mirror of
https://gitee.com/openharmony/security_permission
synced 2024-10-07 10:13:22 +00:00
modify for codereview
Signed-off-by: xbingle <xiaobin3@huawei.com>
This commit is contained in:
parent
89b3ae7bff
commit
ae6806ed79
2
BUILD.gn
2
BUILD.gn
@ -38,8 +38,8 @@ group("permission_build_module_standard_test") {
|
||||
group("distributed_permission") {
|
||||
if (is_standard_system) {
|
||||
deps = [
|
||||
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
|
||||
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
|
||||
"${distributed_permission_record_database_path}:permission_standard_infrastructure_record_database",
|
||||
"${distributed_permission_services_path}:distributed_permission_services",
|
||||
"${distributed_permission_services_path}/main/sa_profile:distributed_permission_sa_profile_standard",
|
||||
]
|
||||
|
@ -11,6 +11,7 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import("//base/security/permission/permission.gni")
|
||||
import("//build/ohos.gni")
|
||||
|
||||
################################################################
|
||||
@ -20,7 +21,13 @@ config("permission_standard_communication_adapter_cxx_public_config") {
|
||||
visibility = [ ":*" ]
|
||||
include_dirs = [
|
||||
"main/cpp/include",
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"//base/security/permission/services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/common",
|
||||
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr",
|
||||
"//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp/include",
|
||||
]
|
||||
}
|
||||
|
||||
@ -32,14 +39,38 @@ ohos_shared_library("permission_standard_communication_adapter_cxx") {
|
||||
[ ":permission_standard_communication_adapter_cxx_public_config" ]
|
||||
|
||||
include_dirs = [
|
||||
"main/cpp/include",
|
||||
"main/cpp/src",
|
||||
"//utils/native/base/include",
|
||||
]
|
||||
|
||||
sources = [ "main/cpp/src/permission_def_parcel.cpp" ]
|
||||
sources = [
|
||||
"main/cpp/src/ams_adapter.cpp",
|
||||
"main/cpp/src/app_id_info.cpp",
|
||||
"main/cpp/src/bms_adapter.cpp",
|
||||
"main/cpp/src/permission_def_parcel.cpp",
|
||||
"main/cpp/src/pms_adapter.cpp",
|
||||
]
|
||||
|
||||
deps = [ "//utils/native/base:utils" ]
|
||||
deps = [
|
||||
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
|
||||
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/base:base",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
|
||||
|
||||
external_deps = [ "ipc:ipc_core" ]
|
||||
#"//foundation/communication/dsoftbus/core/frame/standard/client:softbus_client",
|
||||
"//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp:devicemanagersdk",
|
||||
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
|
||||
"//utils/native/base:utils",
|
||||
]
|
||||
|
||||
external_deps = [
|
||||
"aafwk_standard:want",
|
||||
"dsoftbus_standard:softbus_client",
|
||||
"hiviewdfx_hilog_native:libhilog",
|
||||
"ipc:ipc_core",
|
||||
]
|
||||
cflags_cc = [ "-DHILOG_ENABLE" ]
|
||||
}
|
||||
|
@ -0,0 +1,46 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef AMS_ADAPTER_H
|
||||
#define AMS_ADAPTER_H
|
||||
|
||||
#include <memory>
|
||||
#include <mutex>
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
|
||||
#include "constant.h"
|
||||
#include "ability_manager_interface.h"
|
||||
#include "if_system_ability_manager.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class AmsAdapter {
|
||||
public:
|
||||
AmsAdapter() = default;
|
||||
virtual ~AmsAdapter() = default;
|
||||
sptr<AAFwk::IAbilityManager> GetAbilityManager();
|
||||
|
||||
private:
|
||||
OHOS::sptr<ISystemAbilityManager> saMgr_;
|
||||
std::mutex saMutex_;
|
||||
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
|
||||
sptr<AAFwk::IAbilityManager> iAbilityManager_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // AMS_ADAPTER_H
|
@ -1,49 +1,48 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef EXTERNAL_DEPS_H
|
||||
#define EXTERNAL_DEPS_H
|
||||
|
||||
#include <memory>
|
||||
#include <mutex>
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
|
||||
#include "bundle_mgr_interface.h"
|
||||
#include "constant.h"
|
||||
#include "i_permission_manager.h"
|
||||
#include "ability_manager_interface.h"
|
||||
#include "if_system_ability_manager.h"
|
||||
#include "ans_manager_interface.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class ExternalDeps {
|
||||
public:
|
||||
ExternalDeps() = default;
|
||||
virtual ~ExternalDeps() = default;
|
||||
sptr<AppExecFwk::IBundleMgr> GetBundleManager(sptr<AppExecFwk::IBundleMgr> iBundleManager_);
|
||||
sptr<Permission::IPermissionManager> GetPermissionManager(sptr<Permission::IPermissionManager> iPermissionManager_);
|
||||
sptr<AAFwk::IAbilityManager> GetAbilityManager(sptr<AAFwk::IAbilityManager> iAbilityManager_);
|
||||
|
||||
private:
|
||||
OHOS::sptr<ISystemAbilityManager> saMgr_;
|
||||
std::mutex saMutex_;
|
||||
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // EXTERNAL_DEPS_H
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef BMS_ADAPTER_H
|
||||
#define BMS_ADAPTER_H
|
||||
|
||||
#include <memory>
|
||||
#include <mutex>
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
|
||||
#include "bundle_mgr_interface.h"
|
||||
#include "constant.h"
|
||||
#include "i_permission_manager.h"
|
||||
#include "ability_manager_interface.h"
|
||||
#include "if_system_ability_manager.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class BmsAdapter {
|
||||
public:
|
||||
BmsAdapter() = default;
|
||||
virtual ~BmsAdapter() = default;
|
||||
sptr<AppExecFwk::IBundleMgr> GetBundleManager();
|
||||
|
||||
private:
|
||||
OHOS::sptr<ISystemAbilityManager> saMgr_;
|
||||
std::mutex saMutex_;
|
||||
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // BMS_ADAPTER_H
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PERMISSION_INNERKITS_INCLUDE_IDISRIBUTED_PERMISSION_H
|
||||
#define PERMISSION_INNERKITS_INCLUDE_IDISRIBUTED_PERMISSION_H
|
||||
#ifndef PERMISSION_INNERKITS_INCLUDE_I_DISRIBUTED_PERMISSION_H
|
||||
#define PERMISSION_INNERKITS_INCLUDE_I_DISRIBUTED_PERMISSION_H
|
||||
|
||||
#include "iremote_broker.h"
|
||||
#include "iremote_object.h"
|
||||
@ -30,7 +30,7 @@ class IDistributedPermission : public IRemoteBroker {
|
||||
public:
|
||||
static const int32_t SA_ID_DISTRIBUTED_PERMISSION_MANAGER_SERVICE = 3502;
|
||||
|
||||
DECLARE_INTERFACE_DESCRIPTOR(u"ohos.distributedpermission.IDistributedPermission");
|
||||
DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.permission.IDistributedPermission");
|
||||
|
||||
virtual int32_t AllocateDuid(const std::string &nodeId, const int32_t rUid) = 0;
|
||||
|
||||
@ -38,8 +38,7 @@ public:
|
||||
|
||||
virtual int32_t CheckDPermission(int32_t dUid, const std::string &permissionName) = 0;
|
||||
|
||||
virtual int32_t CheckPermission(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid) = 0;
|
||||
virtual int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo) = 0;
|
||||
|
||||
virtual int32_t CheckSelfPermission(const std::string &permissionName) = 0;
|
||||
|
||||
@ -51,8 +50,8 @@ public:
|
||||
|
||||
virtual bool IsRestrictedPermission(const std::string &permissionName) = 0;
|
||||
|
||||
virtual int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid) = 0;
|
||||
virtual int32_t VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
|
||||
const std::string &appIdInfo) = 0;
|
||||
|
||||
virtual int32_t VerifySelfPermissionFromRemote(const std::string &permissionName, const std::string &nodeId) = 0;
|
||||
|
||||
@ -61,29 +60,25 @@ public:
|
||||
virtual void RequestPermissionsFromRemote(const std::vector<std::string> permissions,
|
||||
const sptr<OnRequestPermissionsResult> &callback, const std::string &nodeId, const std::string &bundleName,
|
||||
int32_t reasonResId) = 0;
|
||||
virtual void GrantSensitivePermissionToRemoteApp(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t ruid) = 0;
|
||||
virtual void GrantSensitivePermissionToRemoteApp(const std::string &permissionName, const std::string &nodeId,
|
||||
int32_t ruid) = 0;
|
||||
|
||||
virtual int32_t RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) = 0;
|
||||
|
||||
virtual int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) = 0;
|
||||
|
||||
virtual int32_t CheckPermissionAndStartUsing(
|
||||
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId) = 0;
|
||||
virtual int32_t CheckPermissionAndStartUsing(const std::string &permissionName, const std::string &appIdInfo) = 0;
|
||||
|
||||
virtual void StartUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) = 0;
|
||||
virtual void StartUsingPermission(const std::string &permName, const std::string &appIdInfo) = 0;
|
||||
|
||||
virtual void StopUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) = 0;
|
||||
virtual void StopUsingPermission(const std::string &permName, const std::string &appIdInfo) = 0;
|
||||
|
||||
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId, const int32_t uid,
|
||||
const int32_t sucCount, const int32_t failCount) = 0;
|
||||
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
|
||||
int32_t sucCount, int32_t failCount) = 0;
|
||||
|
||||
virtual int32_t GetPermissionRecords(
|
||||
const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen, std::string &resultStr) = 0;
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, std::string &resultStr) = 0;
|
||||
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen,
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr,
|
||||
const sptr<OnPermissionUsedRecord> &callback) = 0;
|
||||
|
||||
enum class MessageCode {
|
||||
@ -112,8 +107,8 @@ public:
|
||||
REQUEST_PERMISSION_FROM_REMOTE = 0xf026,
|
||||
};
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // PERMISSION_INNERKITS_INCLUDE_IDISRIBUTED_PERMISSION_H
|
||||
#endif // PERMISSION_INNERKITS_INCLUDE_I_DISRIBUTED_PERMISSION_H
|
@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PMS_ADAPTER_H
|
||||
#define PMS_ADAPTER_H
|
||||
|
||||
#include <memory>
|
||||
#include <mutex>
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
|
||||
#include "constant.h"
|
||||
#include "i_permission_manager.h"
|
||||
#include "ability_manager_interface.h"
|
||||
#include "if_system_ability_manager.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class PmsAdapter {
|
||||
public:
|
||||
PmsAdapter() = default;
|
||||
virtual ~PmsAdapter() = default;
|
||||
sptr<Permission::IPermissionManager> GetPermissionManager();
|
||||
|
||||
private:
|
||||
OHOS::sptr<ISystemAbilityManager> saMgr_;
|
||||
std::mutex saMutex_;
|
||||
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PMS_ADAPTER_H
|
@ -0,0 +1,60 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "ams_adapter.h"
|
||||
|
||||
#include "permission_log.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
#include "if_system_ability_manager.h"
|
||||
#include "iservice_registry.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "AmsAdapter"};
|
||||
}
|
||||
sptr<AAFwk::IAbilityManager> AmsAdapter::GetAbilityManager()
|
||||
{
|
||||
if (iAbilityManager_ == nullptr) {
|
||||
auto abilityObj = GetSystemAbility(Constant::ABILITY_MST_SERVICE_ID);
|
||||
if (abilityObj == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get ability manager service.");
|
||||
return nullptr;
|
||||
}
|
||||
iAbilityManager_ = iface_cast<AAFwk::IAbilityManager>(abilityObj);
|
||||
}
|
||||
|
||||
return iAbilityManager_;
|
||||
}
|
||||
|
||||
sptr<IRemoteObject> AmsAdapter::GetSystemAbility(const Constant::ServiceId systemAbilityId)
|
||||
{
|
||||
if (saMgr_ == nullptr) {
|
||||
std::lock_guard<std::mutex> lock(saMutex_);
|
||||
if (saMgr_ == nullptr) {
|
||||
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (saMgr_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
|
||||
return nullptr;
|
||||
}
|
||||
}
|
||||
}
|
||||
return saMgr_->GetSystemAbility(systemAbilityId);
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,33 +1,33 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "app_id_info.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
bool AppIdInfo::Valid() const
|
||||
{
|
||||
if (this->pid < 0) {
|
||||
return false;
|
||||
}
|
||||
if (this->uid < 0) {
|
||||
return false;
|
||||
}
|
||||
return this->deviceId.length() <= MAX_DEVICE_ID_LENGTH;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "app_id_info.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
bool AppIdInfo::Valid() const
|
||||
{
|
||||
if (this->pid < 0) {
|
||||
return false;
|
||||
}
|
||||
if (this->uid < 0) {
|
||||
return false;
|
||||
}
|
||||
return this->deviceId.length() <= MAX_DEVICE_ID_LENGTH;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -0,0 +1,60 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "bms_adapter.h"
|
||||
|
||||
#include "permission_log.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
#include "if_system_ability_manager.h"
|
||||
#include "iservice_registry.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "BmsAdapter"};
|
||||
}
|
||||
sptr<AppExecFwk::IBundleMgr> BmsAdapter::GetBundleManager()
|
||||
{
|
||||
if (iBundleManager_ == nullptr) {
|
||||
auto bundleObj = GetSystemAbility(Constant::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
|
||||
if (bundleObj == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get bundle manager service.");
|
||||
return nullptr;
|
||||
}
|
||||
iBundleManager_ = iface_cast<AppExecFwk::IBundleMgr>(bundleObj);
|
||||
}
|
||||
|
||||
return iBundleManager_;
|
||||
}
|
||||
|
||||
sptr<IRemoteObject> BmsAdapter::GetSystemAbility(const Constant::ServiceId systemAbilityId)
|
||||
{
|
||||
if (saMgr_ == nullptr) {
|
||||
std::lock_guard<std::mutex> lock(saMutex_);
|
||||
if (saMgr_ == nullptr) {
|
||||
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (saMgr_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
|
||||
return nullptr;
|
||||
}
|
||||
}
|
||||
}
|
||||
return saMgr_->GetSystemAbility(systemAbilityId);
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,88 +1,60 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#include "external_deps.h"
|
||||
|
||||
#include "permission_log.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
#include "if_system_ability_manager.h"
|
||||
#include "iservice_registry.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ExternalDeps"};
|
||||
}
|
||||
sptr<AppExecFwk::IBundleMgr> ExternalDeps::GetBundleManager(sptr<AppExecFwk::IBundleMgr> iBundleManager_)
|
||||
{
|
||||
if (iBundleManager_ == nullptr) {
|
||||
auto bundleObj = GetSystemAbility(Constant::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
|
||||
if (bundleObj == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get bundle manager service.");
|
||||
return nullptr;
|
||||
}
|
||||
iBundleManager_ = iface_cast<AppExecFwk::IBundleMgr>(bundleObj);
|
||||
}
|
||||
|
||||
return iBundleManager_;
|
||||
}
|
||||
|
||||
sptr<Permission::IPermissionManager> ExternalDeps::GetPermissionManager(
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_)
|
||||
{
|
||||
if (iPermissionManager_ == nullptr) {
|
||||
auto permissionObj = GetSystemAbility(Constant::SUBSYS_SECURITY_PERMISSION_SYS_SERVICE_ID);
|
||||
if (permissionObj == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get permission manager service.");
|
||||
return nullptr;
|
||||
}
|
||||
iPermissionManager_ = iface_cast<Permission::IPermissionManager>(permissionObj);
|
||||
}
|
||||
|
||||
return iPermissionManager_;
|
||||
}
|
||||
|
||||
sptr<AAFwk::IAbilityManager> ExternalDeps::GetAbilityManager(sptr<AAFwk::IAbilityManager> iAbilityManager_)
|
||||
{
|
||||
if (iAbilityManager_ == nullptr) {
|
||||
auto abilityObj = GetSystemAbility(Constant::ABILITY_MST_SERVICE_ID);
|
||||
if (abilityObj == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get ability manager service.");
|
||||
return nullptr;
|
||||
}
|
||||
iAbilityManager_ = iface_cast<AAFwk::IAbilityManager>(abilityObj);
|
||||
}
|
||||
|
||||
return iAbilityManager_;
|
||||
}
|
||||
|
||||
sptr<IRemoteObject> ExternalDeps::GetSystemAbility(const Constant::ServiceId systemAbilityId)
|
||||
{
|
||||
if (saMgr_ == nullptr) {
|
||||
std::lock_guard<std::mutex> lock(saMutex_);
|
||||
if (saMgr_ == nullptr) {
|
||||
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (saMgr_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
|
||||
return nullptr;
|
||||
}
|
||||
}
|
||||
}
|
||||
return saMgr_->GetSystemAbility(systemAbilityId);
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "pms_adapter.h"
|
||||
|
||||
#include "permission_log.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
#include "if_system_ability_manager.h"
|
||||
#include "iservice_registry.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PmsAdapter"};
|
||||
}
|
||||
sptr<Permission::IPermissionManager> PmsAdapter::GetPermissionManager()
|
||||
{
|
||||
if (iPermissionManager_ == nullptr) {
|
||||
auto permissionObj = GetSystemAbility(Constant::SUBSYS_SECURITY_PERMISSION_SYS_SERVICE_ID);
|
||||
if (permissionObj == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get permission manager service.");
|
||||
return nullptr;
|
||||
}
|
||||
iPermissionManager_ = iface_cast<Permission::IPermissionManager>(permissionObj);
|
||||
}
|
||||
|
||||
return iPermissionManager_;
|
||||
}
|
||||
|
||||
sptr<IRemoteObject> PmsAdapter::GetSystemAbility(const Constant::ServiceId systemAbilityId)
|
||||
{
|
||||
if (saMgr_ == nullptr) {
|
||||
std::lock_guard<std::mutex> lock(saMutex_);
|
||||
if (saMgr_ == nullptr) {
|
||||
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (saMgr_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
|
||||
return nullptr;
|
||||
}
|
||||
}
|
||||
}
|
||||
return saMgr_->GetSystemAbility(systemAbilityId);
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -21,14 +21,9 @@ config("permission_standard_infrastructure_cxx_public_config") {
|
||||
visibility = [ ":*" ]
|
||||
|
||||
include_dirs = [ "main/cpp/include" ]
|
||||
|
||||
defines = [
|
||||
"APP_LOG_TAG = \"DistributedPermission\"",
|
||||
"LOG_DOMAIN = 0xD001024",
|
||||
]
|
||||
}
|
||||
|
||||
ohos_shared_library("permission_standard_infrastructure_record_database") {
|
||||
ohos_shared_library("permission_standard_infrastructure_database") {
|
||||
subsystem_name = "security"
|
||||
part_name = "permission_standard"
|
||||
|
||||
@ -37,19 +32,20 @@ ohos_shared_library("permission_standard_infrastructure_record_database") {
|
||||
include_dirs = [
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"//third_party/json/single_include",
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
|
||||
# "${distributed_permission_services_path}/main/cpp/include/common",
|
||||
# "${distributed_permission_services_path}/main/cpp/include/record",
|
||||
]
|
||||
|
||||
sources = [
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/data_storage.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/data_translator.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/generic_values.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_helper.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_storage.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/statement.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/variant_value.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/data_storage.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/generic_values.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/sqlite_helper.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/sqlite_storage.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/statement.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/variant_value.cpp",
|
||||
|
||||
# "${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
|
||||
]
|
||||
|
||||
deps = [
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef DATA_STORAGE_H
|
||||
#define DATA_STORAGE_H
|
||||
#ifndef DATA_STORAGE_D_H
|
||||
#define DATA_STORAGE_D_H
|
||||
|
||||
#include <vector>
|
||||
#include <map>
|
||||
@ -26,8 +26,13 @@ namespace Security {
|
||||
namespace Permission {
|
||||
class DataStorage {
|
||||
public:
|
||||
enum DataType { PERMISSION_VISITOR, PERMISSION_RECORD };
|
||||
|
||||
enum DataType {
|
||||
PERMISSION_VISITOR,
|
||||
PERMISSION_RECORD,
|
||||
PERMISSION_DEF,
|
||||
PERMISSIONS_STAT_USER_GRANTED,
|
||||
PERMISSIONS_STAT_SYSTEM_GRANTED
|
||||
};
|
||||
static DataStorage &GetRealDataStorage();
|
||||
|
||||
virtual ~DataStorage() = default;
|
||||
@ -49,4 +54,4 @@ public:
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // DATA_STORAGE_H
|
||||
#endif // DATA_STORAGE_D_H
|
@ -13,19 +13,29 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef FIELD_CONST_H
|
||||
#define FIELD_CONST_H
|
||||
#ifndef FIELD_CONST_D_H
|
||||
#define FIELD_CONST_D_H
|
||||
|
||||
#include <string>
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
const std::string FIELD_PERMISSION_NAME = "permission_name";
|
||||
const std::string FIELD_BUNDLE_NAME = "bundle_name";
|
||||
const std::string FIELD_GRANT_MODE = "grant_mode";
|
||||
const std::string FIELD_AVAILABLE_SCOPE = "available_scope";
|
||||
const std::string FIELD_LABEL = "label";
|
||||
const std::string FIELD_LABEL_ID = "label_id";
|
||||
const std::string FIELD_DESCRIPTION = "description";
|
||||
const std::string FIELD_DESCRIPTION_ID = "description_id";
|
||||
const std::string FIELD_USER_ID = "user_id";
|
||||
const std::string FIELD_GRANTED = "granted";
|
||||
const std::string FIELD_FLAGS = "flags";
|
||||
const std::string FIELD_ID = "id";
|
||||
const std::string FIELD_DEVICE_ID = "device_id";
|
||||
const std::string FIELD_DEVICE_NAME = "device_name";
|
||||
const std::string FIELD_BUNDLE_USER_ID = "bundle_user_id";
|
||||
const std::string FIELD_BUNDLE_NAME = "bundle_name";
|
||||
const std::string FIELD_BUNDLE_LABEL = "bundle_label";
|
||||
const std::string FIELD_TIMESTAMP = "timestamp";
|
||||
const std::string FIELD_TIMESTAMP_BEGIN = "timestamp_begin";
|
||||
@ -42,4 +52,4 @@ const std::string FIELD_FLAG = "flag";
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // FIELD_CONST_H
|
||||
#endif // FIELD_CONST_D_H
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef GENERIC_VALUES_H
|
||||
#define GENERIC_VALUES_H
|
||||
#ifndef GENERIC_VALUES_D_H
|
||||
#define GENERIC_VALUES_D_H
|
||||
|
||||
#include <map>
|
||||
#include <vector>
|
||||
@ -56,4 +56,4 @@ private:
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // GENERIC_VALUES_H
|
||||
#endif // GENERIC_VALUES_D_H
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef SQLITE_HELPER_H
|
||||
#define SQLITE_HELPER_H
|
||||
#ifndef SQLITE_HELPER_D_H
|
||||
#define SQLITE_HELPER_D_H
|
||||
|
||||
#include <string>
|
||||
|
||||
