<std::recursive_mutex> lock(g_instanceMutex);
62 if (instance == nullptr) {
63 instance = new TempPermissionObserver();
64 }
65 }
66 return *instance;
67 }
68
OnAppStateChanged(const AppStateData & appStateData)69 void PermissionAppStateObserver::OnAppStateChanged(const AppStateData &appStateData)
70 {
71 uint32_t tokenID = appStateData.accessTokenId;
72 std::vector<bool> list;
73 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
74 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
75 return;
76 }
77 ACCESSTOKEN_LOG_INFO(LABEL, "OnChange(accessTokenId=%{public}d, state=%{public}d)", tokenID, appStateData.state);
78 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_FOREGROUND)) {
79 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FOREGROUND_FLAG, true);
80 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
81 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
82 } else if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_BACKGROUND)) {
83 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FOREGROUND_FLAG, false);
84 if (list[FORMS_FLAG] || list[CONTINUOUS_TASK_FLAG]) {
85 ACCESSTOKEN_LOG_WARN(LABEL, "Has continuoustask or form don't delayRevokePermission!");
86 return;
87 }
88 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
89 TempPermissionObserver::GetInstance().DelayRevokePermission(tokenID, taskName);
90 }
91 }
92
OnAppStopped(const AppStateData & appStateData)93 void PermissionAppStateObserver::OnAppStopped(const AppStateData &appStateData)
94 {
95 if (appStateData.state == static_cast<int32_t>(ApplicationState::APP_STATE_TERMINATED)) {
96 uint32_t tokenID = appStateData.accessTokenId;
97 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d died.", tokenID);
98 // cancle task when process die
99 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
100 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
101 TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID);
102 }
103 }
104
NotifyWhetherFormsVisible(const FormVisibilityType visibleType,const std::string & bundleName,std::vector<FormInstance> & formInstances)105 int32_t PermissionFormStateObserver::NotifyWhetherFormsVisible(const FormVisibilityType visibleType,
106 const std::string &bundleName, std::vector<FormInstance> &formInstances)
107 {
108 for (size_t i = 0; i < formInstances.size(); i++) {
109 AccessTokenID tokenID;
110 if (!TempPermissionObserver::GetInstance().GetTokenIDByBundle(formInstances[i].bundleName_, tokenID)) {
111 continue;
112 }
113 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s, tokenID: %{public}d, formVisiblity:%{public}d",
114 formInstances[i].bundleName_.c_str(), tokenID, formInstances[i].formVisiblity_);
115 std::vector<bool> list;
116 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
117 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
118 continue;
119 }
120 if (formInstances[i].formVisiblity_ == FormVisibilityType::VISIBLE) {
121 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FORMS_FLAG, true);
122 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
123 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
124 } else if (formInstances[i].formVisiblity_ == FormVisibilityType::INVISIBLE) {
125 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FORMS_FLAG, false);
126 if (list[FOREGROUND_FLAG] || list[CONTINUOUS_TASK_FLAG]) {
127 ACCESSTOKEN_LOG_WARN(LABEL, "Has continuoustask or inForeground don't delayRevokePermission!");
128 continue;
129 }
130 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
131 TempPermissionObserver::GetInstance().DelayRevokePermission(tokenID, taskName);
132 }
133 }
134 return RET_SUCCESS;
135 }
136 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
OnContinuousTaskStart(const std::shared_ptr<ContinuousTaskCallbackInfo> & continuousTaskCallbackInfo)137 void PermissionBackgroundTaskObserver::OnContinuousTaskStart(
138 const std::shared_ptr<ContinuousTaskCallbackInfo> &continuousTaskCallbackInfo)
139 {
140 AccessTokenID tokenID = static_cast<AccessTokenID>(continuousTaskCallbackInfo->GetFullTokenId());
141 std::vector<bool> list;
