• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccessToken
18  * @{
19  *
20  * @brief Provides permission management interfaces.
21  *
22  * Provides tokenID-based application permission verification mechanism.
23  * When an application accesses sensitive data or APIs, this module can check
24  * whether the application has the corresponding permission. Allows applications
25  * to query their access token information or APL levcels based on token IDs.
26  *
27  * @since 7.0
28  * @version 7.0
29  */
30 
31 /**
32  * @file access_token.h
33  *
34  * @brief Declares typedefs, enums and const values.
35  *
36  * @since 7.0
37  * @version 7.0
38  */
39 
40 #ifndef ACCESS_TOKEN_H
41 #define ACCESS_TOKEN_H
42 
43 #include <string>
44 
45 namespace OHOS {
46 namespace Security {
47 namespace AccessToken {
48 typedef unsigned int AccessTokenID;
49 typedef uint64_t FullTokenID;
50 typedef unsigned int AccessTokenAttr;
51 static const int DEFAULT_TOKEN_VERSION = 1;
52 static const AccessTokenID INVALID_TOKENID = 0;
53 
54 /**
55  * @brief visit type
56  */
57 enum class PermUsedTypeEnum {
58     /** invalid type */
59     INVALID_USED_TYPE = -1,
60     /** normal type for permision request */
61     NORMAL_TYPE,
62     /** picker type for permision request */
63     PICKER_TYPE,
64     /** security component type for permision request */
65     SEC_COMPONENT_TYPE,
66     /** bottom of type for no use */
67     PERM_USED_TYPE_BUTT,
68 };
69 
70 /**
71  * @brief Access token kit return code
72  */
73 enum AccessTokenKitRet {
74     RET_FAILED = -1,
75     RET_SUCCESS = 0,
76 };
77 
78 /**
79  * @brief AccessTokenID 32 bits map
80  */
81 typedef struct {
82     unsigned int tokenUniqueID : 20;
83     /** reserved, default 00000 */
84     unsigned int res : 4;
85     unsigned int cloneFlag : 1;
86     /** renderflag, default 0 */
87     unsigned int renderFlag : 1;
88     unsigned int dlpFlag : 1;
89     /**
90      * token type, for details about the valid values,
91      * see the definition of ATokenTypeEnum in the access_token.h file.
92      */
93     unsigned int type : 2;
94     /** version, default 001 */
95     unsigned int version : 3;
96 } AccessTokenIDInner;
97 
98 /**
99  * @brief Token id type
100  */
101 typedef enum TypeATokenTypeEnum {
102     TOKEN_INVALID = -1,
103     TOKEN_HAP = 0,
104     TOKEN_NATIVE,
105     TOKEN_SHELL,
106     TOKEN_TYPE_BUTT,
107 } ATokenTypeEnum;
108 
109 /**
110  * @brief Apl level
111  */
112 typedef enum TypeATokenAplEnum {
113     APL_INVALID = 0,
114     APL_NORMAL = 1,
115     APL_SYSTEM_BASIC = 2,
116     APL_SYSTEM_CORE = 3,
117 } ATokenAplEnum;
118 
119 /**
120  * @brief AvailableType
121  */
122 typedef enum TypeATokenAvailableTypeEnum {
123     INVALID = -1,
124     NORMAL = 0,
125     SYSTEM,
126     MDM,
127     SYSTEM_AND_MDM,
128     SERVICE,
129     ENTERPRISE_NORMAL,
130     AVAILABLE_TYPE_BUTT,
131 } ATokenAvailableTypeEnum;
132 
133 /**
134  * @brief Token id full definition
135  */
136 typedef union {
137     unsigned long long tokenIDEx;
138     struct {
139         AccessTokenID tokenID;
140         /** tokenID attribute */
141         AccessTokenAttr tokenAttr;
142     } tokenIdExStruct;
143 } AccessTokenIDEx;
144 
145 /**
146  * @brief Permission request toggle status
147  */
148 typedef enum TypePermissionRequestToggleStatus {
149     CLOSED = 0,
150     OPEN = 1,
151 } PermissionRequestToggleStatus;
152 
153 /**
154  * @brief Permission states
155  */
156 typedef enum TypePermissionState {
157     PERMISSION_DENIED = -1,
158     PERMISSION_GRANTED = 0,
159 } PermissionState;
160 
161 /**
162  * @brief Permission grant mode
163  */
164 typedef enum TypeGrantMode {
165     /** user grant the permisson by dynamic pop-up window */
166     USER_GRANT = 0,
167     /**
168      * system grant the permission automated when
169      * the permission is decleared and app is installed
170      */
171     SYSTEM_GRANT = 1,
172 } GrantMode;
173 
174 /**
175  * @brief Permission flag
176  */
177 typedef enum TypePermissionFlag {
178     /**
179      * permission has not been set by user.