@ -58,4 +58,4 @@ private:
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // SQLITE_HELPER_H
|
||||
#endif // SQLITE_HELPER_D_H
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef SQLITE_STORAGE_H
|
||||
#define SQLITE_STORAGE_H
|
||||
#ifndef SQLITE_STORAGE_D_H
|
||||
#define SQLITE_STORAGE_D_H
|
||||
|
||||
#include "data_storage.h"
|
||||
#include "sqlite_helper.h"
|
||||
@ -63,6 +63,9 @@ private:
|
||||
std::map<DataType, SqliteTable> dataTypeToSqlTable_;
|
||||
OHOS::Utils::RWLock rwLock_;
|
||||
|
||||
int CreatePermissionDefinitionTable() const;
|
||||
int CreateSystemGrantedPermissionStateTable() const;
|
||||
int CreateUserGrantedPermissionStateTable() const;
|
||||
int CreatePermissionVisitorTable() const;
|
||||
int CreatePermissionRecordTable() const;
|
||||
|
||||
@ -76,6 +79,9 @@ private:
|
||||
const DataType type, const GenericValues &andConditions, const GenericValues &orConditions) const;
|
||||
|
||||
private:
|
||||
inline static const std::string PERMISSION_DEF_TABLE = "permission_definition_table";
|
||||
inline static const std::string SYS_GRANTED_PERMISSION_STATE_TABLE = "system_granted_permission_state_table";
|
||||
inline static const std::string USER_GRANTED_PERMISSION_STATE_TABLE = "user_granted_permission_state_table";
|
||||
inline static const std::string PERMISSION_VISITOR_TABLE = "permission_visitor_table";
|
||||
inline static const std::string PERMISSION_RECORD_TABLE = "permission_record_table";
|
||||
inline static const std::string DATABASE_NAME = "permission_record.db";
|
||||
@ -86,4 +92,4 @@ private:
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // SQLITE_STORAGE_H
|
||||
#endif // SQLITE_STORAGE_D_H
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef STATEMENT_H
|
||||
#define STATEMENT_H
|
||||
#ifndef STATEMENT_D_H
|
||||
#define STATEMENT_D_H
|
||||
|
||||
#include <string>
|
||||
|
||||
@ -55,4 +55,4 @@ private:
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // STATEMENT_H
|
||||
#endif // STATEMENT_D_H
|
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef VARIANT_VALUE_H
|
||||
#define VARIANT_VALUE_H
|
||||
#ifndef VARIANT_VALUE_D_H
|
||||
#define VARIANT_VALUE_D_H
|
||||
|
||||
#include <string>
|
||||
#include <variant>
|
||||
@ -52,4 +52,4 @@ private:
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // VARIANT_VALUE_H
|
||||
#endif // VARIANT_VALUE_D_H
|
@ -34,18 +34,21 @@ SqliteHelper::~SqliteHelper()
|
||||
void SqliteHelper::Open()
|
||||
{
|
||||
if (db_ != nullptr) {
|
||||
PERMISSION_LOG_INFO(LABEL, "db file already exist");
|
||||
return;
|
||||
}
|
||||
if (dbName_.empty() || dbPath_.empty() || currentVersion_ < 0) {
|
||||
PERMISSION_LOG_INFO(LABEL, "dbName is empty or currentVersion less than 0");
|
||||
return;
|
||||
}
|
||||
std::string fileName = dbPath_ + dbName_;
|
||||
PERMISSION_LOG_INFO(LABEL, "fileName is : %{public}s,", fileName.c_str());
|
||||
int res = sqlite3_open(fileName.c_str(), &db_);
|
||||
if (res != SQLITE_OK) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "Failed to open db: %{public}s", sqlite3_errmsg(db_));
|
||||
return;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "currentVersion is %{public}d", currentVersion_);
|
||||
int version = GetVersion();
|
||||
if (version == currentVersion_) {
|
||||
return;
|
@ -38,6 +38,9 @@ SqliteStorage::~SqliteStorage()
|
||||
void SqliteStorage::OnCreate()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s called.", __func__);
|
||||
CreatePermissionDefinitionTable();
|
||||
CreateSystemGrantedPermissionStateTable();
|
||||
CreateUserGrantedPermissionStateTable();
|
||||
CreatePermissionVisitorTable();
|
||||
CreatePermissionRecordTable();
|
||||
}
|
||||
@ -49,6 +52,26 @@ void SqliteStorage::OnUpdate()
|
||||
|
||||
SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATABASE_VERSION)
|
||||
{
|
||||
SqliteTable permissionDefTable;
|
||||
permissionDefTable.tableName_ = PERMISSION_DEF_TABLE;
|
||||
permissionDefTable.tableColumnNames_ = {FIELD_PERMISSION_NAME,
|
||||
FIELD_BUNDLE_NAME,
|
||||
FIELD_GRANT_MODE,
|
||||
FIELD_AVAILABLE_SCOPE,
|
||||
FIELD_LABEL,
|
||||
FIELD_LABEL_ID,
|
||||
FIELD_DESCRIPTION,
|
||||
FIELD_DESCRIPTION_ID};
|
||||
|
||||
SqliteTable sysGrantPermStatTable;
|
||||
sysGrantPermStatTable.tableName_ = SYS_GRANTED_PERMISSION_STATE_TABLE;
|
||||
sysGrantPermStatTable.tableColumnNames_ = {FIELD_BUNDLE_NAME, FIELD_PERMISSION_NAME, FIELD_GRANTED, FIELD_FLAGS};
|
||||
|
||||
SqliteTable userGrantPermStatTable;
|
||||
userGrantPermStatTable.tableName_ = USER_GRANTED_PERMISSION_STATE_TABLE;
|
||||
userGrantPermStatTable.tableColumnNames_ = {
|
||||
FIELD_BUNDLE_NAME, FIELD_PERMISSION_NAME, FIELD_USER_ID, FIELD_GRANTED, FIELD_FLAGS};
|
||||
|
||||
SqliteTable permissionVisitorTable;
|
||||
permissionVisitorTable.tableName_ = PERMISSION_VISITOR_TABLE;
|
||||
permissionVisitorTable.tableColumnNames_ = {
|
||||
@ -59,7 +82,11 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA
|
||||
permissionRecordTable.tableColumnNames_ = {
|
||||
FIELD_TIMESTAMP, FIELD_VISITOR_ID, FIELD_OP_CODE, FIELD_IS_FOREGROUND, FIELD_ACCESS_COUNT, FIELD_REJECT_COUNT};
|
||||
|
||||
dataTypeToSqlTable_ = {{PERMISSION_VISITOR, permissionVisitorTable}, {PERMISSION_RECORD, permissionRecordTable}};
|
||||
dataTypeToSqlTable_ = {{PERMISSION_DEF, permissionDefTable},
|
||||
{PERMISSIONS_STAT_SYSTEM_GRANTED, sysGrantPermStatTable},
|
||||
{PERMISSIONS_STAT_USER_GRANTED, userGrantPermStatTable},
|
||||
{PERMISSION_VISITOR, permissionVisitorTable},
|
||||
{PERMISSION_RECORD, permissionRecordTable}};
|
||||
|
||||
Open();
|
||||
}
|
||||
@ -315,6 +342,65 @@ std::string SqliteStorage::CreateSelectWithConditionPrepareSqlCmd(
|
||||
return sql;
|
||||
}
|
||||
|
||||
int SqliteStorage::CreatePermissionDefinitionTable() const
|
||||
{
|
||||
auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_DEF);
|
||||
if (it == dataTypeToSqlTable_.end()) {
|
||||
return FAILURE;
|
||||
}
|
||||
std::string sql = "create table if not exists ";
|
||||
sql.append(it->second.tableName_ + " (")
|
||||
.append(FIELD_PERMISSION_NAME + " text not null,")
|
||||
.append(FIELD_BUNDLE_NAME + " text not null,")
|
||||
.append(FIELD_GRANT_MODE + " integer not null,")
|
||||
.append(FIELD_AVAILABLE_SCOPE + " integer not null,")
|
||||
.append(FIELD_LABEL + " text not null,")
|
||||
.append(FIELD_LABEL_ID + " integer not null,")
|
||||
.append(FIELD_DESCRIPTION + " text not null,")
|
||||
.append(FIELD_DESCRIPTION_ID + " integer not null,")
|
||||
.append("primary key(" + FIELD_PERMISSION_NAME)
|
||||
.append("))");
|
||||
return ExecuteSql(sql);
|
||||
}
|
||||
|
||||
int SqliteStorage::CreateSystemGrantedPermissionStateTable() const
|
||||
{
|
||||
auto it = dataTypeToSqlTable_.find(DataType::PERMISSIONS_STAT_SYSTEM_GRANTED);
|
||||
if (it == dataTypeToSqlTable_.end()) {
|
||||
return FAILURE;
|
||||
}
|
||||
std::string sql = "create table if not exists ";
|
||||
sql.append(it->second.tableName_ + " (")
|
||||
.append(FIELD_BUNDLE_NAME + " text not null,")
|
||||
.append(FIELD_PERMISSION_NAME + " text not null,")
|
||||
.append(FIELD_GRANTED + " integer not null,")
|
||||
.append(FIELD_FLAGS + " integer not null,")
|
||||
.append("primary key(" + FIELD_BUNDLE_NAME)
|
||||
.append("," + FIELD_PERMISSION_NAME)
|
||||
.append("))");
|
||||
return ExecuteSql(sql);
|
||||
}
|
||||
|
||||
int SqliteStorage::CreateUserGrantedPermissionStateTable() const
|
||||
{
|
||||
auto it = dataTypeToSqlTable_.find(DataType::PERMISSIONS_STAT_USER_GRANTED);
|
||||
if (it == dataTypeToSqlTable_.end()) {
|
||||
return FAILURE;
|
||||
}
|
||||
std::string sql = "create table if not exists ";
|
||||
sql.append(it->second.tableName_ + " (")
|
||||
.append(FIELD_BUNDLE_NAME + " text not null,")
|
||||
.append(FIELD_PERMISSION_NAME + " text not null,")
|
||||
.append(FIELD_USER_ID + " integer not null,")
|
||||
.append(FIELD_GRANTED + " integer not null,")
|
||||
.append(FIELD_FLAGS + " integer not null,")
|
||||
.append("primary key(" + FIELD_BUNDLE_NAME)
|
||||
.append("," + FIELD_PERMISSION_NAME)
|
||||
.append("," + FIELD_USER_ID)
|
||||
.append("))");
|
||||
return ExecuteSql(sql);
|
||||
}
|
||||
|
||||
int SqliteStorage::CreatePermissionVisitorTable() const
|
||||
{
|
||||
auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_VISITOR);
|
@ -47,6 +47,7 @@ void Statement::Bind(const int index, const std::string &text)
|
||||
|
||||
void Statement::Bind(const int index, int value)
|
||||
{
|
||||
PERMISSION_LOG_ERROR(LABEL, "index: %{public}d, value: %{public}d", index, value);
|
||||
if (sqlite3_bind_int(statement_, index, value) != SQLITE_OK) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "Cannot bind int, errorMsg: %{public}s", sqlite3_errmsg(db_));
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef DATA_TRANSLATOR_H
|
||||
#define DATA_TRANSLATOR_H
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "bundle_permission_used_record.h"
|
||||
#include "constant.h"
|
||||
#include "generic_values.h"
|
||||
#include "permission_record.h"
|
||||
#include "permission_visitor.h"
|
||||
#include "query_permission_used_request.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class DataTranslator final {
|
||||
public:
|
||||
static int TranslationIntoPermissionRecord(
|
||||
const GenericValues &inGenericValues, PermissionRecord &outPermissionRecord);
|
||||
static int TranslationIntoGenericValues(
|
||||
const PermissionRecord &inPermissionRecord, GenericValues &outGenericValues);
|
||||
static int TranslationIntoPermissionVisitor(
|
||||
const GenericValues &inGenericValues, PermissionVisitor &outPermissionVisitor);
|
||||
static int TranslationIntoGenericValues(
|
||||
const PermissionVisitor &inPermissionVisitor, GenericValues &outGenericValues);
|
||||
static int TranslationIntoGenericValues(const QueryPermissionUsedRequest &inQueryRequest,
|
||||
GenericValues &outVisitorValues, GenericValues &outRecordAndValues, GenericValues &outRecordOrValues);
|
||||
static int TranslationIntoBundlePermissionUsedRecord(
|
||||
const GenericValues &inGenericValues, BundlePermissionUsedRecord &outBundleRecord);
|
||||
static int TranslationIntoPermissionUsedRecord(
|
||||
const GenericValues &inGenericValues, PermissionUsedRecord &outPermRecord);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // DATA_TRANSLATOR_H
|
@ -1,154 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "data_translator.h"
|
||||
|
||||
#include "field_const.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
int DataTranslator::TranslationIntoPermissionRecord(
|
||||
const GenericValues &inGenericValues, PermissionRecord &outPermissionRecord)
|
||||
{
|
||||
outPermissionRecord.timestamp = inGenericValues.GetInt(FIELD_TIMESTAMP);
|
||||
outPermissionRecord.visitorId = inGenericValues.GetInt(FIELD_VISITOR_ID);
|
||||
outPermissionRecord.opCode = inGenericValues.GetInt(FIELD_OP_CODE);
|
||||
outPermissionRecord.isForeground = inGenericValues.GetInt(FIELD_IS_FOREGROUND);
|
||||
outPermissionRecord.accessCount = inGenericValues.GetInt(FIELD_ACCESS_COUNT);
|
||||
outPermissionRecord.rejectCount = inGenericValues.GetInt(FIELD_REJECT_COUNT);
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int DataTranslator::TranslationIntoGenericValues(
|
||||
const PermissionRecord &inPermissionRecord, GenericValues &outGenericValues)
|
||||
{
|
||||
outGenericValues.Put(FIELD_TIMESTAMP, inPermissionRecord.timestamp);
|
||||
outGenericValues.Put(FIELD_VISITOR_ID, inPermissionRecord.visitorId);
|
||||
outGenericValues.Put(FIELD_OP_CODE, inPermissionRecord.opCode);
|
||||
outGenericValues.Put(FIELD_IS_FOREGROUND, inPermissionRecord.isForeground);
|
||||
outGenericValues.Put(FIELD_ACCESS_COUNT, inPermissionRecord.accessCount);
|
||||
outGenericValues.Put(FIELD_REJECT_COUNT, inPermissionRecord.rejectCount);
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int DataTranslator::TranslationIntoPermissionVisitor(
|
||||
const GenericValues &inGenericValues, PermissionVisitor &outPermissionVisitor)
|
||||
{
|
||||
outPermissionVisitor.id = inGenericValues.GetInt(FIELD_ID);
|
||||
outPermissionVisitor.deviceId = inGenericValues.GetString(FIELD_DEVICE_ID);
|
||||
outPermissionVisitor.deviceName = inGenericValues.GetString(FIELD_DEVICE_NAME);
|
||||
outPermissionVisitor.bundleUserId = inGenericValues.GetInt(FIELD_BUNDLE_USER_ID);
|
||||
outPermissionVisitor.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
|
||||
outPermissionVisitor.bundleLabel = inGenericValues.GetString(FIELD_BUNDLE_LABEL);
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int DataTranslator::TranslationIntoGenericValues(
|
||||
const PermissionVisitor &inPermissionVisitor, GenericValues &outGenericValues)
|
||||
{
|
||||
outGenericValues.Put(FIELD_DEVICE_ID, inPermissionVisitor.deviceId);
|
||||
outGenericValues.Put(FIELD_DEVICE_NAME, inPermissionVisitor.deviceName);
|
||||
outGenericValues.Put(FIELD_BUNDLE_USER_ID, inPermissionVisitor.bundleUserId);
|
||||
outGenericValues.Put(FIELD_BUNDLE_NAME, inPermissionVisitor.bundleName);
|
||||
outGenericValues.Put(FIELD_BUNDLE_LABEL, inPermissionVisitor.bundleLabel);
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int DataTranslator::TranslationIntoGenericValues(const QueryPermissionUsedRequest &inQueryRequest,
|
||||
GenericValues &outVisitorValues, GenericValues &outRecordAndValues, GenericValues &outRecordOrValues)
|
||||
{
|
||||
if (!inQueryRequest.deviceLabel.empty()) {
|
||||
outVisitorValues.Put(FIELD_DEVICE_NAME, inQueryRequest.deviceLabel);
|
||||
}
|
||||
if (!inQueryRequest.bundleName.empty()) {
|
||||
outVisitorValues.Put(FIELD_BUNDLE_NAME, inQueryRequest.bundleName);
|
||||
}
|
||||
std::string permissionNames;
|
||||
for (unsigned int i = 0; i < inQueryRequest.permissionNames.size(); i++) {
|
||||
int32_t code = 0;
|
||||
std::string perName = inQueryRequest.permissionNames[i];
|
||||
if (Constant::PermissionNameToOrFromOpCode(perName, code)) {
|
||||
outRecordOrValues.Put(FIELD_OP_CODE + ToString(i), code);
|
||||
}
|
||||
}
|
||||
int64_t begin = inQueryRequest.beginTimeMillis;
|
||||
int64_t end = inQueryRequest.endTimeMillis;
|
||||
if (begin < 0 || end < 0 || (begin > end && end > 0)) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
if (begin != 0) {
|
||||
outRecordAndValues.Put(FIELD_TIMESTAMP_BEGIN, begin);
|
||||
}
|
||||
if (end != 0) {
|
||||
outRecordAndValues.Put(FIELD_TIMESTAMP_END, end);
|
||||
}
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int DataTranslator::TranslationIntoBundlePermissionUsedRecord(
|
||||
const GenericValues &inGenericValues, BundlePermissionUsedRecord &outBundleRecord)
|
||||
{
|
||||
outBundleRecord.deviceId = inGenericValues.GetString(FIELD_DEVICE_ID);
|
||||
outBundleRecord.deviceLabel = inGenericValues.GetString(FIELD_DEVICE_NAME);
|
||||
outBundleRecord.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
|
||||
outBundleRecord.bundleLabel = inGenericValues.GetString(FIELD_BUNDLE_LABEL);
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int DataTranslator::TranslationIntoPermissionUsedRecord(
|
||||
const GenericValues &inGenericValues, PermissionUsedRecord &outPermRecord)
|
||||
{
|
||||
std::string perName;
|
||||
int32_t code = inGenericValues.GetInt(FIELD_OP_CODE);
|
||||
if (!Constant::PermissionNameToOrFromOpCode(perName, code)) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
outPermRecord.permissionName = perName;
|
||||
if (inGenericValues.GetInt(FIELD_IS_FOREGROUND) == 1) {
|
||||
outPermRecord.accessCountFg = inGenericValues.GetInt(FIELD_ACCESS_COUNT);
|
||||
outPermRecord.rejectCountFg = inGenericValues.GetInt(FIELD_REJECT_COUNT);
|
||||
} else {
|
||||
outPermRecord.accessCountBg = inGenericValues.GetInt(FIELD_ACCESS_COUNT);
|
||||
outPermRecord.rejectCountBg = inGenericValues.GetInt(FIELD_REJECT_COUNT);
|
||||
}
|
||||
if (inGenericValues.GetInt(FIELD_ACCESS_COUNT) > inGenericValues.GetInt(FIELD_REJECT_COUNT)) {
|
||||
if (inGenericValues.GetInt(FIELD_REJECT_COUNT) != 0) {
|
||||
outPermRecord.lastRejectTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
|
||||
}
|
||||
outPermRecord.lastAccessTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
|
||||
} else {
|
||||
if (inGenericValues.GetInt(FIELD_ACCESS_COUNT) != 0) {
|
||||
outPermRecord.lastAccessTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
|
||||
}
|
||||
outPermRecord.lastRejectTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
|
||||
}
|
||||
if (inGenericValues.GetInt(FIELD_FLAG) == 1) {
|
||||
if (outPermRecord.accessCountFg > 0 || outPermRecord.rejectCountFg > 0) {
|
||||
(outPermRecord.lastAccessTime > 0)
|
||||
? outPermRecord.accessRecordFg.emplace_back(outPermRecord.lastAccessTime)
|
||||
: outPermRecord.rejectRecordFg.emplace_back(outPermRecord.lastRejectTime);
|
||||
} else {
|
||||
(outPermRecord.lastAccessTime > 0)
|
||||
? outPermRecord.accessRecordBg.emplace_back(outPermRecord.lastAccessTime)
|
||||
: outPermRecord.rejectRecordBg.emplace_back(outPermRecord.lastRejectTime);
|
||||
}
|
||||
}
|
||||
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -34,34 +34,35 @@ config("distributed_permission_innerkits_public_config") {
|
||||
visibility = [ ":*" ]
|
||||
|
||||
include_dirs = [
|
||||
"//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include",
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record",
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/distributed_permission",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
|
||||
"${distributed_permission_services_path}/main/cpp/include/distributed",
|
||||
"${distributed_permission_database_path}/main/cpp/include",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
|
||||
"//third_party/json/single_include",
|
||||
"//utils/native/base/include",
|
||||
"//utils/system/safwk/native/include",
|
||||
"//third_party/json/include",
|
||||
"//third_party/zlib",
|
||||
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include",
|
||||
]
|
||||
}
|
||||
|
||||
ohos_shared_library("distributed_permission_innerkits") {
|
||||
sources = [
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/app_id_info.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_death_recipient.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_kit.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_manager_client.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_proxy.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_stub.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/bundle_permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
|
||||
@ -73,18 +74,22 @@ ohos_shared_library("distributed_permission_innerkits") {
|
||||
public_configs = [ ":distributed_permission_innerkits_public_config" ]
|
||||
|
||||
deps = [
|
||||
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
|
||||
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
|
||||
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
|
||||
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
|
||||
"${permission_path}/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
|
||||
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk:libpermissionsdk_standard",
|
||||
"//utils/native/base:utils",
|
||||
]
|
||||
|
||||
cflags_cc = [ "-DHILOG_ENABLE" ]
|
||||
|
||||
external_deps = [
|
||||
"aafwk_standard:ability_manager",
|
||||
"aafwk_standard:want",
|
||||
"hiviewdfx_hilog_native:libhilog",
|
||||
"ipc:ipc_core",
|
||||
"samgr_standard:samgr_proxy",
|
||||
"startup_l2:syspara",
|
||||
]
|
||||
|
||||
subsystem_name = "security"
|
||||
|
@ -17,10 +17,13 @@
|
||||
#define DISRIBUTED_PERMISSION_KIT_H
|
||||
|
||||
#include <iostream>
|
||||
#include "distributed_permission_manager_client.h"
|
||||
#include "app_id_info.h"
|
||||
#include "constant.h"
|
||||
#include "nlohmann/json.hpp"
|
||||
#include "on_using_permission_reminder.h"
|
||||
#include "on_permission_used_record.h"
|
||||
#include "on_request_permissions_result.h"
|
||||
#include "query_permission_used_request.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
|
@ -12,9 +12,11 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "distributed_permission_kit.h"
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
#include "distributed_permission_kit.h"
|
||||
#include "distributed_permission_manager_client.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
|
@ -68,37 +68,20 @@ int32_t DistributedPermissionManagerClient::CheckDPermission(int32_t dUid, const
|
||||
return distributedPermissionProxy_->CheckDPermission(dUid, permissionName);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::CheckPermission(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permissionName = %{public}s, nodeId = %{public}s, nodeId = %{public}d, nodeId = %{public}d",
|
||||
permissionName.c_str(),
|
||||
Constant::EncryptDevId(nodeId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
return distributedPermissionProxy_->CheckPermission(permissionName, nodeId, pid, uid);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::CheckPermission(
|
||||
const std::string &permissionName, const std::string &appIdInfo)
|
||||
int32_t DistributedPermissionManagerClient::CheckPermission(const std::string &permissionName,
|
||||
const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "permissionName = %{public}s, appIdInfo = %{public}s", permissionName.c_str(), appIdInfo.c_str());
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return ERROR;
|
||||
}
|
||||
AppIdInfo appIdInfoObj;
|
||||
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
|
||||
return ERROR;
|
||||
}
|
||||
return distributedPermissionProxy_->CheckPermission(
|
||||
permissionName, appIdInfoObj.deviceId, appIdInfoObj.pid, appIdInfoObj.uid);
|
||||
return distributedPermissionProxy_->CheckPermission(permissionName, appIdInfo);
|
||||
}
|
||||
|
||||
bool DistributedPermissionManagerClient::IsPermissionNameValid(const std::string &permissionName)
|
||||
{
|
||||
return !permissionName.empty() && (permissionName.length() <= MAX_LENGTH);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::CheckSelfPermission(const std::string &permissionName)
|
||||
@ -107,8 +90,19 @@ int32_t DistributedPermissionManagerClient::CheckSelfPermission(const std::strin
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
return distributedPermissionProxy_->CheckSelfPermission(permissionName);
|
||||
if (!DistributedPermissionManagerClient::IsPermissionNameValid(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "CheckSelfPermission::permissionName is not valid");
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
// CheckSelfPermission is used by applications to check whether they have certain permissions,
|
||||
// so the IPC package is used to get the process id and uid of the call source.