142 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
143 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
144 return;
145 }
146 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", tokenID);
147 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, CONTINUOUS_TASK_FLAG, true);
148 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
149 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
150 }
151
OnContinuousTaskStop(const std::shared_ptr<ContinuousTaskCallbackInfo> & continuousTaskCallbackInfo)152 void PermissionBackgroundTaskObserver::OnContinuousTaskStop(
153 const std::shared_ptr<ContinuousTaskCallbackInfo> &continuousTaskCallbackInfo)
154 {
155 AccessTokenID tokenID = static_cast<AccessTokenID>(continuousTaskCallbackInfo->GetFullTokenId());
156 std::vector<bool> list;
157 if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) {
158 ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID);
159 return;
160 }
161 ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", tokenID);
162 TempPermissionObserver::GetInstance().ModifyAppState(tokenID, CONTINUOUS_TASK_FLAG, false);
163 if (list[FOREGROUND_FLAG] || list[FORMS_FLAG]) {
164 ACCESSTOKEN_LOG_WARN(LABEL, "Has form or inForeground don't delayRevokePermission!");
165 return;
166 }
167 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID);
168 TempPermissionObserver::GetInstance().DelayRevokePermission(tokenID, taskName);
169 }
170 #endif
NotifyAppManagerDeath()171 void PermissionAppManagerDeathCallback::NotifyAppManagerDeath()
172 {
173 ACCESSTOKEN_LOG_INFO(LABEL, "TempPermissionObserver AppManagerDeath called");
174
175 TempPermissionObserver::GetInstance().OnAppMgrRemoteDiedHandle();
176 }
177
TempPermissionObserver()178 TempPermissionObserver::TempPermissionObserver() : cancleTimes_(DEFAULT_CANCLE_MILLISECONDS)
179 {}
180
~TempPermissionObserver()181 TempPermissionObserver::~TempPermissionObserver()
182 {
183 UnRegisterCallback();
184 }
185
RegisterCallback()186 void TempPermissionObserver::RegisterCallback()
187 {
188 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
189 {
190 std::lock_guard<std::mutex> lock(backgroundTaskCallbackMutex_);
191 if (backgroundTaskCallback_ == nullptr) {
192 backgroundTaskCallback_ = new (std::nothrow) PermissionBackgroundTaskObserver();
193 if (backgroundTaskCallback_ == nullptr) {
194 ACCESSTOKEN_LOG_ERROR(LABEL, "Register backgroundTaskCallback failed.");
195 return;
196 }
197 int ret = BackgourndTaskManagerAccessClient::GetInstance().SubscribeBackgroundTask(backgroundTaskCallback_);
198 ACCESSTOKEN_LOG_INFO(LABEL, "Register backgroundTaskCallback %{public}d.", ret);
199 }
200 }
201 #endif
202 {
203 std::lock_guard<std::mutex> lock(formStateCallbackMutex_);
204 if (formVisibleCallback_ == nullptr) {
205 formVisibleCallback_ = new (std::nothrow) PermissionFormStateObserver();
206 if (formVisibleCallback_ == nullptr) {
207 ACCESSTOKEN_LOG_ERROR(LABEL, "Register formStateCallback failed.");
208 return;
209 }
210 int ret = FormManagerAccessClient::GetInstance().RegisterAddObserver(
211 FORM_VISIBLE_NAME, formVisibleCallback_->AsObject());
212 ACCESSTOKEN_LOG_INFO(LABEL, "Register formStateCallback %{public}d.", ret);
213 }
214 if (formInvisibleCallback_ == nullptr) {
215 formInvisibleCallback_ = new (std::nothrow) PermissionFormStateObserver();
216 if (formInvisibleCallback_ == nullptr) {
217 ACCESSTOKEN_LOG_ERROR(LABEL, "Register formStateCallback failed.");
218 formVisibleCallback_ = nullptr;
219 return;
220 }
221 int ret = FormManagerAccessClient::GetInstance().RegisterAddObserver(
222 FORM_INVISIBLE_NAME, formInvisibleCallback_->AsObject());
223 ACCESSTOKEN_LOG_INFO(LABEL, "Register formStateCallback %{public}d.", ret);
224 }
225 }
226 RegisterAppStatusListener();
227 }
228
RegisterAppStatusListener()229 void TempPermissionObserver::RegisterAppStatusListener()
230 {
231 {
232 std::lock_guard<std::mutex> lock(appStateCallbackMutex_);
233 if (appStateCallback_ == nullptr) {
234 appStateCallback_ = new (std::nothrow) PermissionAppStateObserver();
235 if (appStateCallback_ == nullptr) {