180      */
181     PERMISSION_DEFAULT_FLAG = 0,
182     /**
183      * permission has been set by user, If the permission is not granted,
184      * a permission window is allowed to apply for permission.
185      */
186     PERMISSION_USER_SET = 1 << 0,
187     /**
188      * permission has been set by user, If the permission is not granted,
189      * a permission window is not allowed to apply for permission.
190      */
191     PERMISSION_USER_FIXED = 1 << 1,
192     /**
193      * permission has been set by system,
194      * the permission can be a user_grant one which is granted for pre-authorization and is non-cancellable.
195      */
196     PERMISSION_SYSTEM_FIXED = 1 << 2,
197     /**
198      * a user_grant permission has been set by system for pre-authorization,
199      * and it is cancellable. it always works with other flags.
200      */
201     PERMISSION_GRANTED_BY_POLICY = 1 << 3,
202     /**
203      * permission has been set by security component.
204      */
205     PERMISSION_COMPONENT_SET = 1 << 4,
206     /*
207      * permission is fixed by policy and the permission cannot be granted or revoked by user
208      */
209     PERMISSION_POLICY_FIXED = 1 << 5,
210     /*
211      * permission is only allowed during the current lifecycle foreground period
212      */
213     PERMISSION_ALLOW_THIS_TIME = 1 << 6,
214 } PermissionFlag;
215 
216 /**
217  * @brief Permission operate result
218  */
219 typedef enum TypePermissionOper {
220     /** permission has been set, only can change it in settings */
221     SETTING_OPER = -1,
222     /** operate is passed, no need to do anything */
223     PASS_OPER = 0,
224     /** permission need dynamic pop-up windows to grant it */
225     DYNAMIC_OPER = 1,
226     /** invalid operation, something is wrong, see in md files */
227     INVALID_OPER = 2,
228     /** operate is forbidden */
229     FORBIDDEN_OPER = 3,
230     /** buttom of permission oper */
231     BUTT_OPER,
232 } PermissionOper;
233 
234 /**
235  * @brief Dlp types
236  */
237 typedef enum DlpType {
238     DLP_COMMON = 0,
239     DLP_READ = 1,
240     DLP_FULL_CONTROL = 2,
241     BUTT_DLP_TYPE,
242 } HapDlpType;
243 
244 /**
245  * @brief Dlp permission type
246  */
247 typedef enum TypeDlpPerm {
248     DLP_PERM_ALL = 0,
249     DLP_PERM_FULL_CONTROL = 1,
250     DLP_PERM_NONE = 2,
251 } DlpPermMode;
252 
253 /**
254  * @brief Atm tools operate type
255  */
256 typedef enum TypeOptType {
257     /** default */
258     DEFAULT_OPER = 0,
259     /** dump hap or native token info */
260     DUMP_TOKEN,
261     /** dump permission used records */
262     DUMP_RECORD,
263     /** dump permission used types */
264     DUMP_TYPE,
265     /** dump permission definition info */
266     DUMP_PERM,
267     /** grant permission */
268     PERM_GRANT,
269     /** revoke permission */
270     PERM_REVOKE,
271     /** set toggle status */
272     TOGGLE_SET,
273     /** get toggle status */
274     TOGGLE_GET,
275 } OptType;
276 } // namespace AccessToken
277 } // namespace Security
278 } // namespace OHOS
279 #endif // ACCESS_TOKEN_H
280