|
||||
pid_t pid = IPCSkeleton::GetCallingPid();
|
||||
pid_t uid = IPCSkeleton::GetCallingUid();
|
||||
std::cout << "pid:"<<pid<<std::endl;
|
||||
std::cout << "uid:"<<uid<<std::endl;
|
||||
AppIdInfo appIdInfoObj;
|
||||
std::string appIdInfo = DistributedPermissionKit::AppIdInfoHelper::CreateAppIdInfo(pid, uid, "");
|
||||
return distributedPermissionProxy_->CheckPermission(permissionName, appIdInfo);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::CheckCallingPermission(const std::string &permissionName)
|
||||
@ -141,31 +135,44 @@ int32_t DistributedPermissionManagerClient::CheckCallerPermission(const std::str
|
||||
return distributedPermissionProxy_->CheckCallerPermission(permissionName);
|
||||
}
|
||||
|
||||
// bool DistributedPermissionManagerClient::IsRestrictedPermission(const std::string &permissionName)
|
||||
// {
|
||||
// PERMISSION_LOG_INFO(LABEL, "permissionName = %{public}s", permissionName.c_str());
|
||||
// // if (!GetDistributedPermissionProxy()) {
|
||||
// // return ERROR;
|
||||
// // }
|
||||
// // return distributedPermissionProxy_->IsRestrictedPermission(permissionName);
|
||||
// }
|
||||
bool DistributedPermissionManagerClient::IsRestrictedPermission(const std::string &permissionName)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "permissionName = %{public}s", permissionName.c_str());
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return ERROR;
|
||||
if (!DistributedPermissionManagerClient::IsPermissionNameValid(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionName data invalid");
|
||||
return false;
|
||||
}
|
||||
|
||||
return distributedPermissionProxy_->IsRestrictedPermission(permissionName);
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
PermissionDefParcel permissionDefResult;
|
||||
int ret = iPermissionManager_->GetDefPermission(permissionName, permissionDefResult);
|
||||
if (ret != 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "get permission def failed");
|
||||
return false;
|
||||
}
|
||||
if (permissionDefResult.permissionDef.availableScope == Permission::AvailableScope::AVAILABLE_SCOPE_RESTRICTED) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &nodeId, const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "permission = %{public}s, appIdInfo = %{public}s", permission.c_str(), appIdInfo.c_str());
|
||||
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, nodeId = %{public}s, appIdInfo = %{public}s",
|
||||
permission.c_str(), Constant::EncryptDevId(nodeId).c_str(), appIdInfo.c_str());
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return ERROR;
|
||||
}
|
||||
AppIdInfo appIdInfoObj;
|
||||
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
|
||||
return ERROR;
|
||||
}
|
||||
return distributedPermissionProxy_->VerifyPermissionFromRemote(
|
||||
permission, nodeId, appIdInfoObj.pid, appIdInfoObj.uid);
|
||||
return distributedPermissionProxy_->VerifyPermissionFromRemote(permission, nodeId, appIdInfo);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::VerifySelfPermissionFromRemote(
|
||||
@ -201,6 +208,7 @@ void DistributedPermissionManagerClient::RequestPermissionsFromRemote(const std:
|
||||
int32_t reasonResId)
|
||||
{
|
||||
if (callback == nullptr) {
|
||||
PERMISSION_LOG_INFO(LABEL, "RequestPermissionsFromRemote param callback is null!");
|
||||
return;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
@ -274,15 +282,7 @@ int32_t DistributedPermissionManagerClient::CheckPermissionAndStartUsing(
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
AppIdInfo appIdInfoObj;
|
||||
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
|
||||
return ERROR;
|
||||
}
|
||||
|
||||
return distributedPermissionProxy_->CheckPermissionAndStartUsing(
|
||||
permissionName, appIdInfoObj.pid, appIdInfoObj.uid, appIdInfoObj.deviceId);
|
||||
return distributedPermissionProxy_->CheckPermissionAndStartUsing(permissionName, appIdInfo);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::CheckCallerPermissionAndStartUsing(const std::string &permissionName)
|
||||
@ -326,15 +326,7 @@ void DistributedPermissionManagerClient::StartUsingPermission(const std::string
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return;
|
||||
}
|
||||
|
||||
AppIdInfo appIdInfoObj;
|
||||
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
|
||||
return;
|
||||
}
|
||||
|
||||
return distributedPermissionProxy_->StartUsingPermission(
|
||||
permName, appIdInfoObj.pid, appIdInfoObj.uid, appIdInfoObj.deviceId);
|
||||
return distributedPermissionProxy_->StartUsingPermission(permName, appIdInfo);
|
||||
}
|
||||
|
||||
void DistributedPermissionManagerClient::StopUsingPermission(const std::string &permName, const std::string &appIdInfo)
|
||||
@ -345,19 +337,10 @@ void DistributedPermissionManagerClient::StopUsingPermission(const std::string &
|
||||
PERMISSION_LOG_INFO(LABEL, "checkresult : Param Empty");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return;
|
||||
}
|
||||
|
||||
AppIdInfo appIdInfoObj;
|
||||
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
|
||||
return;
|
||||
}
|
||||
|
||||
return distributedPermissionProxy_->StopUsingPermission(
|
||||
permName, appIdInfoObj.pid, appIdInfoObj.uid, appIdInfoObj.deviceId);
|
||||
return distributedPermissionProxy_->StopUsingPermission(permName, appIdInfo);
|
||||
}
|
||||
|
||||
void DistributedPermissionManagerClient::ResetDistributedPermissionProxy()
|
||||
@ -385,109 +368,49 @@ void DistributedPermissionManagerClient::AddPermissionUsedRecord(
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s permissionName invalid", __func__);
|
||||
return;
|
||||
}
|
||||
Permission::AppIdInfo appIdInfoObj;
|
||||
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s appIdInfo data invalid", __func__);
|
||||
return;
|
||||
}
|
||||
|
||||
if (appIdInfoObj.deviceId.empty()) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s deviceId invalid", __func__);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return;
|
||||
}
|
||||
|
||||
distributedPermissionProxy_->AddPermissionsRecord(
|
||||
permissionName, appIdInfoObj.deviceId, appIdInfoObj.uid, sucCount, failCount);
|
||||
distributedPermissionProxy_->AddPermissionsRecord(permissionName, appIdInfo, sucCount, failCount);
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(
|
||||
const QueryPermissionUsedRequest &request, QueryPermissionUsedResult &result)
|
||||
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(const QueryPermissionUsedRequest &request,
|
||||
QueryPermissionUsedResult &result)
|
||||
{
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return Constant::FAILURE_DPMS;
|
||||
}
|
||||
nlohmann::json jsonObj = request.to_json(request);
|
||||
std::string queryJsonStr = jsonObj.dump(-1, ' ', false, nlohmann::detail::error_handler_t::replace);
|
||||
unsigned long zipLen = queryJsonStr.length();
|
||||
unsigned long len = compressBound(zipLen);
|
||||
if (len <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
unsigned char *buf = (unsigned char *)malloc(len + 1);
|
||||
if (buf == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
if (!ZipUtil::ZipCompress(queryJsonStr, zipLen, buf, len)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress fail!", __func__);
|
||||
free(buf);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::string queryGzipStr;
|
||||
Base64Util::Encode(buf, len, queryGzipStr);
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
if (ZipUtils::CompressString(queryJsonStr, queryGzipStr) != ZipUtils::OK) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::string resultGzipStr;
|
||||
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, len, zipLen, resultGzipStr);
|
||||
if (len <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
unsigned char *pOut = (unsigned char *)malloc(len + 1);
|
||||
if (pOut == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
Base64Util::Decode(resultGzipStr, pOut, len);
|
||||
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, resultGzipStr);
|
||||
std::string resultJsonStr;
|
||||
bool opResult = ZipUtil::ZipUnCompress(pOut, len, resultJsonStr, zipLen);
|
||||
free(pOut);
|
||||
pOut = NULL;
|
||||
if (opResult == false) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress fail!", __func__);
|
||||
if (ZipUtils::DecompressString(resultGzipStr, resultJsonStr) != ZipUtils::OK) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
nlohmann::json jsonRes = nlohmann::json::parse(resultJsonStr, nullptr, false);
|
||||
result.from_json(jsonRes, result);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(
|
||||
const QueryPermissionUsedRequest &request, const sptr<OnPermissionUsedRecord> &callback)
|
||||
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(const QueryPermissionUsedRequest &request,
|
||||
const sptr<OnPermissionUsedRecord> &callback)
|
||||
{
|
||||
if (!GetDistributedPermissionProxy()) {
|
||||
return Constant::FAILURE_DPMS;
|
||||
}
|
||||
nlohmann::json jsonObj = request.to_json(request);
|
||||
std::string queryJsonStr = jsonObj.dump(-1, ' ', false, nlohmann::detail::error_handler_t::replace);
|
||||
|
||||
unsigned long zipLen = queryJsonStr.length();
|
||||
unsigned long len = compressBound(zipLen);
|
||||
if (len <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
unsigned char *buf = (unsigned char *)malloc(len + 1);
|
||||
if (buf == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
if (!ZipUtil::ZipCompress(queryJsonStr, zipLen, buf, len)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress fail!", __func__);
|
||||
free(buf);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::string queryGzipStr;
|
||||
Base64Util::Encode(buf, len, queryGzipStr);
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, len, zipLen, callback);
|
||||
if (ZipUtils::CompressString(queryJsonStr, queryGzipStr) != ZipUtils::OK) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, callback);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -515,8 +438,7 @@ bool DistributedPermissionManagerClient::GetDistributedPermissionProxy()
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to get distributedPermissionProxy_.");
|
||||
return false;
|
||||
}
|
||||
|
||||
recipient_ = new DistributedPermissionDeathRecipient();
|
||||
recipient_ = new (std::nothrow) DistributedPermissionDeathRecipient();
|
||||
if (!recipient_) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to new recipient_.");
|
||||
return false;
|
||||
@ -527,6 +449,6 @@ bool DistributedPermissionManagerClient::GetDistributedPermissionProxy()
|
||||
|
||||
return true;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -16,9 +16,14 @@
|
||||
#ifndef PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_H
|
||||
#define PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_H
|
||||
|
||||
#include "base64_util.h"
|
||||
#include "idistributed_permission.h"
|
||||
#include "zip_util.h"
|
||||
#include <string>
|
||||
#include <set>
|
||||
#include "i_distributed_permission.h"
|
||||
#include "zip_utils.h"
|
||||
#include "pms_adapter.h"
|
||||
#include "permission/permission.h"
|
||||
#include "permission_def.h"
|
||||
#include "permission_log.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
@ -33,8 +38,6 @@ public:
|
||||
|
||||
int32_t CheckDPermission(int32_t dUid, const std::string &permissionName);
|
||||
|
||||
int32_t CheckPermission(const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid);
|
||||
|
||||
int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo);
|
||||
|
||||
int32_t CheckSelfPermission(const std::string &permissionName);
|
||||
@ -74,7 +77,7 @@ public:
|
||||
void StopUsingPermission(const std::string &permName, const std::string &appIdInfo);
|
||||
|
||||
void AddPermissionUsedRecord(const std::string &permissionName, const std::string &appIdInfo,
|
||||
const int32_t sucCount, const int32_t failCount);
|
||||
int32_t sucCount, int32_t failCount);
|
||||
|
||||
int32_t GetPermissionUsedRecords(const QueryPermissionUsedRequest &request, QueryPermissionUsedResult &result);
|
||||
|
||||
@ -85,11 +88,13 @@ public:
|
||||
|
||||
private:
|
||||
bool GetDistributedPermissionProxy();
|
||||
|
||||
bool IsPermissionNameValid(const std::string &permissionName);
|
||||
private:
|
||||
std::mutex mutex_;
|
||||
sptr<IDistributedPermission> distributedPermissionProxy_;
|
||||
sptr<IRemoteObject::DeathRecipient> recipient_;
|
||||
const static int MAX_LENGTH = 256;
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
@ -23,7 +23,7 @@ namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "DistributedPermissionProxy"};
|
||||
}
|
||||
const int32_t PERMISSION_NOT_GRANTED = -1;
|
||||
const int32_t PERMISSION_DENIED = -1;
|
||||
const int32_t ERROR = -1;
|
||||
|
||||
DistributedPermissionProxy::DistributedPermissionProxy(const sptr<IRemoteObject> &object)
|
||||
@ -40,11 +40,11 @@ int32_t DistributedPermissionProxy::AllocateDuid(const std::string &nodeId, cons
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(nodeId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteInt32(rUid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(rUid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -64,11 +64,11 @@ int32_t DistributedPermissionProxy::QueryDuid(const std::string &deviceId, const
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteInt32(rUid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(rUid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -87,11 +87,11 @@ int32_t DistributedPermissionProxy::CheckDPermission(int32_t dUid, const std::st
|
||||
MessageParcel data;
|
||||
if (!data.WriteInt32(dUid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(dUid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -102,32 +102,20 @@ int32_t DistributedPermissionProxy::CheckDPermission(int32_t dUid, const std::st
|
||||
}
|
||||
return result;
|
||||
}
|
||||
int32_t DistributedPermissionProxy::CheckPermission(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid)
|
||||
|
||||
int32_t DistributedPermissionProxy::CheckPermission(const std::string &permissionName, const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "enter");
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permissionName = %{public}s, nodeId = %{public}s, pid = %{public}d, uid = %{public}d",
|
||||
permissionName.c_str(),
|
||||
Constant::EncryptDevId(nodeId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
PERMISSION_LOG_INFO(LABEL, "permissionName = %{public}s, appIdInfo = %{public}s", permissionName.c_str(),
|
||||
appIdInfo.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteString(nodeId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
if (!data.WriteInt32(pid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
if (!data.WriteInt32(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
if (!data.WriteString(appIdInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -146,7 +134,7 @@ int32_t DistributedPermissionProxy::CheckSelfPermission(const std::string &permi
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -165,7 +153,7 @@ int32_t DistributedPermissionProxy::CheckCallingPermission(const std::string &pe
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -184,7 +172,7 @@ int32_t DistributedPermissionProxy::CheckCallingOrSelfPermission(const std::stri
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -203,7 +191,7 @@ int32_t DistributedPermissionProxy::CheckCallerPermission(const std::string &per
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -233,32 +221,24 @@ bool DistributedPermissionProxy::IsRestrictedPermission(const std::string &permi
|
||||
}
|
||||
return result;
|
||||
}
|
||||
int32_t DistributedPermissionProxy::VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid)
|
||||
int32_t DistributedPermissionProxy::VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
|
||||
const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "enter");
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permission = %{public}s, nodeId = %{public}s, pid = %{public}d, uid = %{public}d",
|
||||
permission.c_str(),
|
||||
Constant::EncryptDevId(nodeId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, nodeId = %{public}s, appIdInfo = %{public}s",
|
||||
permission.c_str(), Constant::EncryptDevId(nodeId).c_str(), appIdInfo.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permission)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteString(nodeId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteInt32(pid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
if (!data.WriteInt32(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
if (!data.WriteString(appIdInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -280,11 +260,11 @@ int32_t DistributedPermissionProxy::VerifySelfPermissionFromRemote(
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
if (!data.WriteString(nodeId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return PERMISSION_DENIED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
@ -404,16 +384,14 @@ void DistributedPermissionProxy::GrantSensitivePermissionToRemoteApp(
|
||||
int32_t DistributedPermissionProxy::RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "callback = OnUsingPermissionReminder");
|
||||
|
||||
int32_t result = ERROR;
|
||||
MessageParcel data;
|
||||
MessageParcel reply;
|
||||
if (!data.WriteRemoteObject(callback->AsObject())) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WirteRomoteObject(callback->AsObject()).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
return result;
|
||||
}
|
||||
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::REGISTER_USINH_PERMISSION_REMINDER, data, reply);
|
||||
if (ret) {
|
||||
result = reply.ReadInt32();
|
||||
@ -432,12 +410,13 @@ int32_t DistributedPermissionProxy::UnregisterUsingPermissionReminder(const sptr
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "callback = OnUsingPermissionReminder");
|
||||
MessageParcel data;
|
||||
if (!data.WriteRemoteObject(callback->AsObject())) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WirteRomoteObject(callback->AsObject()).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
if (!data.WriteRemoteObject(callback->AsObject())) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WirteRomoteObject(callback->AsObject()).");
|
||||
return result;
|
||||
}
|
||||
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::UNREGISTER_USINH_PERMISSION_REMINDER, data, reply);
|
||||
if (ret) {
|
||||
result = reply.ReadInt32();
|
||||
@ -450,39 +429,26 @@ int32_t DistributedPermissionProxy::UnregisterUsingPermissionReminder(const sptr
|
||||
* Check permission and start permission using reminder if permission granted.
|
||||
*
|
||||
* @param permissionName permission name.
|
||||
* @param pid the pid from pid json string indicates app information
|
||||
* @param uid the uid from pid json string indicates app information
|
||||
* @param deviceId thd deviceId from pid json string indicates app information
|
||||
* @param appIdInfo the json string indicates app information
|
||||
* @return Permission checked result, {@link #GRANTED} indicates permission granted, otherwise {@link #DENIED}.
|
||||
*/
|
||||
int32_t DistributedPermissionProxy::CheckPermissionAndStartUsing(
|
||||
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId)
|
||||
int32_t DistributedPermissionProxy::CheckPermissionAndStartUsing(const std::string &permissionName,
|
||||
const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permissionName = %{public}s, pid = %{public}d, uid = %{public}d, deviceId = %{public}s",
|
||||
permissionName.c_str(),
|
||||
pid,
|
||||
uid,
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, appIdInfo = %{public}s", permissionName.c_str(),
|
||||
appIdInfo.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
if (!data.WriteInt32(pid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
if (!data.WriteInt32(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
if (!data.WriteString(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
|
||||
return PERMISSION_NOT_GRANTED;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = ERROR;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return result;
|
||||
}
|
||||
if (!data.WriteString(appIdInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
|
||||
return result;
|
||||
}
|
||||
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::CHECK_PERMISSION_AND_START_USING, data, reply);
|
||||
if (ret) {
|
||||
result = reply.ReadInt32();
|
||||
@ -495,34 +461,18 @@ int32_t DistributedPermissionProxy::CheckPermissionAndStartUsing(
|
||||
* Used to permission using remind when app start using permission continuously.
|
||||
*
|
||||
* @param permName the permission name which app start using.