236 ACCESSTOKEN_LOG_ERROR(LABEL, "Register appStateCallback failed.");
237 return;
238 }
239 int ret = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_);
240 ACCESSTOKEN_LOG_INFO(LABEL, "Register appStateCallback %{public}d.", ret);
241 }
242 }
243 // app manager death callback register
244 {
245 std::lock_guard<std::mutex> lock(appManagerDeathMutex_);
246 if (appManagerDeathCallback_ == nullptr) {
247 appManagerDeathCallback_ = std::make_shared<PermissionAppManagerDeathCallback>();
248 if (appManagerDeathCallback_ == nullptr) {
249 ACCESSTOKEN_LOG_ERROR(LABEL, "Register appManagerDeathCallback failed.");
250 return;
251 }
252 AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_);
253 }
254 }
255 }
256
UnRegisterCallback()257 void TempPermissionObserver::UnRegisterCallback()
258 {
259 {
260 std::lock_guard<std::mutex> lock(appStateCallbackMutex_);
261 if (appStateCallback_ != nullptr) {
262 AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStateCallback_);
263 appStateCallback_= nullptr;
264 }
265 }
266 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
267 {
268 std::lock_guard<std::mutex> lock(backgroundTaskCallbackMutex_);
269 if (backgroundTaskCallback_ != nullptr) {
270 BackgourndTaskManagerAccessClient::GetInstance().UnsubscribeBackgroundTask(backgroundTaskCallback_);
271 backgroundTaskCallback_= nullptr;
272 }
273 }
274 #endif
275 {
276 std::lock_guard<std::mutex> lock(formStateCallbackMutex_);
277 if (formVisibleCallback_ != nullptr) {
278 FormManagerAccessClient::GetInstance().RegisterRemoveObserver(FORM_VISIBLE_NAME, formVisibleCallback_);
279 formVisibleCallback_ = nullptr;
280 }
281 if (formInvisibleCallback_ != nullptr) {
282 FormManagerAccessClient::GetInstance().RegisterRemoveObserver(FORM_INVISIBLE_NAME, formInvisibleCallback_);
283 formInvisibleCallback_ = nullptr;
284 }
285 }
286 }
287
GetAppStateListByTokenID(AccessTokenID tokenID,std::vector<bool> & list)288 bool TempPermissionObserver::GetAppStateListByTokenID(AccessTokenID tokenID, std::vector<bool>& list)
289 {
290 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
291 auto iter = tempPermTokenMap_.find(tokenID);
292 if (iter == tempPermTokenMap_.end()) {
293 return false;
294 }
295 list = iter->second;
296 return true;
297 }
298
ModifyAppState(AccessTokenID tokenID,int32_t index,bool flag)299 void TempPermissionObserver::ModifyAppState(AccessTokenID tokenID, int32_t index, bool flag)
300 {
301 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
302 auto iter = tempPermTokenMap_.find(tokenID);
303 if (iter == tempPermTokenMap_.end()) {
304 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not exist in map", tokenID);
305 return;
306 }
307 iter->second[index] = flag;
308 }
309
GetTokenIDByBundle(const std::string & bundleName,AccessTokenID & tokenID)310 bool TempPermissionObserver::GetTokenIDByBundle(const std::string &bundleName, AccessTokenID& tokenID)
311 {
312 std::unique_lock<std::mutex> lck(formTokenMutex_);
313 auto iter = formTokenMap_.find(bundleName);
314 if (iter == formTokenMap_.end()) {
315 ACCESSTOKEN_LOG_DEBUG(LABEL, "BundleName:%{public}s not exist in map", bundleName.c_str());
316 return false;
317 }
318 tokenID = iter->second;
319 return true;
320 }
321
IsAllowGrantTempPermission(AccessTokenID tokenID,const std::string & permissionName)322 bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, const std::string& permissionName)
323 {
324 HapTokenInfo tokenInfo;
325 if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) {
326 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenId(%{public}d)", tokenID);
327 return false;
328 }
329 auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName);
330 if (iterator == g_tempPermission.end()) {
331 ACCESSTOKEN_LOG_WARN(LABEL, "Permission is not available to temp grant: %{public}s!", permissionName.c_str());
332 return false;
333 }
334
335 bool isForeground = false;
336 std::vector<AppStateData> foreGroundAppList;
337 AppManagerAccessClient::GetInstance().GetForegroundApplications(foreGroundAppList);
338 if (std::any_of(foreGroundAppList.begin(), foreGroundAppList.end(),