|
||||
* @param pid the pid from pid json string indicates app information
|
||||
* @param uid the uid from pid json string indicates app information
|
||||
* @param deviceId thd deviceId from pid json string indicates app information
|
||||
* @param appIdInfo the pid from pid json string indicates app information
|
||||
*/
|
||||
void DistributedPermissionProxy::StartUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId)
|
||||
void DistributedPermissionProxy::StartUsingPermission(const std::string &permName, const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permName = %{public}s, pid = %{public}d, uid = %{public}d, deviceId = %{public}s",
|
||||
permName.c_str(),
|
||||
pid,
|
||||
uid,
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, appIdInfo = %{public}s", permName.c_str(), appIdInfo.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permName).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteInt32(pid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteInt32(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteString(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
|
||||
if (!data.WriteString(appIdInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
|
||||
return;
|
||||
}
|
||||
MessageParcel reply;
|
||||
@ -538,34 +488,18 @@ void DistributedPermissionProxy::StartUsingPermission(
|
||||
* Used to permission using remind when app stop using permission continuously.
|
||||
*
|
||||
* @param permName the permission name which app stop using.
|
||||
* @param pid the pid from pid json string indicates app information
|
||||
* @param uid the uid from pid json string indicates app information
|
||||
* @param deviceId thd deviceId from pid json string indicates app information
|
||||
* @param appIdInfo the json string indicates app information
|
||||
*/
|
||||
void DistributedPermissionProxy::StopUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId)
|
||||
void DistributedPermissionProxy::StopUsingPermission(const std::string &permName, const std::string &appIdInfo)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permName = %{public}s, pid = %{public}d, uid = %{public}d, deviceId = %{public}s",
|
||||
permName.c_str(),
|
||||
pid,
|
||||
uid,
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, appIdInfo = %{public}s", permName.c_str(), appIdInfo.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permName).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteInt32(pid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteInt32(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteString(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
|
||||
if (!data.WriteString(appIdInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
|
||||
return;
|
||||
}
|
||||
MessageParcel reply;
|
||||
@ -577,28 +511,20 @@ void DistributedPermissionProxy::StopUsingPermission(
|
||||
}
|
||||
}
|
||||
|
||||
void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId,
|
||||
const int32_t uid, const int32_t sucCount, const int32_t failCount)
|
||||
void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
|
||||
int32_t sucCount, int32_t failCount)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permissionName = %{public}s, deviceId = %{public}s, uid = %{public}d, sucCount = "
|
||||
"permissionName = %{public}s, appIdInfo = %{public}s, sucCount = "
|
||||
"%{public}d, failCount = %{public}d",
|
||||
permissionName.c_str(),
|
||||
Constant::EncryptDevId(deviceId).c_str(),
|
||||
uid,
|
||||
sucCount,
|
||||
failCount);
|
||||
permissionName.c_str(), appIdInfo.c_str(), sucCount, failCount);
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteString(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteInt32(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
|
||||
if (!data.WriteString(appIdInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
|
||||
return;
|
||||
}
|
||||
if (!data.WriteInt32(sucCount)) {
|
||||
@ -618,8 +544,7 @@ void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permiss
|
||||
}
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(
|
||||
const std::string &request, unsigned long &codeLen, unsigned long &zipLen, std::string &resultStr)
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, std::string &resultStr)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "request = %{public}s, resultStr = %{public}s", request.c_str(), resultStr.c_str());
|
||||
MessageParcel data;
|
||||
@ -627,14 +552,6 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
|
||||
return false;
|
||||
}
|
||||
if (!data.WriteUint64(codeLen)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(codeLen).");
|
||||
return false;
|
||||
}
|
||||
if (!data.WriteUint64(zipLen)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(zipLen).");
|
||||
return false;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t result = 0;
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS, data, reply);
|
||||
@ -642,14 +559,12 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
|
||||
result = reply.ReadInt32();
|
||||
PERMISSION_LOG_INFO(LABEL, "result = %{public}d", result);
|
||||
resultStr = reply.ReadString();
|
||||
codeLen = reply.ReadUint64();
|
||||
zipLen = reply.ReadUint64();
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, unsigned long &codeLen,
|
||||
unsigned long &zipLen, const sptr<OnPermissionUsedRecord> &callback)
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request,
|
||||
const sptr<OnPermissionUsedRecord> &callback)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "queryGzipStr = %{public}s, callback = OnPermissionUsedRecord", request.c_str());
|
||||
MessageParcel data;
|
||||
@ -657,14 +572,6 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &requ
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
|
||||
return false;
|
||||
}
|
||||
if (!data.WriteUint64(codeLen)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(codeLen).");
|
||||
return false;
|
||||
}
|
||||
if (!data.WriteUint64(zipLen)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(zipLen).");
|
||||
return false;
|
||||
}
|
||||
if (!data.WriteRemoteObject(callback->AsObject())) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteRemoteObject(callback).");
|
||||
return false;
|
||||
@ -696,6 +603,6 @@ bool DistributedPermissionProxy::SendRequest(
|
||||
}
|
||||
return true;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -17,7 +17,7 @@
|
||||
#define PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_PROXY_H
|
||||
|
||||
#include "constant.h"
|
||||
#include "idistributed_permission.h"
|
||||
#include "i_distributed_permission.h"
|
||||
#include "iremote_proxy.h"
|
||||
|
||||
namespace OHOS {
|
||||
@ -34,8 +34,7 @@ public:
|
||||
|
||||
virtual int32_t CheckDPermission(int32_t dUid, const std::string &permissionName) override;
|
||||
|
||||
virtual int32_t CheckPermission(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid) override;
|
||||
virtual int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo) override;
|
||||
|
||||
virtual int32_t CheckSelfPermission(const std::string &permissionName) override;
|
||||
|
||||
@ -47,11 +46,11 @@ public:
|
||||
|
||||
virtual bool IsRestrictedPermission(const std::string &permissionName) override;
|
||||
|
||||
virtual int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid) override;
|
||||
virtual int32_t VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
|
||||
const std::string &appIdInfo) override;
|
||||
|
||||
virtual int32_t VerifySelfPermissionFromRemote(
|
||||
const std::string &permissionName, const std::string &nodeId) override;
|
||||
virtual int32_t VerifySelfPermissionFromRemote(const std::string &permissionName,
|
||||
const std::string &nodeId) override;
|
||||
|
||||
virtual bool CanRequestPermissionFromRemote(const std::string &permissionName, const std::string &nodeId) override;
|
||||
|
||||
@ -59,29 +58,26 @@ public:
|
||||
const sptr<OnRequestPermissionsResult> &callback, const std::string &nodeId, const std::string &bundleName,
|
||||
int32_t reasonResId) override;
|
||||
|
||||
virtual void GrantSensitivePermissionToRemoteApp(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t ruid) override;
|
||||
virtual void GrantSensitivePermissionToRemoteApp(const std::string &permissionName, const std::string &nodeId,
|
||||
int32_t ruid) override;
|
||||
|
||||
virtual int32_t RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) override;
|
||||
|
||||
virtual int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) override;
|
||||
|
||||
virtual int32_t CheckPermissionAndStartUsing(
|
||||
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId) override;
|
||||
virtual int32_t CheckPermissionAndStartUsing(const std::string &permissionName,
|
||||
const std::string &appIdInfo) override;
|
||||
|
||||
virtual void StartUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t, const std::string &deviceId) override;
|
||||
virtual void StartUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
|
||||
|
||||
virtual void StopUsingPermission(
|
||||
const std::string &permName, int32_t, int32_t, const std::string &deviceId) override;
|
||||
virtual void StopUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
|
||||
|
||||
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId, const int32_t uid,
|
||||
const int32_t sucCount, const int32_t failCount) override;
|
||||
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
|
||||
int32_t sucCount, int32_t failCount) override;
|
||||
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen,
|
||||
std::string &resultStr) override;
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, std::string &resultStr) override;
|
||||
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen,
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr,
|
||||
const sptr<OnPermissionUsedRecord> &callback) override;
|
||||
|
||||
private:
|
||||
@ -90,8 +86,8 @@ private:
|
||||
private:
|
||||
static inline BrokerDelegator<DistributedPermissionProxy> delegator_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_PROXY_H
|
||||
#endif // PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_PROXY_H
|
@ -19,7 +19,7 @@ config("permission_test_config") {
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/permission",
|
||||
"${distributed_permission_record_database_path}/main/cpp/include",
|
||||
"${distributed_permission_database_path}/main/cpp/include",
|
||||
"${distributed_permission_services_path}/main/cpp/include",
|
||||
"${distributed_permission_services_path}/main/cpp/include/command",
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
@ -27,6 +27,7 @@ config("permission_test_config") {
|
||||
"${distributed_permission_services_path}/main/cpp/include/distributed",
|
||||
"${distributed_permission_services_path}/main/cpp/include/protocol",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
|
||||
"${distributed_permission_services_path}/main/cpp/include/remote",
|
||||
@ -63,7 +64,5 @@ group("unittest") {
|
||||
deps = [
|
||||
"unittest/app_id_info_helper_test:unittest",
|
||||
"unittest/app_id_info_test:unittest",
|
||||
"unittest/check_permission_inner_test:unittest",
|
||||
"unittest/permission_remind_inner_test:unittest",
|
||||
]
|
||||
}
|
||||
|
@ -13,10 +13,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "distributed_permission_proxy.h"
|
||||
#include "constant.h"
|
||||
#include "base64_util.h"
|
||||
#include "zip_util.h"
|
||||
#include "permission_log.h"
|
||||
|
||||
namespace OHOS {
|
||||
@ -569,7 +566,7 @@ void DistributedPermissionProxy::StopUsingPermission(
|
||||
}
|
||||
|
||||
void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId,
|
||||
const int32_t uid, const int32_t sucCount, const int32_t failCount)
|
||||
const int32_t uid, int32_t sucCount, int32_t failCount)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"permissionName = %{public}s, deviceId = %{public}s, uid = %{public}d, sucCount = "
|
||||
@ -609,8 +606,7 @@ void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permiss
|
||||
}
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(
|
||||
const std::string &request, unsigned long &codeLen, unsigned long &zipLen, std::string &resultStr)
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, std::string &resultStr)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "request = %{public}s, resultStr = %{public}s", request.c_str(), resultStr.c_str());
|
||||
MessageParcel data;
|
||||
@ -618,26 +614,12 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
|
||||
return -1;
|
||||
}
|
||||
if (!data.WriteUint64(codeLen)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(codeLen).");
|
||||
return -1;
|
||||
}
|
||||
if (!data.WriteUint64(zipLen)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(zipLen).");
|
||||
return -1;
|
||||
}
|
||||
MessageParcel reply;
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS, data, reply);
|
||||
if (ret) {
|
||||
// PERMISSION_LOG_INFO(LABEL, "result = %{public}s", result.c_str());
|
||||
// result = reply.ReadString();
|
||||
// codeLen = reply.ReadUint64();
|
||||
// zipLen = reply.ReadUint64();
|
||||
QueryPermissionUsedRequest query;
|
||||
unsigned char *pOut = (unsigned char *)malloc(codeLen);
|
||||
Base64Util::Decode(request, pOut, codeLen);
|
||||
std::string requestJsonStr;
|
||||
if (!ZipUtil::ZipUnCompress(pOut, codeLen, requestJsonStr, zipLen)) {
|
||||
if (ZipUtils::DecompressString(request, requestJsonStr) != ZipUtils::OK) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
nlohmann::json jsonRes = nlohmann::json::parse(requestJsonStr, nullptr, false);
|
||||
@ -648,46 +630,37 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
|
||||
result.code = Constant::SUCCESS_GET_RECORD;
|
||||
nlohmann::json jsonObj = result.to_json(result);
|
||||
std::string resultJsonStr = jsonObj.dump();
|
||||
unsigned long zipLen = resultJsonStr.length();
|
||||
unsigned long len = compressBound(zipLen);
|
||||
unsigned char *buf = (unsigned char *)malloc(len);
|
||||
|
||||
if (!ZipUtil::ZipCompress(resultJsonStr, zipLen, buf, len)) {
|
||||
if (ZipUtils::CompressString(resultJsonStr, resultStr) != ZipUtils::OK) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
Base64Util::Encode(buf, len, resultStr);
|
||||
}
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, unsigned long &codeLen,
|
||||
unsigned long &zipLen, const sptr<OnPermissionUsedRecord> &callback)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "queryGzipStr = %{public}s, callback = OnPermissionUsedRecord", request.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(request)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
|
||||
return false;
|
||||
}
|
||||
if (!data.WriteRemoteObject(callback->AsObject())) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteRemoteObject(callback).");
|
||||
return false;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t code = ERROR;
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS_ASYNCH, data, reply);
|
||||
if (ret) {
|
||||
|
||||
QueryPermissionUsedRequest query;
|
||||
unsigned char *pOut = (unsigned char *)malloc(codeLen);
|
||||
Base64Util::Decode(request, pOut, codeLen);
|
||||
std::string requestJsonStr;
|
||||
if (!ZipUtil::ZipUnCompress(pOut, codeLen, requestJsonStr, zipLen)) {
|
||||
return Constant::FAILURE;
|
||||
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request,
|
||||
const sptr<OnPermissionUsedRecord> &callback)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "queryGzipStr = %{public}s, callback = OnPermissionUsedRecord", request.c_str());
|
||||
MessageParcel data;
|
||||
if (!data.WriteString(request)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
|
||||
return false;
|
||||
}
|
||||
nlohmann::json jsonRes = nlohmann::json::parse(requestJsonStr, nullptr, false);
|
||||
query.from_json(jsonRes, query);
|
||||
if (!data.WriteRemoteObject(callback->AsObject())) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "failed to WriteRemoteObject(callback).");
|
||||
return false;
|
||||
}
|
||||
MessageParcel reply;
|
||||
int32_t code = ERROR;
|
||||
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS_ASYNCH, data, reply);
|
||||
if (ret) {
|
||||
QueryPermissionUsedRequest query;
|
||||
std::string requestJsonStr;
|
||||
if (ZipUtils::DecompressString(request, requestJsonStr) != ZipUtils::OK) {
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
nlohmann::json jsonRes = nlohmann::json::parse(requestJsonStr, nullptr, false);
|
||||
query.from_json(jsonRes, query);
|
||||
|
||||
if (query.bundleName == "success") {
|
||||
QueryPermissionUsedResult result;
|
||||
|
@ -13,38 +13,28 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
#include <iostream>
|
||||
#include "distributed_permission_kit.h"
|
||||
#include "app_id_info_helper_test.h"
|
||||
|
||||
using namespace testing::ext;
|
||||
using namespace OHOS::Security::Permission;
|
||||
using namespace std;
|
||||
|
||||
class AppIdInfoHelperTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
}
|
||||
|
||||
static void TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
};
|
||||
|
||||
void AppIdInfoHelperTest::SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
}
|
||||
void AppIdInfoHelperTest::TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void AppIdInfoHelperTest::SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void AppIdInfoHelperTest::TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
HWTEST_F(AppIdInfoHelperTest, Test01, Function | MediumTest | Level1)
|
||||
{
|
||||
pid_t pid = 1;
|
||||
|
@ -0,0 +1,39 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef APP_ID_INFO_HELPER_TEST_H
|
||||
#define APP_ID_INFO_HELPER_TEST_H
|
||||
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
#include <iostream>
|
||||
#include "gtest/gtest.h"
|
||||
#include "distributed_permission_kit.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class AppIdInfoHelperTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase();
|
||||
static void TearDownTestCase();
|
||||
void SetUp();
|
||||
void TearDown();
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // APP_ID_INFO_HELPER_TEST_H
|
@ -13,38 +13,29 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
#include <iostream>
|
||||
#include "app_id_info.h"
|
||||
#include "app_id_info_test.h"
|
||||
|
||||
using namespace testing::ext;
|
||||
using namespace OHOS::Security::Permission;
|
||||
using namespace std;
|
||||
|
||||
class AppIdInfoTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
}
|
||||
|
||||
static void TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
};
|
||||
|
||||
void AppIdInfoTest::SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
}
|
||||
void AppIdInfoTest::TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void AppIdInfoTest::SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void AppIdInfoTest::TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
HWTEST_F(AppIdInfoTest, Test01, Function | MediumTest | Level1)
|
||||
{
|
||||
AppIdInfo pidInvalidAppIdInfo;
|
||||
|
@ -0,0 +1,37 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef APP_ID_INFO_TEST_H
|
||||
#define APP_ID_INFO_TEST_H
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
#include <iostream>
|
||||
#include "gtest/gtest.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class AppIdInfoTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase();
|
||||
static void TearDownTestCase();
|
||||
void SetUp();
|
||||
void TearDown();
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // APP_ID_INFO_TEST_H
|
@ -1,89 +0,0 @@
|
||||
# Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import("//base/security/permission/permission.gni")
|
||||
import("//build/test.gni")
|
||||
|
||||
module_output_path = "permission_standard/permissiontest"
|
||||
|
||||
ohos_unittest("check_permission_inner_test") {
|
||||
module_out_path = module_output_path
|
||||
include_dirs = [
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/distributed_permission",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
|
||||
"${distributed_permission_services_path}/main/cpp/include/distributed",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
|
||||
"//third_party/json/single_include",
|
||||
"//utils/native/base/include",
|
||||
"//utils/system/safwk/native/include",
|
||||
"//third_party/json/include",
|
||||
"//third_party/zlib",
|
||||
"//base/notification/ans_standard/frameworks/wantagent:wantagent_innerkits",
|
||||
"//base/notification/ans_standard/frameworks/ans/core:ans_core",
|
||||
]
|
||||
|
||||
sources = [
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/app_id_info.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_death_recipient.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_kit.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_manager_client.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_stub.cpp",
|
||||
"${distributed_permission_innerkits_distributed_path}/test/mock/mock_distributed_permission_proxy.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/bundle_permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_result.cpp",
|
||||
"check_permission_inner_test.cpp",
|
||||
]
|
||||
|
||||
configs =
|
||||
[ "${distributed_permission_services_path}/test:permission_test_config" ]
|
||||
|
||||
deps = [
|
||||
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
|
||||
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
|
||||
"${permission_path}/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
|
||||
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/base:base",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
|
||||
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
|
||||
"//third_party/sqlite:sqlite",
|
||||
"//third_party/zlib:libz",
|
||||
"//utils/native/base:utils",
|
||||
]
|
||||
|
||||
external_deps = [
|
||||
"aafwk_standard:want",
|
||||
"dsoftbus_standard:softbus_client",
|
||||
"hiviewdfx_hilog_native:libhilog",
|
||||
"ipc:ipc_core",
|
||||
"safwk:system_ability_fwk",
|
||||
"samgr_standard:samgr_proxy",
|
||||
]
|
||||
}
|
||||
|
||||
group("unittest") {
|
||||
testonly = true
|
||||
|
||||
deps = [ ":check_permission_inner_test" ]
|
||||
}
|
@ -1,104 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
#include <iostream>
|
||||
#include "distributed_permission_kit.h"
|
||||
#include "distributed_permission_manager_client.h"
|
||||
#include "system_ability_definition.h"
|
||||
#include "distributed_permission_death_recipient.h"
|
||||
#include "permission_log.h"
|
||||
#include "iservice_registry.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "on_using_permission_reminder_stub.h"
|
||||
|
||||
using namespace testing::ext;
|
||||
using namespace OHOS::Security::Permission;
|
||||
using namespace std;
|
||||
|
||||
namespace OHOS {
|
||||
|
||||
pid_t IPCSkeleton::pid_ = 1;
|
||||
pid_t IPCSkeleton::uid_ = 1;
|
||||
std::string IPCSkeleton::localDeviceId_ = "1004";
|
||||
std::string IPCSkeleton::deviceId_ = "";
|
||||
|
||||
} // namespace OHOS
|
||||
|
||||
class CheckPermissionInnerTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
}
|
||||
|
||||
static void TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
|
||||
int CheckProxy()
|
||||
{
|
||||
OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
|
||||
OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (!systemAbilityManager) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
OHOS::sptr<OHOS::IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(
|
||||
IDistributedPermission::SA_ID_DISTRIBUTED_PERMISSION_MANAGER_SERVICE);
|
||||
if (!remoteObject) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
OHOS::sptr<IDistributedPermission> distributedPermissionProxyTest;
|
||||
|
||||
distributedPermissionProxyTest = OHOS::iface_cast<IDistributedPermission>(remoteObject);
|
||||
if ((!distributedPermissionProxyTest) || (!distributedPermissionProxyTest->AsObject())) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
OHOS::sptr<OHOS::IRemoteObject::DeathRecipient> recipientTest;
|
||||
recipientTest = new DistributedPermissionDeathRecipient();
|
||||
if (!recipientTest) {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
};
|
||||
|
||||
HWTEST_F(CheckPermissionInnerTest, Test01, Function | MediumTest | Level1)
|
||||
{
|
||||
int ret = -1;
|
||||
int exRet = CheckProxy();
|
||||
|
||||
string permissionName = "ohos.permission.test";
|
||||
string appIdInfo = "{\"deviceID\":\"1001\",\"pid\":1,\"uid\":2}";
|
||||
|
||||
ret = DistributedPermissionKit::CheckPermission(permissionName, appIdInfo);
|
||||
|
||||
EXPECT_EQ(exRet, ret);
|
||||
}
|
@ -19,8 +19,10 @@ module_output_path = "permission_standard/permissiontest"
|
||||
ohos_unittest("PermissionRemindInnerTest") {
|
||||
module_out_path = module_output_path
|
||||
include_dirs = [
|
||||
"permission_remind_inner_test.h",
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record",
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/distributed_permission",
|
||||
@ -47,8 +49,6 @@ ohos_unittest("PermissionRemindInnerTest") {
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_proxy.cpp",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_stub.cpp",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/permission_reminder_info.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/bundle_permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
|
||||
|
@ -12,21 +12,7 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
#include <iostream>
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
|
||||
#include "distributed_permission_kit.h"
|
||||
#include "distributed_permission_manager_client.h"
|
||||
#include "distributed_permission_death_recipient.h"
|
||||
#include "iservice_registry.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "on_using_permission_reminder_stub.h"
|
||||
#include "permission_log.h"
|
||||
#include "system_ability_definition.h"
|
||||
#include "permission_remind_inner_test.h"
|
||||
|
||||
using namespace testing::ext;
|
||||
using namespace OHOS::Security::Permission;
|
||||
@ -38,35 +24,30 @@ pid_t IPCSkeleton::uid_ = 1;
|
||||
std::string IPCSkeleton::localDeviceId_ = "1004";
|
||||
std::string IPCSkeleton::deviceId_ = "";
|
||||
} // namespace OHOS
|
||||
|
||||
class PermissionRemindInnerTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
void PermissionRemindInnerTest::SetUpTestCase()
|
||||
{
|
||||
cout << "SetUpTestCase()" << endl;
|
||||
}
|
||||
void PermissionRemindInnerTest::TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void PermissionRemindInnerTest::SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void PermissionRemindInnerTest::TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
int PermissionRemindInnerTest::CheckProxy()
|
||||
{
|
||||
OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
|
||||
OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (!systemAbilityManager) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void TearDownTestCase()
|
||||
{
|
||||
cout << "TearDownTestCase()" << endl;
|
||||
}
|
||||
void SetUp()
|
||||
{
|
||||
cout << "SetUp() is running" << endl;
|
||||
}
|
||||
void TearDown()
|
||||
{
|
||||
cout << "TearDown()" << endl;
|
||||
}
|
||||
|
||||
int CheckProxy()
|
||||
{
|
||||
OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
|
||||
OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
|
||||
if (!systemAbilityManager) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
OHOS::sptr<OHOS::IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(
|
||||
IDistributedPermission::SA_ID_DISTRIBUTED_PERMISSION_MANAGER_SERVICE);
|
||||
if (!remoteObject) {
|
||||
@ -80,32 +61,22 @@ public:
|
||||
return -1;
|
||||
}
|
||||
|
||||
OHOS::sptr<OHOS::IRemoteObject::DeathRecipient> recipientTest;
|
||||
recipientTest = new DistributedPermissionDeathRecipient();
|
||||
if (!recipientTest) {
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
std::unique_ptr<OHOS::IRemoteObject::DeathRecipient> recipientTest;
|
||||
recipientTest = std::make_unique<DistributedPermissionDeathRecipient>();
|
||||
if (!recipientTest) {
|
||||
return -1;
|
||||
}
|
||||
};
|
||||
|
||||
class TestCallback : public OnUsingPermissionReminderStub {
|
||||
public:
|
||||
TestCallback() = default;
|
||||
virtual ~TestCallback() = default;
|
||||
|
||||
std::string permName = "ohos.permission.CAMERA";
|
||||
void StartUsingPermission(const PermissionReminderInfo &permReminderInfo)
|
||||
{
|
||||
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
|
||||
}
|
||||
|
||||
void StopUsingPermission(const PermissionReminderInfo &permReminderInfo)
|
||||
{
|
||||
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
|
||||
}
|
||||
};
|
||||
return 0;
|
||||
}
|
||||
void PermissionRemindInnerTest::TestCallback::StartUsingPermission(const PermissionReminderInfo &permReminderInfo)
|
||||
{
|
||||
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
|
||||
}
|
||||
|
||||
void PermissionRemindInnerTest::TestCallback::StopUsingPermission(const PermissionReminderInfo &permReminderInfo)
|
||||
{
|
||||
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
|
||||
}
|
||||
HWTEST_F(PermissionRemindInnerTest, Test01, Function | MediumTest | Level1)
|
||||
{
|
||||
OHOS::sptr<TestCallback> callback(new TestCallback());
|
||||
|
@ -0,0 +1,48 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef PERMISSION_REMIND_INNER_TEST_H
|
||||
#define PERMISSION_REMIND_INNER_TEST_H
|
||||
|
||||
#include <thread>
|
||||
#include <functional>
|
||||
#include <iostream>
|
||||
#include "gtest/gtest.h"
|
||||
#include "distributed_permission_kit.h"
|
||||
#include "distributed_permission_manager_client.h"
|
||||
#include "distributed_permission_death_recipient.h"
|
||||
#include "iservice_registry.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "on_using_permission_reminder_stub.h"
|
||||
#include "permission_log.h"
|
||||
#include "system_ability_definition.h"
|
||||
|
||||
class PermissionRemindInnerTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase();
|
||||
static void TearDownTestCase();
|
||||
void SetUp();
|
||||
void TearDown();
|
||||
int CheckProxy();
|
||||
|
||||
class TestCallback : public OHOS::Security::Permission::OnUsingPermissionReminderStub {
|
||||
public:
|
||||
TestCallback() = default;
|
||||
virtual ~TestCallback() = default;
|
||||
std::string permName = "ohos.permission.CAMERA";
|
||||
void StartUsingPermission(const OHOS::Security::Permission::PermissionReminderInfo &permReminderInfo);
|
||||
void StopUsingPermission(const OHOS::Security::Permission::PermissionReminderInfo &permReminderInfo);
|
||||
};
|
||||
};
|
||||
#endif // PERMISSION_REMIND_INNER_TEST_H
|
@ -1,14 +0,0 @@
|
||||
# Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import("//build/ohos.gni")
|
@ -1,18 +0,0 @@
|
||||
# Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import("//build/ohos.gni")
|
||||
|
||||
group("napi_packages") {
|
||||
deps = [ "//base/security/permission/interfaces/kits/permission_standard/napi/permission_record_mgr:record" ]
|
||||
}
|
76
interfaces/kits/permission_standard/record/BUILD.gn
Normal file
76
interfaces/kits/permission_standard/record/BUILD.gn
Normal file
@ -0,0 +1,76 @@
|
||||
# Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import("//base/security/permission/permission.gni")
|
||||
import("//build/ohos.gni")
|
||||
|
||||
group("napi_packages") {
|
||||
deps = [ "//base/security/permission/interfaces/kits/permission_standard/record:record" ]
|
||||
}
|
||||
|
||||
ohos_shared_library("record") {
|
||||
include_dirs = [
|
||||
"//base/security/permission/frameworks/permission_standard/permissioninfrastructure",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler/include",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
|
||||
"${distributed_permission_frameworks_log_path}/main/cpp/include",
|
||||
"//foundation/ace/napi/interfaces/kits",
|
||||
"//third_party/json/single_include",
|
||||
"//third_party/node/src",
|
||||
"//utils/system/safwk/native/include",
|
||||
"//foundation/communication/dsoftbus/interfaces/kits/transport",
|
||||
"//foundation/communication/dsoftbus/interfaces/kits/common",
|
||||
"//foundation/communication/dsoftbus/interfaces/kits/bus_center",
|
||||
"//third_party/json/include",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
|
||||
"${distributed_permission_kits_path}/record/main/napi",
|
||||
]
|
||||
|
||||
sources = [
|
||||
"${distributed_permission_kits_path}/record/main/napi/native_module.cpp",
|
||||
"${distributed_permission_kits_path}/record/main/napi/permission_record_mgr.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/time_util.cpp",
|
||||
]
|
||||
|
||||
deps = [
|
||||
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
|
||||
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
|
||||
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
|
||||
"${distributed_permission_innerkits_sdk_path}:libpermissionsdk_standard",
|
||||
"${distributed_permission_services_path}:distributed_permission_services",
|
||||
"${permission_path}/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
|
||||
"//base/notification/ans_standard/frameworks/ans/core:ans_core",
|
||||
"//base/notification/ans_standard/frameworks/wantagent:wantagent_innerkits",
|
||||
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/base:base",
|
||||
"//foundation/ace/napi:ace_napi",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
|
||||
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
|
||||
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
|
||||
"//utils/native/base:utils",
|
||||
]
|
||||
cflags_cc = [ "-DHILOG_ENABLE" ]
|
||||
external_deps = [
|
||||
"aafwk_standard:want",
|
||||
"hiviewdfx_hilog_native:libhilog",
|
||||
"ipc:ipc_core",
|
||||
]
|
||||
|
||||
relative_install_dir = "module"
|
||||
subsystem_name = "security"
|
||||
part_name = "permission_standard"
|
||||
}
|
@ -14,6 +14,10 @@
|
||||
import("//base/security/permission/permission.gni")
|
||||
import("//build/ohos.gni")
|
||||
|
||||
group("napi_packages") {
|
||||
deps = [ "//base/security/permission/interfaces/kits/permission_standard/record/main/napi:record" ]
|
||||
}
|
||||
|
||||
ohos_shared_library("record") {
|
||||
include_dirs = [
|
||||
"//base/security/permission/frameworks/permission_standard/permissioninfrastructure",
|
||||
@ -24,35 +28,24 @@ ohos_shared_library("record") {
|
||||
"//third_party/json/single_include",
|
||||
"//third_party/node/src",
|
||||
"//utils/system/safwk/native/include",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
"${distributed_permission_services_path}/main/cpp/include/device",
|
||||
"${distributed_permission_services_path}/main/cpp/include/remote",
|
||||
"${distributed_permission_services_path}/main/cpp/include/command",
|
||||
"${distributed_permission_services_path}/main/cpp/include/protocol",
|
||||
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
|
||||
|
||||
"//foundation/communication/dsoftbus/interfaces/kits/transport",
|
||||
"//foundation/communication/dsoftbus/interfaces/kits/common",
|
||||
"//foundation/communication/dsoftbus/interfaces/kits/bus_center",
|
||||
"//third_party/json/include",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include",
|
||||
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr",
|
||||
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include",
|
||||
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
|
||||
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
|
||||
"//base/security/permission/interfaces/kits/permission_standard/napi/permission_record_mgr",
|
||||
"./",
|
||||
"${distributed_permission_kits_path}/record/main/napi",
|
||||
]
|
||||
|
||||
sources = [
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/external_deps.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/time_util.cpp",
|
||||
"native_module.cpp",
|
||||
"permission_record_mgr.cpp",
|
||||
]
|
||||
|
||||
deps = [
|
||||
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
|
||||
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
|
||||
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
|
||||
"${distributed_permission_innerkits_sdk_path}:libpermissionsdk_standard",
|
@ -39,7 +39,6 @@ static napi_value Init(napi_env env, napi_value exports)
|
||||
};
|
||||
NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc));
|
||||
|
||||
// HILOG_INFO("-----Init end------");
|
||||
return exports;
|
||||
}
|
||||
EXTERN_C_END
|
@ -18,6 +18,7 @@
|
||||
#include <cstdio>
|
||||
#include <cstring>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "napi/native_api.h"
|
||||
#include "napi/native_node_api.h"
|
||||
#include "permission_record_mgr.h"
|
@ -20,6 +20,7 @@
|
||||
#include "system_ability_definition.h"
|
||||
#include "singleton.h"
|
||||
#include "time_util.h"
|
||||
#include "bms_adapter.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
@ -388,9 +389,9 @@ static void ProcessQueryResult(napi_env env, napi_value result, const int32_t fl
|
||||
{
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "--------------------local deviceId is -----%{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleMgr;
|
||||
iBundleMgr = externalDeps->GetBundleManager(iBundleMgr);
|
||||
iBundleMgr = bmsAdapter->GetBundleManager();
|
||||
if (!iBundleMgr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "can not get iBundleMgr");
|
||||
}
|
||||
@ -448,11 +449,10 @@ napi_value GetPermissionRecord(napi_env env, napi_callback_info info)
|
||||
napi_value thisArg;
|
||||
void *data = nullptr;
|
||||
NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, &thisArg, &data));
|
||||
// PERMISSION_LOG_INFO(LABEL, "ARGCSIZE is =%{public}d.", argc);
|
||||
QueryPermissionUsedRequest request;
|
||||
ParseQuery(env, request, argv[0]);
|
||||
|
||||
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo{
|
||||
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo {
|
||||
.env = env, .asyncWork = nullptr, .deferred = nullptr, .flag = request.flag, .request = request};
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "GetPermissionRecord promise.");
|
||||
@ -501,11 +501,10 @@ napi_value GetPermissionRecordAsync(napi_env env, napi_callback_info info)
|
||||
napi_value thisArg;
|
||||
void *data = nullptr;
|
||||
NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, &thisArg, &data));
|
||||
// PERMISSION_LOG_INFO(LABEL, "ARGCSIZE is =%{public}d.", argc);
|
||||
QueryPermissionUsedRequest request;
|
||||
ParseQuery(env, request, argv[0]);
|
||||
|
||||
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo{
|
||||
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo {
|
||||
.env = env, .asyncWork = nullptr, .deferred = nullptr, .flag = request.flag, .request = request};
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "GetPermissionRecord asyncCallback.");
|
@ -21,7 +21,6 @@
|
||||
#include "constant.h"
|
||||
#include "device_info_manager.h"
|
||||
#include "distributed_permission_kit.h"
|
||||
#include "external_deps.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "napi/native_common.h"
|
||||
#include "napi/native_node_api.h"
|
@ -20,7 +20,7 @@
|
||||
}
|
||||
],
|
||||
"module_list": [
|
||||
"//base/security/permission/interfaces/kits/permission_standard/napi:napi_packages",
|
||||
"//base/security/permission/interfaces/kits/permission_standard/record/main/napi:napi_packages",
|
||||
"//base/security/permission:permission_build_module_standard",
|
||||
"//base/security/permission:distributed_permission"
|
||||
],
|
||||
|
@ -13,12 +13,13 @@
|
||||
|
||||
permission_path = "//base/security/permission"
|
||||
|
||||
distributed_permission_record_database_path =
|
||||
"${permission_path}/frameworks/permission_standard/permissionrecorddatabase"
|
||||
distributed_permission_database_path =
|
||||
"${permission_path}/frameworks/permission_standard/permissiondatabase"
|
||||
distributed_permission_frameworks_log_path =
|
||||
"${permission_path}/frameworks/permission_standard/permissioninfrastructure"
|
||||
distributed_permission_innerkits_distributed_path = "${permission_path}/interfaces/innerkits/permission_standard/distributedpermission"
|
||||
distributed_permission_kits_path = "${permission_path}/interfaces/kits/permission_standard/distributedpermission"
|
||||
distributed_permission_kits_path =
|
||||
"${permission_path}/interfaces/kits/permission_standard"
|
||||
distributed_permission_services_path = "${permission_path}/services/permission_standard/distributedpermissionmanagerservice"
|
||||
distributed_permission_standard_path =
|
||||
"${permission_path}/services/permission_standard"
|
||||
|
@ -17,7 +17,10 @@ import("//build/ohos.gni")
|
||||
config("distributed_permission_services_config") {
|
||||
visibility = [ ":*" ]
|
||||
|
||||
include_dirs = []
|
||||
include_dirs = [
|
||||
"${distributed_permission_services_path}/main/cpp/src/record",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
]
|
||||
|
||||
cflags = []
|
||||
if (target_cpu == "arm") {
|
||||
@ -44,13 +47,12 @@ config("distributed_permission_services_public_config") {
|
||||
"//third_party/node/src",
|
||||
"//utils/native/base/include",
|
||||
"//utils/system/safwk/native/include",
|
||||
"${distributed_permission_record_database_path}/main/cpp/include",
|
||||
"${distributed_permission_services_path}/main/cpp/include/command",
|
||||
"${distributed_permission_services_path}/main/cpp/include/common",
|
||||
"${distributed_permission_services_path}/main/cpp/include/device",
|
||||
"${distributed_permission_services_path}/main/cpp/src/device",
|
||||
"${distributed_permission_services_path}/main/cpp/include/distributed",
|
||||
"${distributed_permission_services_path}/main/cpp/include/protocol",
|
||||
"${distributed_permission_services_path}/main/cpp/include/record",
|
||||
"${distributed_permission_services_path}/main/cpp/include/remind",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
|
||||
@ -85,16 +87,15 @@ ohos_prebuilt_etc("distributedpermission_service.rc") {
|
||||
|
||||
ohos_shared_library("distributed_permission_services") {
|
||||
sources = [
|
||||
"${distributed_permission_database_path}/main/cpp/src/data_storage.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/generic_values.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/sqlite_helper.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/sqlite_storage.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/statement.cpp",
|
||||
"${distributed_permission_database_path}/main/cpp/src/variant_value.cpp",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_proxy.cpp",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_stub.cpp",
|
||||
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/permission_reminder_info.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/data_storage.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/data_translator.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/generic_values.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_helper.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_storage.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/statement.cpp",
|
||||
"${distributed_permission_record_database_path}/main/cpp/src/variant_value.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/command/base_remote_command.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/command/delete_uid_permission_command.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/command/get_uid_permission_command.cpp",
|
||||
@ -102,18 +103,15 @@ ohos_shared_library("distributed_permission_services") {
|
||||
"${distributed_permission_services_path}/main/cpp/src/command/request_remote_permission_command.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/command/sync_uid_permission_command.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/command/sync_uid_state_command.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/external_deps.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/time_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/device/device_info_manager.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/device/device_info_repository.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/app_info_fetcher.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/distributed_data_validator.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/distributed_uid_allocator.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/monitor_manager.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_json.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_json_object.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_permission_manager.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_permission_repository.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/distributed/on_request_permissions_result_proxy.cpp",
|
||||
@ -133,12 +131,15 @@ ohos_shared_library("distributed_permission_services") {
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/on_permission_used_record_proxy.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/on_permission_used_record_stub.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_record_dao.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_record_manager.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_record_repository.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/permission_visitor.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_result.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/remind/remind_info.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/remind/sensitive_permission_reminder.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/remote/remote_command_executor.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/remote/remote_command_factory.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/remote/remote_command_manager.cpp",
|
||||
@ -154,6 +155,7 @@ ohos_shared_library("distributed_permission_services") {
|
||||
"${distributed_permission_services_path}/main/cpp/src/sensitive/sensitive_resource_switch_setting.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/service/distributed_permission_event_handler.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/service/distributed_permission_manager_service.cpp",
|
||||
"${distributed_permission_services_path}/main/cpp/src/service/distributed_permission_stub.cpp",
|
||||
]
|
||||
|
||||
configs = [ ":distributed_permission_services_config" ]
|
||||
|
@ -21,6 +21,8 @@
|
||||
#include <string>
|
||||
#include <zlib.h>
|
||||
|
||||
#include "base64_util.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
@ -31,6 +33,12 @@ public:
|
||||
|
||||
static bool ZipUnCompress(
|
||||
const unsigned char *input, const unsigned long tlen, std::string &output, unsigned long len);
|
||||
|
||||
static bool CompressCode(
|
||||
const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output);
|
||||
|
||||
static bool UnCompressDeCode(
|
||||
const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -1,46 +1,46 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef DEVICE_INFO_H
|
||||
#define DEVICE_INFO_H
|
||||
|
||||
#include <string>
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
enum DeviceIdType {
|
||||
NETWORK_ID,
|
||||
UNIVERSALLY_UNIQUE_ID,
|
||||
UNIQUE_DISABILITY_ID,
|
||||
UNKNOWN,
|
||||
};
|
||||
|
||||
struct DeviceId {
|
||||
std::string networkId;
|
||||
std::string universallyUniqueId;
|
||||
std::string uniqueDisabilityId;
|
||||
};
|
||||
|
||||
struct DeviceInfo {
|
||||
DeviceId deviceId;
|
||||
std::string deviceName;
|
||||
std::string deviceType;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // DEVICE_INFO_H
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef DEVICE_INFO_H
|
||||
#define DEVICE_INFO_H
|
||||
|
||||
#include <string>
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
enum DeviceIdType {
|
||||
NETWORK_ID,
|
||||
UNIVERSALLY_UNIQUE_ID,
|
||||
UNIQUE_DISABILITY_ID,
|
||||
UNKNOWN,
|
||||
};
|
||||
|
||||
struct DeviceId {
|
||||
std::string networkId;
|
||||
std::string universallyUniqueId;
|
||||
std::string uniqueDisabilityId;
|
||||
};
|
||||
|
||||
struct DeviceInfo {
|
||||
DeviceId deviceId;
|
||||
std::string deviceName;
|
||||
std::string deviceType;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // DEVICE_INFO_H
|
@ -1,103 +1,104 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef DEVICE_INFO_MANAGER_H
|
||||
#define DEVICE_INFO_MANAGER_H
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "device_info_repository.h"
|
||||
#include "distributed_data_validator.h"
|
||||
#include "permission_log.h"
|
||||
#include "parameter.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "soft_bus_manager.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class DeviceInfoManager {
|
||||
public:
|
||||
static DeviceInfoManager &GetInstance();
|
||||
|
||||
/**
|
||||
* Get device info by device id.
|
||||
*
|
||||
* @param nodeId Device id.
|
||||
* @param deviceIdType Device id type {@link DeviceIdType}
|
||||
* @return Optional deviceInfo
|
||||
*/
|
||||
bool GetDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType, DeviceInfo &deviceInfo) const;
|
||||
|
||||
/**
|
||||
* Check device info exist. Online and local device info will be here.
|
||||
*
|
||||
* @param nodeId Device id.
|
||||
* @param deviceIdType Device id type {@link DeviceIdType}
|
||||
* @return True for exist, false otherwise.
|
||||
*/
|
||||
bool ExistDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType) const;
|
||||
|
||||
/**
|
||||
* Add device info with device ids and device properties.
|
||||
*
|
||||
* @param networkId Device networkId.
|
||||
* @param universallyUniqueId Device uuid.
|
||||
* @param uniqueDisabilityId Device udid.
|
||||
* @param deviceName Device name.
|
||||
* @param deviceType Device type.
|
||||
*/
|
||||
void AddDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
|
||||
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
|
||||
|
||||
/**
|
||||
* Remote all device info.
|
||||
*/
|
||||
void RemoveAllRemoteDeviceInfo();
|
||||
|
||||
/**
|
||||
* Remove one device info.
|
||||
*
|
||||
* @param nodeId Device id.
|
||||
*/
|
||||
void RemoveRemoteDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType);
|
||||
|
||||
/**
|
||||
* Convert nodeId to deviceId(UUID) if possible.
|
||||
*
|
||||
* @param nodeId which is considered as indefinite id, maybe deviceId(UUID) or networkId.
|
||||
* @return The deviceId if local or device online, otherwise return empty string.
|
||||
*/
|
||||
std::string ConvertToUniversallyUniqueIdOrFetch(const std::string &nodeId) const;
|
||||
|
||||
/**
|
||||
* Convert nodeId to deviceId(UDID) if possible.
|
||||
*
|
||||
* @param nodeId which is considered as indefinite id, maybe deviceId(UDID) or networkId.