339 [=](const auto& foreGroundApp) { return foreGroundApp.bundleName == tokenInfo.bundleName; })) {
340 isForeground = true;
341 }
342 bool isContinuousTaskExist = false;
343 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
344 std::vector<std::shared_ptr<ContinuousTaskCallbackInfo>> continuousTaskList;
345 BackgourndTaskManagerAccessClient::GetInstance().GetContinuousTaskApps(continuousTaskList);
346 if (std::any_of(continuousTaskList.begin(), continuousTaskList.end(),
347 [=](const auto& callbackInfo) { return static_cast<AccessTokenID>(callbackInfo->tokenId_) == tokenID; })) {
348 isContinuousTaskExist = true;
349 }
350 #endif
351 bool isFormVisible = FormManagerAccessClient::GetInstance().HasFormVisible(tokenID);
352 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d, isForeground:%{public}d, isFormVisible:%{public}d,"
353 "isContinuousTaskExist:%{public}d",
354 tokenID, isForeground, isFormVisible, isContinuousTaskExist);
355 bool userEnable = true;
356 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
357 int callingUid = IPCSkeleton::GetCallingUid();
358 if (callingUid == ROOT_UID) {
359 userEnable = false;
360 }
361 #endif
362 if (!userEnable || isForeground || isFormVisible || isContinuousTaskExist) {
363 std::vector<bool> list{isForeground, isFormVisible, isContinuousTaskExist};
364 AddTempPermTokenToList(tokenID, tokenInfo.bundleName, permissionName, list);
365 return true;
366 }
367 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR",
368 HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", GRANT_TEMP_PERMISSION_FAILED,
369 "TOKENID", tokenID, "PERM", permissionName, "BUNDLE_NAME", tokenInfo.bundleName);
370 return false;
371 }
372
AddTempPermTokenToList(AccessTokenID tokenID,const std::string & bundleName,const std::string & permissionName,const std::vector<bool> & list)373 void TempPermissionObserver::AddTempPermTokenToList(AccessTokenID tokenID,
374 const std::string& bundleName, const std::string& permissionName, const std::vector<bool>& list)
375 {
376 RegisterCallback();
377 {
378 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
379 tempPermTokenMap_[tokenID] = list;
380 }
381 ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d, bundleName:%{public}s, permissionName:%{public}s",
382 tokenID, bundleName.c_str(), permissionName.c_str());
383 HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "GRANT_TEMP_PERMISSION",
384 HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID,
385 "BUNDLENAME", bundleName, "PERMISSION_NAME", permissionName);
386 {
387 std::unique_lock<std::mutex> lck(formTokenMutex_);
388 formTokenMap_[bundleName] = tokenID;
389 }
390 }
391
GetPermissionStateFull(AccessTokenID tokenID,std::vector<PermissionStateFull> & permissionStateFullList)392 bool TempPermissionObserver::GetPermissionStateFull(AccessTokenID tokenID,
393 std::vector<PermissionStateFull>& permissionStateFullList)
394 {
395 std::shared_ptr<HapTokenInfoInner> infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID);
396 if (infoPtr == nullptr) {
397 ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", tokenID);
398 return false;
399 }
400 if (infoPtr->IsRemote()) {
401 ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap token %{public}u!", tokenID);
402 return false;
403 }
404 std::shared_ptr<PermissionPolicySet> permPolicySet = infoPtr->GetHapInfoPermissionPolicySet();
405 if (permPolicySet == nullptr) {
406 ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!");
407 return false;
408 }
409
410 permPolicySet->GetPermissionStateFulls(permissionStateFullList);
411 return true;
412 }
413
RevokeAllTempPermission(AccessTokenID tokenID)414 void TempPermissionObserver::RevokeAllTempPermission(AccessTokenID tokenID)
415 {
416 std::vector<bool> list;
417 if (!GetAppStateListByTokenID(tokenID, list)) {
418 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not exist in permList", tokenID);
419 return;
420 }
421 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
422 tempPermTokenMap_.erase(tokenID);
423 if (tempPermTokenMap_.empty()) {
424 UnRegisterCallback();
425 }
426