|
||||
* @return The deviceId if local or device online, otherwise return empty string.
|
||||
*/
|
||||
std::string ConvertToUniqueDisabilityIdOrFetch(const std::string &nodeId) const;
|
||||
|
||||
/**
|
||||
* Check nodeId is uuid or not.
|
||||
*
|
||||
* @param nodeId Node id.
|
||||
* @return True if node id is uuid. False otherwise.
|
||||
*/
|
||||
bool IsDeviceUniversallyUniqueId(const std::string &nodeId) const;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_BASE_SERVICE_H
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef DEVICE_INFO_MANAGER_H
|
||||
#define DEVICE_INFO_MANAGER_H
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "device_info_repository.h"
|
||||
#include "distributed_data_validator.h"
|
||||
#include "permission_log.h"
|
||||
#include "parameter.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "soft_bus_manager.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class DeviceInfoManager {
|
||||
public:
|
||||
static DeviceInfoManager &GetInstance();
|
||||
|
||||
/**
|
||||
* Get device info by device id.
|
||||
*
|
||||
* @param nodeId Device id.
|
||||
* @param deviceIdType Device id type {@link DeviceIdType}
|
||||
* @return Optional deviceInfo
|
||||
*/
|
||||
bool GetDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType, DeviceInfo &deviceInfo) const;
|
||||
|
||||
/**
|
||||
* Check device info exist. Online and local device info will be here.
|
||||
*
|
||||
* @param nodeId Device id.
|
||||
* @param deviceIdType Device id type {@link DeviceIdType}
|
||||
* @return True for exist, false otherwise.
|
||||
*/
|
||||
bool ExistDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType) const;
|
||||
|
||||
/**
|
||||
* Add device info with device ids and device properties.
|
||||
*
|
||||
* @param networkId Device networkId.
|
||||
* @param universallyUniqueId Device uuid.
|
||||
* @param uniqueDisabilityId Device udid.
|
||||
* @param deviceName Device name.
|
||||
* @param deviceType Device type.
|
||||
*/
|
||||
void AddDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
|
||||
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
|
||||
|
||||
/**
|
||||
* Remote all device info.
|
||||
*/
|
||||
void RemoveAllRemoteDeviceInfo();
|
||||
|
||||
/**
|
||||
* Remove one device info.
|
||||
*
|
||||
* @param nodeId Device id.
|
||||
*/
|
||||
void RemoveRemoteDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType);
|
||||
|
||||
/**
|
||||
* Convert nodeId to deviceId(UUID) if possible.
|
||||
*
|
||||
* @param nodeId which is considered as indefinite id, maybe deviceId(UUID) or networkId.
|
||||
* @return The deviceId if local or device online, otherwise return empty string.
|
||||
*/
|
||||
std::string ConvertToUniversallyUniqueIdOrFetch(const std::string &nodeId) const;
|
||||
|
||||
/**
|
||||
* Convert nodeId to deviceId(UDID) if possible.
|
||||
*
|
||||
* @param nodeId which is considered as indefinite id, maybe deviceId(UDID) or networkId.
|
||||
* @return The deviceId if local or device online, otherwise return empty string.
|
||||
*/
|
||||
std::string ConvertToUniqueDisabilityIdOrFetch(const std::string &nodeId) const;
|
||||
|
||||
/**
|
||||
* Check nodeId is uuid or not.
|
||||
*
|
||||
* @param nodeId Node id.
|
||||
* @return True if node id is uuid. False otherwise.
|
||||
*/
|
||||
bool IsDeviceUniversallyUniqueId(const std::string &nodeId) const;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // DEVICE_INFO_MANAGER_H
|
@ -23,7 +23,6 @@
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
|
||||
enum class AppAttribute {
|
||||
// Attribute indicates the application is installed in the device's system image.
|
||||
APP_ATTRIBUTE_PRESET = 1 << 0,
|
||||
@ -46,7 +45,6 @@ public:
|
||||
private:
|
||||
std::map<int32_t, int32_t> attributeBuffer_;
|
||||
};
|
||||
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
@ -97,7 +97,7 @@ private:
|
||||
|
||||
std::recursive_mutex stackLock_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_BASE_SERVICE_H
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // DISTRIBUTED_UID_ALLOCATOR_H
|
@ -27,9 +27,7 @@
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
|
||||
class MonitorManager {
|
||||
|
||||
public:
|
||||
using OnPermissionChangedCallback = std::function<void(int uid, const std::string &packageName)>;
|
||||
using OnDeviceOnlineCallback = std::function<void(const std::string &deviceId, const std::string &deviceNetworkId)>;
|
||||
@ -115,7 +113,6 @@ private:
|
||||
// mutex for device listener maps
|
||||
std::mutex deviceMutex_;
|
||||
};
|
||||
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
@ -13,13 +13,13 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PERMISSION_OBJECT_DEVICE_JSON_H
|
||||
#define PERMISSION_OBJECT_DEVICE_JSON_H
|
||||
#ifndef PERMISSION_OBJECT_DEVICE_JSON_OBJECT_H
|
||||
#define PERMISSION_OBJECT_DEVICE_JSON_OBJECT_H
|
||||
#include <string>
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
struct ObjectDeviceJson {
|
||||
struct ObjectDeviceJsonObject {
|
||||
std::string deviceId_;
|
||||
std::string uid_;
|
||||
std::string grantedPermission_;
|
||||
@ -29,4 +29,4 @@ struct ObjectDeviceJson {
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // FOUNDATION_REQ_PERMISSION_DETAIL_H
|
||||
#endif // PERMISSION_OBJECT_DEVICE_JSON_OBJECT_H
|
@ -1,200 +1,197 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef OBJECT_DEVICE_PERMISSON_MANAGER_H
|
||||
#define OBJECT_DEVICE_PERMISSON_MANAGER_H
|
||||
#include <string>
|
||||
#include <set>
|
||||
#include <mutex>
|
||||
#include <atomic>
|
||||
#include <condition_variable>
|
||||
#include "permission_log.h"
|
||||
#include "distributed_data_validator.h"
|
||||
#include "object_device_permission_repository.h"
|
||||
#include "monitor_manager.h"
|
||||
#include "data_validator.h"
|
||||
#include "constant.h"
|
||||
#include "external_deps.h"
|
||||
#include "device_info_manager.h"
|
||||
#include "device_info.h"
|
||||
#include "permission_bms_manager.h"
|
||||
#include "user_handle_manager.h"
|
||||
#include "permission_log.h"
|
||||
#include "base_remote_command.h"
|
||||
#include "sync_uid_permission_command.h"
|
||||
#include "remote_command_manager.h"
|
||||
#include "delete_uid_permission_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
/**
|
||||
* Object device permission manager.<br/>
|
||||
* This class manage the subscription information between which device copied local uid's permission.
|
||||
*/
|
||||
class ObjectDevicePermissionManager {
|
||||
public:
|
||||
virtual ~ObjectDevicePermissionManager();
|
||||
/**
|
||||
* Get singleton instance.
|
||||
*
|
||||
* @return This singleton instance.
|
||||
*/
|
||||
static ObjectDevicePermissionManager &GetInstance();
|
||||
/**
|
||||
* If not successfully recovered, recover from file.
|
||||
*/
|
||||
void Init();
|
||||
// clear object device's caches
|
||||
void Clear();
|
||||
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
|
||||
* for all deviceIds that has a relationship with given uid.
|
||||
*
|
||||
* @param uid The operation uid in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1.
|
||||
*/
|
||||
int32_t NotifyPermissionChanged(const int32_t uid);
|
||||
/**
|
||||
* Operation function. Add a new uid to deviceId relationship, store in the repository.
|
||||
* <p>
|
||||
* Check input parameter first. If:
|
||||
* <ol>
|
||||
* <li>DeviceId or uid is invalid, will return <b>FAILURE</b>, and do not add.
|
||||
* <li>Uid is the special ruid, which is defined by DuidTranslator are 0 or 1000, will return <b>SUCCESS</b>, and do
|
||||
* not add.
|
||||
* </ol>
|
||||
* The survivor will be saved to repository.
|
||||
*
|
||||
* @param deviceId The operation device id, unique, for remote device.
|
||||
* @param uid The operation uid, in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1
|
||||
*/
|
||||
int32_t AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid);
|
||||
/**
|
||||
* Notify current device sync {@code uid}'s permissions to object device while distributed business is scheduling.
|
||||
*
|
||||
* @param deviceId The object device's deviceId, for remote device.
|
||||
* @param uid The application uid in local device.
|
||||
* @param packageName The package name.
|
||||
* @return Result code indicates sync permission successfully, SUCCESS: 0, FAILURE: -1, INVALID_DEVICE_ID: -3.
|
||||
*/
|
||||
int32_t NotifySyncPermission(std::string &deviceId, int32_t uid, std::string &packageName);
|
||||
/**
|
||||
* verify device whether has been granted permission with the given name to access the remote device.
|
||||
*
|
||||
* @param permission permission name.
|
||||
* @param deviceId Remote device id, not null.
|
||||
* @param pid The Caller Pid
|
||||
* @param uid The Caller Uid
|
||||
* @return 0 Granted, -1 Denied.
|
||||
*/
|
||||
int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
|
||||
/**
|
||||
* Reset the sensitive permission that have been granted by object device
|
||||
*
|
||||
* @param deviceId Remote device id.
|
||||
* @param uid local uid.
|
||||
* @param permissions the sensitive permission that have been granted by object device
|
||||
*/
|
||||
void ResetGrantSensitivePermission(std::string &deviceId, int32_t uid, std::set<std::string> &permissions);
|
||||
/**
|
||||
* Delete all uid relationship with this deviceId.
|
||||
*
|
||||
* @param deviceId The operation deviceId, unique, for remote device.
|
||||
*/
|
||||
void RemoveObject(const std::string &deviceId);
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
|
||||
* deviceIds that has a relationship with given uid which has a relationship with given userId, remove them from
|
||||
* repository anyway.
|
||||
*
|
||||
* @param userId The operation userId in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1
|
||||
*/
|
||||
int32_t RemoveNotifyPermissionMonitorUserId(const int32_t userId);
|
||||
|
||||
private:
|
||||
std::mutex mutex_;
|
||||
std::atomic<bool> recovered_;
|
||||
std::atomic<bool> registered_;
|
||||
std::recursive_mutex remove_notify_permission_monitor_user_id_locl_;
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
|
||||
/**
|
||||
* Rom may forward a special uid which is -1, we will ignore this.
|
||||
*/
|
||||
static const int32_t SPECIAL_INVALID_UID = -1;
|
||||
/**
|
||||
* Max timeout limit when notify permission changed.
|
||||
*/
|
||||
static const int32_t MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT = 1000;
|
||||
|
||||
static const int32_t NOTIFY_PERMISSION_CHANGED_TIMEOUT = 200;
|
||||
|
||||
private:
|
||||
ObjectDevicePermissionManager();
|
||||
int32_t ProcessDeviceCommandImmediately(const int32_t uid, const std::set<std::string> &devicesToSync);
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
|
||||
* deviceIds that has a relationship with given uid, remove them from repository anyway.
|
||||
*
|
||||
* @param uid The operation uid in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1
|
||||
*/
|
||||
int32_t RemoveNotifyPermissionMonitorUid(const int32_t uid);
|
||||
int32_t VerifyPermissionFromRemoteInner(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
|
||||
bool IsValidVerificationParams(const std::string &permission, const std::string &deviceId, const int32_t uid);
|
||||
};
|
||||
class CountDownLatch {
|
||||
public:
|
||||
CountDownLatch(uint32_t count) : count_(count)
|
||||
{}
|
||||
virtual ~CountDownLatch() = default;
|
||||
uint32_t GetCount()
|
||||
{
|
||||
std::lock_guard<std::mutex> guard(mutex_);
|
||||
return count_;
|
||||
}
|
||||
void CountDown() noexcept
|
||||
{
|
||||
std::lock_guard<std::mutex> guard(mutex_);
|
||||
if (count_ == 0) {
|
||||
return;
|
||||
}
|
||||
--count_;
|
||||
if (count_ == 0) {
|
||||
cv_.notify_all();
|
||||
}
|
||||
}
|
||||
|
||||
void Await(long time) noexcept
|
||||
{
|
||||
std::unique_lock<std::mutex> lock(mutex_);
|
||||
cv_.wait_for(lock, std::chrono::milliseconds(time), [this] { return count_ == 0; });
|
||||
}
|
||||
|
||||
private:
|
||||
std::mutex mutex_;
|
||||
std::condition_variable cv_;
|
||||
uint32_t count_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef OBJECT_DEVICE_PERMISSON_MANAGER_H
|
||||
#define OBJECT_DEVICE_PERMISSON_MANAGER_H
|
||||
#include <string>
|
||||
#include <set>
|
||||
#include <mutex>
|
||||
#include <atomic>
|
||||
#include <condition_variable>
|
||||
#include "permission_log.h"
|
||||
#include "distributed_data_validator.h"
|
||||
#include "object_device_permission_repository.h"
|
||||
#include "monitor_manager.h"
|
||||
#include "data_validator.h"
|
||||
#include "constant.h"
|
||||
#include "device_info_manager.h"
|
||||
#include "device_info.h"
|
||||
#include "permission_bms_manager.h"
|
||||
#include "user_handle_manager.h"
|
||||
#include "permission_log.h"
|
||||
#include "base_remote_command.h"
|
||||
#include "sync_uid_permission_command.h"
|
||||
#include "remote_command_manager.h"
|
||||
#include "delete_uid_permission_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
/**
|
||||
* Object device permission manager.<br/>
|
||||
* This class manage the subscription information between which device copied local uid's permission.
|
||||
*/
|
||||
class ObjectDevicePermissionManager {
|
||||
public:
|
||||
virtual ~ObjectDevicePermissionManager();
|
||||
/**
|
||||
* Get singleton instance.
|
||||
*
|
||||
* @return This singleton instance.
|
||||
*/
|
||||
static ObjectDevicePermissionManager &GetInstance();
|
||||
/**
|
||||
* If not successfully recovered, recover from file.
|
||||
*/
|
||||
void Init();
|
||||
// clear object device's caches
|
||||
void Clear();
|
||||
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
|
||||
* for all deviceIds that has a relationship with given uid.
|
||||
*
|
||||
* @param uid The operation uid in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1.
|
||||
*/
|
||||
int32_t NotifyPermissionChanged(const int32_t uid);
|
||||
/**
|
||||
* Operation function. Add a new uid to deviceId relationship, store in the repository.
|
||||
* <ol>
|
||||
* <li>DeviceId or uid is invalid, will return <b>FAILURE</b>, and do not add.
|
||||
* <li>Uid is the special ruid, which is defined by DuidTranslator are 0 or 1000, will return <b>SUCCESS</b>, and do
|
||||
* not add.
|
||||
* </ol>
|
||||
* The survivor will be saved to repository.
|
||||
*
|
||||
* @param deviceId The operation device id, unique, for remote device.
|
||||
* @param uid The operation uid, in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1
|
||||
*/
|
||||
int32_t AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid);
|
||||
/**
|
||||
* Notify current device sync {@code uid}'s permissions to object device while distributed business is scheduling.
|
||||
*
|
||||
* @param deviceId The object device's deviceId, for remote device.
|
||||
* @param uid The application uid in local device.
|
||||
* @param packageName The package name.
|
||||
* @return Result code indicates sync permission successfully, SUCCESS: 0, FAILURE: -1, INVALID_DEVICE_ID: -3.
|
||||
*/
|
||||
int32_t NotifySyncPermission(std::string &deviceId, int32_t uid, std::string &packageName);
|
||||
/**
|
||||
* verify device whether has been granted permission with the given name to access the remote device.
|
||||
*
|
||||
* @param permission permission name.
|
||||
* @param deviceId Remote device id, not null.
|
||||
* @param pid The Caller Pid
|
||||
* @param uid The Caller Uid
|
||||
* @return 0 Granted, -1 Denied.
|
||||
*/
|
||||
int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
|
||||
/**
|
||||
* Reset the sensitive permission that have been granted by object device
|
||||
*
|
||||
* @param deviceId Remote device id.
|
||||
* @param uid local uid.
|
||||
* @param permissions the sensitive permission that have been granted by object device
|
||||
*/
|
||||
void ResetGrantSensitivePermission(std::string &deviceId, int32_t uid, std::set<std::string> &permissions);
|
||||
/**
|
||||
* Delete all uid relationship with this deviceId.
|
||||
*
|
||||
* @param deviceId The operation deviceId, unique, for remote device.
|
||||
*/
|
||||
void RemoveObject(const std::string &deviceId);
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
|
||||
* deviceIds that has a relationship with given uid which has a relationship with given userId, remove them from
|
||||
* repository anyway.
|
||||
*
|
||||
* @param userId The operation userId in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1
|
||||
*/
|
||||
int32_t RemoveNotifyPermissionMonitorUserId(const int32_t userId);
|
||||
|
||||
private:
|
||||
std::mutex mutex_;
|
||||
std::atomic<bool> recovered_;
|
||||
std::atomic<bool> registered_;
|
||||
std::recursive_mutex remove_notify_permission_monitor_user_id_locl_;
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
|
||||
/**
|
||||
* Rom may forward a special uid which is -1, we will ignore this.
|
||||
*/
|
||||
static const int32_t SPECIAL_INVALID_UID = -1;
|
||||
/**
|
||||
* Max timeout limit when notify permission changed.
|
||||
*/
|
||||
static const int32_t MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT = 1000;
|
||||
|
||||
static const int32_t NOTIFY_PERMISSION_CHANGED_TIMEOUT = 200;
|
||||
|
||||
private:
|
||||
ObjectDevicePermissionManager();
|
||||
int32_t ProcessDeviceCommandImmediately(const int32_t uid, const std::set<std::string> &devicesToSync) const;
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
|
||||
* deviceIds that has a relationship with given uid, remove them from repository anyway.
|
||||
*
|
||||
* @param uid The operation uid in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1
|
||||
*/
|
||||
int32_t RemoveNotifyPermissionMonitorUid(const int32_t uid);
|
||||
int32_t VerifyPermissionFromRemoteInner(const std::string &permission, const std::string &deviceId,
|
||||
const int32_t pid, const int32_t uid);
|
||||
bool IsValidVerificationParams(const std::string &permission, const std::string &deviceId, const int32_t uid) const;
|
||||
};
|
||||
class CountDownLatch {
|
||||
public:
|
||||
CountDownLatch(uint32_t count) : count_(count)
|
||||
{}
|
||||
virtual ~CountDownLatch() = default;
|
||||
uint32_t GetCount()
|
||||
{
|
||||
std::lock_guard<std::mutex> guard(mutex_);
|
||||
return count_;
|
||||
}
|
||||
void CountDown() noexcept
|
||||
{
|
||||
std::lock_guard<std::mutex> guard(mutex_);
|
||||
if (count_ == 0) {
|
||||
return;
|
||||
}
|
||||
--count_;
|
||||
if (count_ == 0) {
|
||||
cv_.notify_all();
|
||||
}
|
||||
}
|
||||
|
||||
void Await(long time) noexcept
|
||||
{
|
||||
std::unique_lock<std::mutex> lock(mutex_);
|
||||
cv_.wait_for(lock, std::chrono::milliseconds(time), [this] { return count_ == 0; });
|
||||
}
|
||||
|
||||
private:
|
||||
std::mutex mutex_;
|
||||
std::condition_variable cv_;
|
||||
uint32_t count_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // OBJECT_DEVICE_PERMISSON_MANAGER_H
|
@ -1,146 +1,146 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef OBJECT_DEVICE_PERMISSION_REPOSITORY
|
||||
#define OBJECT_DEVICE_PERMISSION_REPOSITORY
|
||||
#include <string>
|
||||
#include <memory>
|
||||
#include <map>
|
||||
#include <set>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <vector>
|
||||
#include "nlohmann/json.hpp"
|
||||
#include "constant.h"
|
||||
#include "base_remote_command.h"
|
||||
#include "object_device_json.h"
|
||||
#include "permission_log.h"
|
||||
#include "permission_log.h"
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class ObjectUid {
|
||||
public:
|
||||
ObjectUid(int32_t uid) : uid_(uid)
|
||||
{}
|
||||
virtual ~ObjectUid() = default;
|
||||
int32_t GetUid();
|
||||
std::set<std::string> GetGrabtedPermission();
|
||||
void ResetGrantSensitivePermission(std::set<std::string> permissions);
|
||||
bool IsGrantPermission(std::string permission);
|
||||
ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission);
|
||||
|
||||
private:
|
||||
int32_t uid_;
|
||||
std::set<std::string> grantedPermission_;
|
||||
std::recursive_mutex object_uid_locl_;
|
||||
}; // end of ObjectUid
|
||||
class ObjectDevice {
|
||||
public:
|
||||
ObjectDevice(const std::string &deviceId) : deviceId_(deviceId)
|
||||
{}
|
||||
ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions);
|
||||
virtual ~ObjectDevice() = default;
|
||||
std::string GetDeviceId();
|
||||
bool ContainUid(int32_t uid);
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> GetUidPermissions();
|
||||
void AddObjectUid(int32_t uid);
|
||||
void RemoveObjectUid(int32_t uid);
|
||||
void ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions);
|
||||
bool IsGrantPermission(int32_t uid, std::string permission);
|
||||
|
||||
private:
|
||||
const std::string deviceId_;
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions_;
|
||||
std::recursive_mutex object_device_locl_;
|
||||
}; // end of ObjectDevice
|
||||
/**
|
||||
* Repository level, store the relationship from deviceId to uid, and provide the operation function CRUD.
|
||||
*
|
||||
* @since 3
|
||||
*/
|
||||
class ObjectDevicePermissionRepository {
|
||||
public:
|
||||
virtual ~ObjectDevicePermissionRepository();
|
||||
static ObjectDevicePermissionRepository &GetInstance();
|
||||
/**
|
||||
* Recover data from file.
|
||||
*
|
||||
* @return Recover result, Success: true; Fail: false.
|
||||
*/
|
||||
bool RecoverFromFile();
|
||||
/**
|
||||
* Persist and save data to file.
|
||||
*/
|
||||
void SaveToFile();
|
||||
void PutDeviceIdUidPair(const std::string deviceId, const int32_t uid);
|
||||
std::set<int32_t> ListAllUid();
|
||||
|
||||
std::set<std::string> ListDeviceId(const int32_t uid);
|
||||
/**
|
||||
* Operation function. Remove uid from all device to uid relationship. If none exist, then nothing happened.
|
||||
*
|
||||
* @param uid The operation uid.
|
||||
*/
|
||||
void RemoveUid(const int32_t uid);
|
||||
/**
|
||||
* Verify if one Uid have sensistive permission from deviceId
|
||||
*
|
||||
* @param permission the permission to check
|
||||
* @param deviceId the deviceId who grant the permission to uid
|
||||
* @param pid the pid of the caller
|
||||
* @param uid the local uid
|
||||
* @return 0: grant the permission, otherwise reject
|
||||
*/
|
||||
int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
|
||||
|
||||
std::shared_ptr<ObjectDevice> GetOrCreateObjectDevice(std::string &deviceId);
|
||||
|
||||
/**
|
||||
* Operation function. Remove all uid for under this device id. If none exist, then nothing happened.
|
||||
*
|
||||
* @param deviceId The operation device id.
|
||||
*/
|
||||
void RemoveDeviceId(const std::string &deviceId);
|
||||
/**
|
||||
* Clear the map.
|
||||
*/
|
||||
void Clear();
|
||||
|
||||
protected:
|
||||
private:
|
||||
ObjectDevicePermissionRepository();
|
||||
|
||||
static ObjectDevicePermissionRepository instance_;
|
||||
|
||||
bool IsGrantPermission(int32_t uid, std::string permission);
|
||||
std::vector<ObjectDeviceJson> GetDevicesJsonVector();
|
||||
|
||||
private:
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>> objectDevices_;
|
||||
std::recursive_mutex object_devices_locl_;
|
||||
const std::string repository_file_path_ = "/data/distribute_permission_subscriber";
|
||||
}; // end of ObjectDevicePermissionRepository
|
||||
|
||||
struct DevicesJsonVector {
|
||||
std::vector<ObjectDeviceJson> devicesJson_;
|
||||
};
|
||||
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector);
|
||||
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector);
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef OBJECT_DEVICE_PERMISSION_REPOSITORY
|
||||
#define OBJECT_DEVICE_PERMISSION_REPOSITORY
|
||||
#include <string>
|
||||
#include <memory>
|
||||
#include <map>
|
||||
#include <set>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <vector>
|
||||
#include "nlohmann/json.hpp"
|
||||
#include "constant.h"
|
||||
#include "base_remote_command.h"
|
||||
#include "object_device_json_object.h"
|
||||
#include "permission_log.h"
|
||||
#include "permission_log.h"
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class ObjectUid {
|
||||
public:
|
||||
ObjectUid(int32_t uid) : uid_(uid)
|
||||
{}
|
||||
virtual ~ObjectUid() = default;
|
||||
int32_t GetUid();
|
||||
std::set<std::string> GetGrantedPermission() const;
|
||||
void ResetGrantSensitivePermission(std::set<std::string> permissions);
|
||||
bool IsGrantPermission(std::string permission) const;
|
||||
ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission);
|
||||
|
||||
private:
|
||||
int32_t uid_;
|
||||
std::set<std::string> grantedPermission_;
|
||||
std::recursive_mutex object_uid_locl_;
|
||||
}; // end of ObjectUid
|
||||
class ObjectDevice {
|
||||
public:
|
||||
ObjectDevice(const std::string &deviceId) : deviceId_(deviceId)
|
||||
{}
|
||||
ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions);
|
||||
virtual ~ObjectDevice() = default;
|
||||
std::string GetDeviceId() const;
|
||||
bool ContainUid(int32_t uid) const;
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> GetUidPermissions();
|
||||
void AddObjectUid(int32_t uid);
|
||||
void RemoveObjectUid(int32_t uid);
|
||||
void ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions);
|
||||
bool IsGrantPermission(int32_t uid, std::string permission);
|
||||
|
||||
private:
|
||||
const std::string deviceId_;
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions_;
|
||||
std::recursive_mutex object_device_locl_;
|
||||
}; // end of ObjectDevice
|
||||
/**
|
||||
* Repository level, store the relationship from deviceId to uid, and provide the operation function CRUD.
|
||||
*
|
||||
* @since 3
|
||||
*/
|
||||
class ObjectDevicePermissionRepository {
|
||||
public:
|
||||
virtual ~ObjectDevicePermissionRepository();
|
||||
static ObjectDevicePermissionRepository &GetInstance();
|
||||
/**
|
||||
* Recover data from file.
|
||||
*
|
||||
* @return Recover result, Success: true; Fail: false.
|
||||
*/
|
||||
bool RecoverFromFile();
|
||||
/**
|
||||
* Persist and save data to file.
|
||||
*/
|
||||
void SaveToFile();
|
||||
void PutDeviceIdUidPair(const std::string deviceId, const int32_t uid);
|
||||
std::set<int32_t> ListAllUid();
|
||||
|
||||
std::set<std::string> ListDeviceId(const int32_t uid);
|
||||
/**
|
||||
* Operation function. Remove uid from all device to uid relationship. If none exist, then nothing happened.
|
||||
*
|
||||
* @param uid The operation uid.
|
||||
*/
|
||||
void RemoveUid(const int32_t uid);
|
||||
/**
|
||||
* Verify if one Uid have sensistive permission from deviceId
|
||||
*
|
||||
* @param permission the permission to check
|
||||
* @param deviceId the deviceId who grant the permission to uid
|
||||
* @param pid the pid of the caller
|
||||
* @param uid the local uid
|
||||
* @return 0: grant the permission, otherwise reject
|
||||
*/
|
||||
int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
|
||||
|
||||
std::shared_ptr<ObjectDevice> GetOrCreateObjectDevice(std::string &deviceId);
|
||||
|
||||
/**
|
||||
* Operation function. Remove all uid for under this device id. If none exist, then nothing happened.
|
||||
*
|
||||
* @param deviceId The operation device id.
|
||||
*/
|
||||
void RemoveDeviceId(const std::string &deviceId);
|
||||
/**
|
||||
* Clear the map.
|
||||
*/
|
||||
void Clear();
|
||||
|
||||
protected:
|
||||
private:
|
||||
ObjectDevicePermissionRepository();
|
||||
|
||||
static ObjectDevicePermissionRepository instance_;
|
||||
|
||||
bool IsGrantPermission(int32_t uid, std::string permission);
|
||||
std::vector<ObjectDeviceJsonObject> GetDevicesJsonVector();
|
||||
|
||||
private:
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>> objectDevices_;
|
||||
std::recursive_mutex object_devices_locl_;
|
||||
const std::string repository_file_path_ = "/data/distribute_permission_subscriber";
|
||||
}; // end of ObjectDevicePermissionRepository
|
||||
|
||||
struct DevicesJsonVector {
|
||||
std::vector<ObjectDeviceJsonObject> devicesJson_;
|
||||
};
|
||||
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector);
|
||||
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector);
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // OBJECT_DEVICE_PERMISSON_MANAGER_H
|
@ -20,7 +20,6 @@
|
||||
#include <memory>
|
||||
#include <functional>
|
||||
#include "refbase.h"
|
||||
#include "external_deps.h"
|
||||
|
||||
#include "app_info_fetcher.h"
|
||||
#include "permission_fetcher.h"
|
||||
|
@ -17,7 +17,6 @@
|
||||
|
||||
#include "common_event.h"
|
||||
#include "common_event_manager.h"
|
||||
#include "external_deps.h"
|
||||
#include "permission_fetcher.h"
|
||||
#include "permission_record_manager.h"
|
||||
|
||||
|
@ -1,47 +1,48 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PERMISSION_DEF
|
||||
#define PERMISSION_DEF
|
||||
|
||||
#include <string>
|
||||
#include <set>
|
||||
#include "external_deps.h"
|
||||
#include "nocopyable.h"
|
||||
#include "permission.h"
|
||||
#include "permission_def.h"
|
||||
#include "permission_log.h"
|
||||
#include "distributed_data_validator.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
struct PermissionDefinition {
|
||||
public:
|
||||
static PermissionDefinition &GetInstance();
|
||||
|
||||
~PermissionDefinition();
|
||||
|
||||
bool IsRestrictedPermission(const std::string &permissionName);
|
||||
|
||||
private:
|
||||
PermissionDefinition();
|
||||
|
||||
DISALLOW_COPY_AND_MOVE(PermissionDefinition);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_DEF
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef PERMISSION_DEFINITION
|
||||
#define PERMISSION_DEFINITION
|
||||
|
||||
#include <string>
|
||||
#include <set>
|
||||
#include "pms_adapter.h"
|
||||
#include "nocopyable.h"
|
||||
#include "permission.h"
|
||||
#include "permission_def.h"
|
||||
#include "permission_log.h"
|
||||
#include "distributed_data_validator.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
struct PermissionDefinition {
|
||||
public:
|
||||
static PermissionDefinition &GetInstance();
|
||||
|
||||
~PermissionDefinition();
|
||||
|
||||
bool IsRestrictedPermission(const std::string &permissionName);
|
||||
|
||||
private:
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
PermissionDefinition();
|
||||
|
||||
DISALLOW_COPY_AND_MOVE(PermissionDefinition);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_DEFINITION
|
||||
|
@ -25,7 +25,7 @@ class PermissionListener final {
|
||||
public:
|
||||
static void Init();
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_LISTENER_H
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_LISTENER_H
|
@ -1,58 +1,57 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef PERMISSION_RE_GRANTER_H
|
||||
#define PERMISSION_RE_GRANTER_H
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "external_deps.h"
|
||||
#include "permission_fetcher.h"
|
||||
#include "base_remote_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class PermissionReGranter final {
|
||||
public:
|
||||
static void ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo);
|
||||
static bool IsGranted(const PermissionDto& permission);
|
||||
static bool IsRemoteGranted(const PermissionDto& permission);
|
||||
static void SetStatusGranted(const bool isGranted, PermissionDto& permission);
|
||||
static void SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission);
|
||||
|
||||
private:
|
||||
static void GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo);
|
||||
static bool VerifySignatruePermission(const PermissionDefParcel& permInfo, const UidBundleBo& uidBundlePermInfo);
|
||||
|
||||
private:
|
||||
static const int FLAG_PERMISSION_DEFINED_BY_SYSTEM = 1 << 0;
|
||||
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED = 1 << 0;
|
||||
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED = 1 << 1;
|
||||
static const int FLAG_PERMISSION_STATUS_REMOTE_GRANTED = 1 << 3;
|
||||
enum TypeOfGrantMode {
|
||||
USER_GRANT = 0,
|
||||
SYSTEM_GRANT = 1,
|
||||
};
|
||||
|
||||
enum TypeOfAvailableScope {
|
||||
AVAILABLE_SCOPE_ALL = 1 << 0,
|
||||
AVAILABLE_SCOPE_SIGNATURE = 1 << 1,
|
||||
AVAILABLE_SCOPE_RESTRICTED = 1 << 2
|
||||
};
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef PERMISSION_RE_GRANTER_H
|
||||
#define PERMISSION_RE_GRANTER_H
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "permission_fetcher.h"
|
||||
#include "base_remote_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class PermissionReGranter final {
|
||||
public:
|
||||
static void ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo);
|
||||
static bool IsGranted(const PermissionDto& permission);
|
||||
static bool IsRemoteGranted(const PermissionDto& permission);
|
||||
static void SetStatusGranted(const bool isGranted, PermissionDto& permission);
|
||||
static void SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission);
|
||||
|
||||
private:
|
||||
static void GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo);
|
||||
static bool VerifySignatruePermission(const PermissionDefParcel& permInfo, const UidBundleBo& uidBundlePermInfo);
|
||||
|
||||
private:
|
||||
static const int FLAG_PERMISSION_DEFINED_BY_SYSTEM = 1 << 0;
|
||||
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED = 1 << 0;
|
||||
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED = 1 << 1;
|
||||
static const int FLAG_PERMISSION_STATUS_REMOTE_GRANTED = 1 << 3;
|
||||
enum TypeOfGrantMode {
|
||||
USER_GRANT = 0,
|
||||
SYSTEM_GRANT = 1,
|
||||
};
|
||||
|
||||
enum TypeOfAvailableScope {
|
||||
AVAILABLE_SCOPE_ALL = 1 << 0,
|
||||
AVAILABLE_SCOPE_SIGNATURE = 1 << 1,
|
||||
AVAILABLE_SCOPE_RESTRICTED = 1 << 2
|
||||
};
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_RE_GRANTER_H
|
@ -40,7 +40,7 @@ public:
|
||||
*
|
||||
* @return true: the process will stop. false: the process will continue
|
||||
*/
|
||||
bool NeedStopProcess();
|
||||
bool NeedStopProcess() const;
|
||||
/**
|
||||
* prepare to process the request, and format the input parameters
|
||||
*
|
||||
|
@ -32,7 +32,6 @@
|
||||
#include "bundlemgr/bundle_mgr_interface.h"
|
||||
#include "permission_log.h"
|
||||
#include "refbase.h"
|
||||
#include "external_deps.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
@ -55,8 +54,8 @@ public:
|
||||
* @param uid The Caller Uid
|
||||
* @return true can request permission, false cannot request permission.
|
||||
*/
|
||||
bool CanRequestPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
|
||||
bool CanRequestPermissionFromRemote(const std::string &permission, const std::string &deviceId, const int32_t pid,
|
||||
const int32_t uid) const;
|
||||
|
||||
/**
|
||||
* Dynamically applies for permissions from a specified device (the application result is returned asynchronously).
|
||||
@ -123,7 +122,7 @@ private:
|
||||
bool HaveSensitivePermissionToRequest(
|
||||
const std::string deviceId, const int32_t pid, const int32_t uid, const std::vector<std::string> permissions);
|
||||
|
||||
bool CheckThirdAppMore(const std::string deviceId, const std::string permission);
|
||||
bool CheckThirdAppMore(const std::string deviceId, const std::string permission) const;
|
||||
|
||||
private:
|
||||
// static constexpr char *TAG = "RequestRemotePermission";
|
||||
|
@ -77,16 +77,11 @@ public:
|
||||
/**
|
||||
* Operation function. Using duidTranslator to generate a duid. Then add relationship from deviceId to uid and add
|
||||
* relationship from duid to permissionItemNames.
|
||||
* <p>
|
||||
* Check input parameter first. If:
|
||||
* <ol>
|
||||
* <li>DeviceId is invalid, will return <b>INVALID_DEVICE_ID</b>, and will not add.
|
||||
* <li>ObjectUid is null, or permissionItems is null, will return <b>INVALID_UID_PERMISSION</b>, and will not
|
||||
* add.
|
||||
* </ol>
|
||||
* Secondly, ask DuidTranslator to get a duid for deviceId and ruid pair. If the allocated duid is not a duid, then
|
||||
* return <b>INVALID_DUID</b>.
|
||||
* <p>
|
||||
* Check input parameter first.
|
||||
* If DeviceId is invalid, will return <b>INVALID_DEVICE_ID</b>, and will not add.
|
||||
* If ObjectUid is null, or permissionItems is null, will return <b>INVALID_UID_PERMISSION</b>, and will not add.
|
||||
* Secondly, ask DuidTranslator to get a duid for deviceId and ruid pair. If the allocated duid is not a duid,
|
||||
* then return INVALID_DUID.
|
||||
* Finally, save the deviceId to uid relationship, and save the duid to permissionItemNames relationship. New one
|
||||
* will over the old ones.
|
||||
*
|
||||
@ -113,16 +108,11 @@ public:
|
||||
|
||||
/**
|
||||
* Operation function. Remove one relationship from deviceId to ruids, and from duid to permissionItemNames.
|
||||
* <p>
|
||||
* Check input parameter first. If:
|
||||
* <ol>
|
||||
* <li>DeviceId is invalid, will return <b>INVALID_DEVICE_ID</b>, and will not remove anyone.
|
||||
* <li>Ruid is invalid, will return <b>INVALID_RUID</b>, and will not remove anyone.
|
||||
* </ol>
|
||||
* Check input parameter first.
|
||||
* If DeviceId is invalid, will return INVALID_DEVICE_ID, and will not remove anyone.
|
||||
* If Ruid is invalid, will return INVALID_RUID, and will not remove anyone.
|
||||
* Secondly, remove this relationship from deviceId to uid.
|
||||
* <p>
|
||||
* Thirdly, get the duid. Remove the relationship from duid to permissionItemNames, if duid exist.
|
||||
* <p>
|
||||
* Finally, notify duidTranslator to delete deviceId.
|
||||
*
|
||||
* @param deviceId The remote mapped deviceId.
|
||||
@ -142,9 +132,9 @@ public:
|
||||
|
||||
/**
|
||||
* Query function.Check if a duid has the specific permissionName.
|
||||
* Check input parameter first. If:
|
||||
* Duid is special, return PERMISSION_GRANTED.
|
||||
* PermissionName or Duid is invalid, return PERMISSION_DENIED.
|
||||
* Check input parameter first.
|
||||
* If Duid is special, return PERMISSION_GRANTED.
|
||||
* If PermissionName or Duid is invalid, return PERMISSION_DENIED.
|
||||
* Check all permissionName for this duid, and if any match the input name, return PERMISSION_GRANTED,
|
||||
* else return PERMISSION_DENIED.
|
||||
*
|
||||
@ -194,9 +184,9 @@ private:
|
||||
|
||||
std::recursive_mutex stackLock_;
|
||||
|
||||
void ReGrantDuidPermissionsLocked(UidBundleBo &uidBundlePermInfo);
|
||||
void ReGrantDuidPermissionsLocked(UidBundleBo &uidBundlePermInfo) const;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // PERMISSION_BASE_SERVICE_H
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // SUBJECT_DEVICE_PERMISSION_MANAGER_H
|
@ -50,6 +50,9 @@ struct BundlePermissionUsedRecord : public Parcelable {
|
||||
nlohmann::json to_json(const BundlePermissionUsedRecord &bundle) const;
|
||||
|
||||
void from_json(const nlohmann::json &jsonObj, BundlePermissionUsedRecord &bundle);
|
||||
|
||||
static int TranslationIntoBundlePermissionUsedRecord(
|
||||
const GenericValues &inGenericValues, BundlePermissionUsedRecord &outBundleRecord);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -17,7 +17,10 @@
|
||||
#define PERMISSION_RECORD_H
|
||||
|
||||
#include <string>
|
||||
#include "../common/time_util.h"
|
||||
#include "constant.h"
|
||||
#include "field_const.h"
|
||||
#include "generic_values.h"
|
||||
#include "time_util.h"
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
@ -31,9 +34,10 @@ struct PermissionRecord {
|
||||
|
||||
PermissionRecord() = default;
|
||||
|
||||
static bool SetPermissionRecord(const int64_t timestamp, const int32_t visitorId, const int32_t opCode,
|
||||
const bool isForeground, const int32_t accessCount, const int32_t rejectCount,
|
||||
PermissionRecord &permissionRecord);
|
||||
static int TranslationIntoPermissionRecord(
|
||||
const GenericValues &inGenericValues, PermissionRecord &outPermissionRecord);
|
||||
static int TranslationIntoGenericValues(
|
||||
const PermissionRecord &inPermissionRecord, GenericValues &outGenericValues);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -20,6 +20,8 @@
|
||||
#include <vector>
|
||||
|
||||
#include "constant.h"
|
||||
#include "field_const.h"
|
||||
#include "generic_values.h"
|
||||
#include "nlohmann/json.hpp"
|
||||
#include "parcel.h"
|
||||
|
||||
@ -62,9 +64,12 @@ struct PermissionUsedRecord : public Parcelable {
|
||||
*/
|
||||
void from_json(const nlohmann::json &jsonObj, PermissionUsedRecord &result);
|
||||
|
||||
void updateRecord(const PermissionUsedRecord &record);
|
||||
void UpdateRecord(const PermissionUsedRecord &record);
|
||||
|
||||
void updateRecordWithTime(const PermissionUsedRecord &record);
|
||||
void UpdateRecordWithTime(const PermissionUsedRecord &record);
|
||||
|
||||
static int TranslationIntoPermissionUsedRecord(
|
||||
const GenericValues &inGenericValues, PermissionUsedRecord &outPermRecord);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -17,6 +17,9 @@
|
||||
#define PERMISSION_VISITOR_H
|
||||
|
||||
#include <string>
|
||||
#include "constant.h"
|
||||
#include "field_const.h"
|
||||
#include "generic_values.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
@ -34,6 +37,11 @@ struct PermissionVisitor {
|
||||
static bool SetPermissionVisitor(const std::string &deviceId, const std::string &deviceName,
|
||||
const int32_t bundleUserId, const std::string &bundleName, const std::string &bundleLabel,
|
||||
PermissionVisitor &permissionVisitor);
|
||||
|
||||
static int TranslationIntoPermissionVisitor(
|
||||
const GenericValues &inGenericValues, PermissionVisitor &outPermissionVisitor);
|
||||
static int TranslationIntoGenericValues(
|
||||
const PermissionVisitor &inPermissionVisitor, GenericValues &outGenericValues);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -20,6 +20,8 @@
|
||||
#include <vector>
|
||||
|
||||
#include "nlohmann/json.hpp"
|
||||
#include "field_const.h"
|
||||
#include "generic_values.h"
|
||||
#include "parcel.h"
|
||||
#include "query_permission_used_result.h"
|
||||
|
||||
@ -47,6 +49,9 @@ struct QueryPermissionUsedRequest : public Parcelable {
|
||||
nlohmann::json to_json(const QueryPermissionUsedRequest &request) const;
|
||||
|
||||
void from_json(const nlohmann::json &jsonObj, QueryPermissionUsedRequest &request);
|
||||
|
||||
static int TranslationIntoGenericValues(const QueryPermissionUsedRequest &inQueryRequest,
|
||||
GenericValues &outVisitorValues, GenericValues &outRecordAndValues, GenericValues &outRecordOrValues);
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -0,0 +1,159 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef SENSITIVE_PERMISSION_REMIND_H
|
||||
#define SENSITIVE_PERMISSION_REMIND_H
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
#include <set>
|
||||
#include <cstring>
|
||||
#include "app_id_info.h"
|
||||
#include "bundle_mgr_interface.h"
|
||||
#include "bms_adapter.h"
|
||||
#include "constant.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "notification_helper.h"
|
||||
#include "on_using_permission_reminder.h"
|
||||
#include "pms_adapter.h"
|
||||
#include "permission_log.h"
|
||||
#include "permission_record_manager.h"
|
||||
#include "permission_reminder_info.h"
|
||||
#include "resource_manager.h"
|
||||
#include "remind_info.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
|
||||
class SensitivePermissionRemind {
|
||||
public:
|
||||
SensitivePermissionRemind();
|
||||
|
||||
~SensitivePermissionRemind();
|
||||
|
||||
static SensitivePermissionRemind &GetInstance();
|
||||
/**
|
||||
* Register using permission reminder to dpms at ohos side.