427 std::vector<PermissionStateFull> tmpList;
428 if (!GetPermissionStateFull(tokenID, tmpList)) {
429 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d get permission state full fail!", tokenID);
430 return;
431 }
432 for (const auto& permissionState : tmpList) {
433 if (permissionState.grantFlags[0] & PERMISSION_ALLOW_THIS_TIME) {
434 if (PermissionManager::GetInstance().RevokePermission(
435 tokenID, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME) != RET_SUCCESS) {
436 ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d revoke permission:%{public}s failed!",
437 tokenID, permissionState.permissionName.c_str());
438 return;
439 }
440 }
441 }
442 }
443
OnAppMgrRemoteDiedHandle()444 void TempPermissionObserver::OnAppMgrRemoteDiedHandle()
445 {
446 std::unique_lock<std::mutex> lck(tempPermissionMutex_);
447 for (auto iter = tempPermTokenMap_.begin(); iter != tempPermTokenMap_.end(); ++iter) {
448 std::vector<PermissionStateFull> tmpList;
449 GetPermissionStateFull(iter->first, tmpList);
450 for (const auto& permissionState : tmpList) {
451 if (permissionState.grantFlags[0] & PERMISSION_ALLOW_THIS_TIME) {
452 PermissionManager::GetInstance().RevokePermission(
453 iter->first, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME);
454 }
455 }
456 std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(iter->first);
457 TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName);
458 }
459 tempPermTokenMap_.clear();
460 ACCESSTOKEN_LOG_INFO(LABEL, "TempPermTokenMap_ clear!");
461 appStateCallback_= nullptr;
462 }
463
464 #ifdef EVENTHANDLER_ENABLE
InitEventHandler(const std::shared_ptr<AccessEventHandler> & eventHandler)465 void TempPermissionObserver::InitEventHandler(const std::shared_ptr<AccessEventHandler>& eventHandler)
466 {
467 eventHandler_ = eventHandler;
468 }
469 #endif
470
DelayRevokePermission(AccessToken::AccessTokenID tokenID,const std::string & taskName)471 bool TempPermissionObserver::DelayRevokePermission(AccessToken::AccessTokenID tokenID, const std::string& taskName)
472 {
473 #ifdef EVENTHANDLER_ENABLE
474 if (eventHandler_ == nullptr) {
475 ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler");
476 return false;
477 }
478
479 ACCESSTOKEN_LOG_INFO(LABEL, "Add permission task name:%{public}s", taskName.c_str());
480
481 std::function<void()> delayed = ([tokenID]() {
482 TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID);
483 ACCESSTOKEN_LOG_INFO(LABEL, "Token: %{public}d, delay revoke permission end", tokenID);
484 });
485 eventHandler_->ProxyPostTask(delayed, taskName, cancleTimes_);
486 return true;
487 #else
488 ACCESSTOKEN_LOG_WARN(LABEL, "Eventhandler is not existed");
489 return false;
490 #endif
491 }
492
CancleTaskOfPermissionRevoking(const std::string & taskName)493 bool TempPermissionObserver::CancleTaskOfPermissionRevoking(const std::string& taskName)
494 {
495 #ifdef EVENTHANDLER_ENABLE
496 if (eventHandler_ == nullptr) {
497 ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler");
498 return false;
499 }
500
501 ACCESSTOKEN_LOG_INFO(LABEL, "Revoke permission task name:%{public}s", taskName.c_str());
502 eventHandler_->ProxyRemoveTask(taskName);
503 return true;
504 #else
505 ACCESSTOKEN_LOG_WARN(LABEL, "Eventhandler is not existed");
506 return false;
507 #endif
508 }
509
GetConfigValue()510 void TempPermissionObserver::GetConfigValue()
511 {
512 LibraryLoader loader(CONFIG_POLICY_LIBPATH);
513 ConfigPolicyLoaderInterface* policy = loader.GetObject<ConfigPolicyLoaderInterface>();
514 if (policy == nullptr) {
515 ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libaccesstoken_config_policy failed.");
516 return;
517 }
518 AccessTokenConfigValue value;
519 if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) {
520 cancleTimes_ = value.atConfig.cancleTime == 0 ? DEFAULT_CANCLE_MILLISECONDS : value.atConfig.cancleTime;
521 } else {
522 cancleTimes_ = DEFAULT_CANCLE_MILLISECONDS;
523 }
524
525 ACCESSTOKEN_LOG_INFO(LABEL, "CancleTimes_ is %{public}d.", cancleTimes_);
526 }
527 } // namespace AccessToken
528 } // namespace Security
529 } // namespace OHOS
530