|
||||
*
|
||||
* @param callback instance of {@link ohos.security.permission.OnUsingPermissionReminder}.
|
||||
* @return result code indicates callback if register successfully.
|
||||
*/
|
||||
int32_t RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback);
|
||||
|
||||
/**
|
||||
* unregister using permission reminder to dpms at ohos side.
|
||||
*
|
||||
* @param callback instance of {@link ohos.security.permission.OnUsingPermissionReminder} has been registered.
|
||||
* @return result code indicates callback if unregister successfully.
|
||||
*/
|
||||
int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback);
|
||||
|
||||
/**
|
||||
* Check permission and start permission using reminder if permission granted.
|
||||
*
|
||||
* @param permissionName permission name.
|
||||
* @param pid the pid from pid json string indicates app information
|
||||
* @param uid the uid from pid json string indicates app information
|
||||
* @param deviceId thd deviceId from pid json string indicates app information
|
||||
* @return Permission checked result, {@link #GRANTED} indicates permission granted, otherwise {@link #DENIED}.
|
||||
*/
|
||||
int32_t CheckPermissionAndStartUsing(const std::string &permissionName, const std::string &deviceId,
|
||||
const int32_t &uid, const int32_t &pid);
|
||||
|
||||
/**
|
||||
* Used to permission using remind when app start using permission continuously.
|
||||
*
|
||||
* @param permName the permission name which app start using.
|
||||
* @param pid the pid from pid json string indicates app information
|
||||
* @param uid the uid from pid json string indicates app information
|
||||
* @param deviceId thd deviceId from pid json string indicates app information
|
||||
*/
|
||||
void StartUsingPermission(const std::string &permName, const std::string &deviceId, const int32_t &uid,
|
||||
const int32_t &pid);
|
||||
|
||||
/**
|
||||
* Used to permission using remind when app stop using permission continuously.
|
||||
*
|
||||
* @param permName the permission name which app stop using.
|
||||
* @param pid the pid from pid json string indicates app information
|
||||
* @param uid the uid from pid json string indicates app information
|
||||
* @param deviceId thd deviceId from pid json string indicates app information
|
||||
*/
|
||||
void StopUsingPermission(const std::string &permName, const std::string &deviceId, const int32_t &uid,
|
||||
const int32_t &pid);
|
||||
|
||||
private:
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
std::set<sptr<OnUsingPermissionReminder>> reminderSet_;
|
||||
void GetPermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId,
|
||||
PermissionReminderInfo &permReminderInfo);
|
||||
void InsertPermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid,
|
||||
const std::string &deviceId, PermissionReminderInfo &permReminderInfo) const;
|
||||
void RemovePermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid,
|
||||
const std::string &deviceId, PermissionReminderInfo &permReminderInfo) const;
|
||||
void CreateNewPermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid,
|
||||
const std::string &deviceId, PermissionReminderInfo &permReminderInfo) const;
|
||||
bool CheckPermissionExist(const std::vector<PermissionRemindInfo>::iterator item,
|
||||
const std::string permissionName) const;
|
||||
void ErasePermission(std::vector<PermissionRemindInfo>::iterator &item, const std::string permissionName) const;
|
||||
bool GetBundleInfo(AppExecFwk::BundleInfo &bundleInfo, int32_t uid);
|
||||
void CreatAns() const;
|
||||
void CloseAns() const;
|
||||
const char *g_resFilePath = "/data/test/resources.index";
|
||||
|
||||
const std::string perm_using_remind_label_ = "系统";
|
||||
const std::string perm_using_remind_setting1_ = "跳转应用详情";
|
||||
const std::string perm_using_remind_setting2_ = "停止应用";
|
||||
const std::vector<std::string> perm_using_remind_texts_ = {
|
||||
"正在使用@",
|
||||
"正在使用@",
|
||||
"正在使用@和@",
|
||||
"正在使用@和@和@",
|
||||
"正在使用@和@和@和@",
|
||||
"正在使用@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@和@和@和@",
|
||||
};
|
||||
|
||||
const std::map<std::string, std::string> perm_using_names_ = {
|
||||
{Constant::LOCATION, "位置"},
|
||||
{Constant::LOCATION_IN_BACKGROUND, "位置"},
|
||||
{Constant::CAMERA, "相机"},
|
||||
{Constant::MICROPHONE, "麦克风"},
|
||||
{Constant::READ_CALENDAR, "日历"},
|
||||
{Constant::WRITE_CALENDAR, "日历"},
|
||||
{Constant::ACTIVITY_MOTION, "健康运动"},
|
||||
{Constant::READ_HEALTH_DATA, "健康"},
|
||||
{Constant::DISTRIBUTED_DATASYNC, "分布式数据管理"},
|
||||
{Constant::DISTRIBUTED_DATA, "分布式数据管理"},
|
||||
{Constant::MEDIA_LOCATION, "媒体"},
|
||||
{Constant::READ_MEDIA, "媒体"},
|
||||
{Constant::WRITE_MEDIA, "媒体"},
|
||||
};
|
||||
enum {
|
||||
DENIED = -1,
|
||||
GRANTED = 0,
|
||||
};
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
||||
#endif // SENSITIVE_PERMISSION_REMIND_H
|
@ -57,7 +57,7 @@ public:
|
||||
* @param permission Sensitive resource permission.
|
||||
* @return 0 if permission invalid, not sensitive resource or switch off(denied). 1 switch on(allow).
|
||||
*/
|
||||
int GetLocalSensitiveResourceSwitch(std::string permission);
|
||||
int GetLocalSensitiveResourceSwitch(std::string permission) const;
|
||||
|
||||
/**
|
||||
* Get remote sensitive resource switch.
|
||||
@ -66,7 +66,7 @@ public:
|
||||
* @param permission Sensitive resource permission.
|
||||
* @return 0 if permission invalid, not sensitive resource or switch off. 1 switch on.
|
||||
*/
|
||||
int GetRemoteSensitiveResourceSwitch(std::string deviceId, std::string permission);
|
||||
int GetRemoteSensitiveResourceSwitch(std::string deviceId, std::string permission) const;
|
||||
|
||||
private:
|
||||
ResourceSwitch()
|
||||
|
@ -26,9 +26,9 @@ class ResourceSwitchCache {
|
||||
public:
|
||||
static ResourceSwitchCache &GetInstance();
|
||||
|
||||
bool GetSwitchStatus(std::string sensitiveResource);
|
||||
bool GetSwitchStatus(std::string sensitiveResource) const;
|
||||
|
||||
bool GetSwitchStatus(std::string deviceId, std::string sensitiveResource);
|
||||
bool GetSwitchStatus(std::string deviceId, std::string sensitiveResource) const;
|
||||
|
||||
void SetSwitchStatus(std::string sensitiveResource, bool isSwitchAllow);
|
||||
|
||||
|
@ -39,7 +39,7 @@ public:
|
||||
*
|
||||
* @return Sensitive resource switch status containing allowed or denied information.
|
||||
*/
|
||||
std::shared_ptr<SensitiveResourceSwitchSetting> GetSwitchSetting();
|
||||
std::shared_ptr<SensitiveResourceSwitchSetting> GetSwitchSetting() const;
|
||||
|
||||
/**
|
||||
* Get single local sensitive resource switch status from settings.
|
||||
@ -47,7 +47,7 @@ public:
|
||||
* @param sensitiveResource The query sensitive resource.
|
||||
* @return Allowed or denied information.
|
||||
*/
|
||||
bool GetSwitchStatus(std::string sensitiveResource);
|
||||
bool GetSwitchStatus(std::string sensitiveResource) const;
|
||||
|
||||
private:
|
||||
ResourceSwitchLocal() : hasRegistered_(false)
|
||||
|
@ -29,7 +29,7 @@ public:
|
||||
/**
|
||||
* Register remote switch change observer.
|
||||
*/
|
||||
void SubscribeRemoteChangeListener();
|
||||
void SubscribeRemoteChangeListener() const;
|
||||
|
||||
/**
|
||||
* Query all remote sensitive resource switch from remote side: device profile.
|
||||
@ -38,30 +38,30 @@ public:
|
||||
* @param isNetworkId Indicate that the device id is deviceNetworkId or UDID.
|
||||
* @return Sensitive resource switch status containing switch allowed or denied information.
|
||||
*/
|
||||
std::shared_ptr<SensitiveResourceSwitchSetting> PullSwitchSetting(std::string deviceId, bool isNetworkId);
|
||||
std::shared_ptr<SensitiveResourceSwitchSetting> PullSwitchSetting(std::string deviceId, bool isNetworkId) const;
|
||||
|
||||
/**
|
||||
* Asynchronously sync all local sensitive resource switch to remote side: device profile.
|
||||
*
|
||||
* @param switchSetting Sensitive resource switch status containing allowed or denied information.
|
||||
*/
|
||||
void PushSwitchSetting(std::shared_ptr<SensitiveResourceSwitchSetting> switchSetting);
|
||||
void PushSwitchSetting(std::shared_ptr<SensitiveResourceSwitchSetting> switchSetting) const;
|
||||
|
||||
/**
|
||||
* Just notify device profile to sync all switch settings.
|
||||
*/
|
||||
void SyncSwitchSetting();
|
||||
void SyncSwitchSetting() const;
|
||||
|
||||
private:
|
||||
ResourceSwitchRemote() : hasRegistered_(false)
|
||||
{}
|
||||
|
||||
std::shared_ptr<SensitiveResourceSwitchSetting> ConvertToSwitchSetting(
|
||||
std::string deviceId, std::map<std::string, int32_t> profileMap);
|
||||
std::shared_ptr<SensitiveResourceSwitchSetting> ConvertToSwitchSetting(std::string deviceId,
|
||||
std::map<std::string, int32_t> profileMap) const;
|
||||
|
||||
std::string ConvertToSensitiveResourceIfPossible(std::pair<std::string, int32_t> mapEntry);
|
||||
std::string ConvertToSensitiveResourceIfPossible(std::pair<std::string, int32_t> mapEntry) const;
|
||||
|
||||
bool IsPermittedFromProfile(std::pair<std::string, int32_t> mapEntry);
|
||||
bool IsPermittedFromProfile(std::pair<std::string, int32_t> mapEntry) const;
|
||||
|
||||
private:
|
||||
bool hasRegistered_;
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include <unistd.h>
|
||||
#include <set>
|
||||
#include <cstring>
|
||||
#include "app_id_info.h"
|
||||
#include "constant.h"
|
||||
#include "distributed_permission_stub.h"
|
||||
#include "event_handler.h"
|
||||
@ -31,7 +32,6 @@
|
||||
#include "string_ex.h"
|
||||
#include "distributed_permission_event_handler.h"
|
||||
#include "on_using_permission_reminder.h"
|
||||
#include "external_deps.h"
|
||||
#include "permission_fetcher.h"
|
||||
#include "base_remote_command.h"
|
||||
#include "permission_reminder_info.h"
|
||||
@ -113,8 +113,7 @@ public:
|
||||
* @param uid, The application uid of caller device.
|
||||
* @return Permission checked result, 0: GRANTED, -1: DENIED.
|
||||
*/
|
||||
virtual int32_t CheckPermission(
|
||||
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid) override;
|
||||
virtual int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo) override;
|
||||
|
||||
/**
|
||||
* Check self permission.
|
||||
@ -164,8 +163,8 @@ public:
|
||||
* @param appIdInfo The appliaction information to be verified, include ruid, nodeId, pid and bundlename.
|
||||
* @return 0 Granted, -1 denied.
|
||||
*/
|
||||
virtual int32_t VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid) override;
|
||||
virtual int32_t VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
|
||||
const std::string &appIdInfo) override;
|
||||
|
||||
/**
|
||||
* Verify self whether has been granted permission with the given name to access the remote device.
|
||||
@ -200,26 +199,23 @@ public:
|
||||
|
||||
virtual int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder>& callback) override;
|
||||
|
||||
virtual int32_t CheckPermissionAndStartUsing(
|
||||
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId) override;
|
||||
virtual int32_t CheckPermissionAndStartUsing(const std::string &permissionName,
|
||||
const std::string &appIdInfo) override;
|
||||
|
||||
virtual void StartUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) override;
|
||||
virtual void StartUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
|
||||
|
||||
virtual void StopUsingPermission(
|
||||
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) override;
|
||||
virtual void StopUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
|
||||
|
||||
/**
|
||||
* Add one permission used/access record.
|
||||
*
|
||||
* @param permissionName Permission name.
|
||||
* @param deviceId Device id.
|
||||
* @param uid The application uid of caller device.
|
||||
* @param appIdInfo The appliaction information to be verified, include ruid, nodeId, pid and bundlename.
|
||||
* @param sucCount Succeed count.
|
||||
* @param failCount Failed count.
|
||||
*/
|
||||
virtual void AddPermissionsRecord(const std::string& permissionName, const std::string& deviceId, const int32_t uid,
|
||||
const int32_t sucCount, const int32_t failCount) override;
|
||||
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
|
||||
int32_t sucCount, int32_t failCount) override;
|
||||
|
||||
/**
|
||||
* Sychronized blocking requesting permission used records.
|
||||
@ -230,8 +226,7 @@ public:
|
||||
* @param resultStr Response ziped json string.
|
||||
* @return 0 if succeeded; -1 if failed.
|
||||
*/
|
||||
virtual int32_t GetPermissionRecords(const std::string& queryGzipStr, unsigned long& codeLen, unsigned long& zipLen,
|
||||
std::string& resultStr) override;
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, std::string &resultStr) override;
|
||||
|
||||
/**
|
||||
* Sychronized blocking requesting permission used records.
|
||||
@ -242,8 +237,8 @@ public:
|
||||
* @param callback The callback function provided for caller to handle response data.
|
||||
* @return 0 if succeeded; -1 if failed.
|
||||
*/
|
||||
virtual int32_t GetPermissionRecords(const std::string& queryGzipStr, unsigned long& codeLen, unsigned long& zipLen,
|
||||
const sptr<OnPermissionUsedRecord>& callback) override;
|
||||
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr,
|
||||
const sptr<OnPermissionUsedRecord> &callback) override;
|
||||
|
||||
virtual void RequestPermissionsFromRemote(const std::vector<std::string> permissions,
|
||||
const sptr<OnRequestPermissionsResult>& callback, const std::string& nodeId, const std::string& bundleName,
|
||||
@ -263,6 +258,7 @@ private:
|
||||
std::recursive_mutex stackLock_;
|
||||
std::shared_ptr<DistributedPermissionEventHandler> handler_;
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
sptr<Notification::IAnsManager> iAnsManager_;
|
||||
const std::string APP_TYPE_OTHER = "other";
|
||||
const std::string APP_TYPE_SYSTEM = "system";
|
||||
@ -270,57 +266,12 @@ private:
|
||||
DENIED = -1,
|
||||
GRANTED = 0,
|
||||
};
|
||||
std::set<sptr<OnUsingPermissionReminder>> reminderSet_;
|
||||
void GetPermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid, const std::string& deviceId,
|
||||
PermissionReminderInfo& permReminderInfo);
|
||||
void InsertPermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid,
|
||||
const std::string& deviceId, PermissionReminderInfo& permReminderInfo);
|
||||
void RemovePermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid,
|
||||
const std::string& deviceId, PermissionReminderInfo& permReminderInfo);
|
||||
int32_t CheckLocalPermission(int32_t uid, const std::string& permissionName);
|
||||
void CreateNewPermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid,
|
||||
const std::string& deviceId, PermissionReminderInfo& permReminderInfo);
|
||||
bool CheckPermissionExist(const std::vector<PermissionRemindInfo>::iterator item, const std::string permissionName);
|
||||
void ErasePermission(std::vector<PermissionRemindInfo>::iterator& item, const std::string permissionName);
|
||||
bool GetBundleInfo(AppExecFwk::BundleInfo& bundleInfo, int32_t uid);
|
||||
void CreatAns();
|
||||
void CloseAns();
|
||||
int32_t CheckLocalPermission(int32_t uid, const std::string &permissionName);
|
||||
int32_t CheckPermission(const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid);
|
||||
bool GetBundleInfo(AppExecFwk::BundleInfo &bundleInfo, int32_t uid);
|
||||
int32_t convert(int32_t duid);
|
||||
std::mutex mutex_;
|
||||
const char* g_resFilePath = "/data/test/resources.index";
|
||||
DISALLOW_COPY_AND_MOVE(DistributedPermissionManagerService);
|
||||
|
||||
const std::string perm_using_remind_label_ = "系统";
|
||||
const std::string perm_using_remind_setting1_ = "跳转应用详情";
|
||||
const std::string perm_using_remind_setting2_ = "停止应用";
|
||||
const std::vector<std::string> perm_using_remind_texts_ = {
|
||||
"正在使用@",
|
||||
"正在使用@",
|
||||
"正在使用@和@",
|
||||
"正在使用@和@和@",
|
||||
"正在使用@和@和@和@",
|
||||
"正在使用@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@和@和@",
|
||||
"正在使用@和@和@和@和@和@和@和@和@",
|
||||
};
|
||||
|
||||
const std::map<std::string, std::string> perm_using_names_ = {
|
||||
{Constant::LOCATION, "位置"},
|
||||
{Constant::LOCATION_IN_BACKGROUND, "位置"},
|
||||
{Constant::CAMERA, "相机"},
|
||||
{Constant::MICROPHONE, "麦克风"},
|
||||
{Constant::READ_CALENDAR, "日历"},
|
||||
{Constant::WRITE_CALENDAR, "日历"},
|
||||
{Constant::ACTIVITY_MOTION, "健康运动"},
|
||||
{Constant::READ_HEALTH_DATA, "健康"},
|
||||
{Constant::DISTRIBUTED_DATASYNC, "分布式数据管理"},
|
||||
{Constant::DISTRIBUTED_DATA, "分布式数据管理"},
|
||||
{Constant::MEDIA_LOCATION, "媒体"},
|
||||
{Constant::READ_MEDIA, "媒体"},
|
||||
{Constant::WRITE_MEDIA, "媒体"},
|
||||
};
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
|
@ -16,7 +16,7 @@
|
||||
#ifndef PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_STUB_H
|
||||
#define PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_STUB_H
|
||||
|
||||
#include "idistributed_permission.h"
|
||||
#include "i_distributed_permission.h"
|
||||
#include "iremote_stub.h"
|
||||
#include "nocopyable.h"
|
||||
|
@ -1,175 +1,178 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "get_uid_permission_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "object_device_permission_manager.h"
|
||||
#include "external_deps.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "GetUidPermissionCommand"};
|
||||
}
|
||||
GetUidPermissionCommand::GetUidPermissionCommand(
|
||||
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
|
||||
: uid_(uid)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
GetUidPermissionCommand::GetUidPermissionCommand(const std::string &json)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
uid_ = jsonObject.at("uid").get<int32_t>();
|
||||
}
|
||||
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
|
||||
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
|
||||
}
|
||||
|
||||
std::string GetUidPermissionCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
void GetUidPermissionCommand::Prepare()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: end as: GetUidPermissionCommand", __func__);
|
||||
}
|
||||
|
||||
void GetUidPermissionCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
// Use this uid to get permission from PMS. Then save the publisher information, which is deviceId and uid.
|
||||
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
int32_t count = 0;
|
||||
|
||||
for (auto bundle : uidPermission_.bundles) {
|
||||
count = bundle.permissions.size();
|
||||
if (count != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Check limit.
|
||||
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"GetUidPermissionCommand: ObjectDevicePermissionManager Save the query deviceId and uid uid: %{public}d, "
|
||||
"deviceId: %{public}s }",
|
||||
uid_,
|
||||
remoteProtocol_.srcDeviceId.c_str());
|
||||
|
||||
// Save the query deviceId and uid.
|
||||
int32_t addResult =
|
||||
ObjectDevicePermissionManager::GetInstance().AddNotifyPermissionMonitorUid(remoteProtocol_.srcDeviceId, uid_);
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"GetUidPermissionCommand: ObjectDevicePermissionManager AddNotifyPermissionMonitorUid result: %{public}d }",
|
||||
addResult);
|
||||
|
||||
if (addResult == Constant::SUCCESS) {
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
} else {
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: end as: GetUidPermissionCommand");
|
||||
}
|
||||
|
||||
void GetUidPermissionCommand::Finish()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "finish: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
if (remoteProtocol_.statusCode != Constant::SUCCESS) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to GetUidPermissionCommand finish.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
// Query PMS to filter uidPermissions and get the granted ones.
|
||||
UidBundleBo rUidPermission;
|
||||
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
|
||||
remoteProtocol_.responseDeviceId, rUidPermission);
|
||||
PERMISSION_LOG_DEBUG(
|
||||
LABEL, "finish: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
|
||||
|
||||
if (addResult == Constant::SUCCESS) {
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
} else {
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "finish: end as: GetUidPermissionCommand");
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "object_device_permission_manager.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "bms_adapter.h"
|
||||
#include "pms_adapter.h"
|
||||
#include "get_uid_permission_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "GetUidPermissionCommand"};
|
||||
}
|
||||
GetUidPermissionCommand::GetUidPermissionCommand(
|
||||
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
|
||||
: uid_(uid)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
GetUidPermissionCommand::GetUidPermissionCommand(const std::string &json)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
uid_ = jsonObject.at("uid").get<int32_t>();
|
||||
}
|
||||
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
|
||||
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
|
||||
}
|
||||
|
||||
std::string GetUidPermissionCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
void GetUidPermissionCommand::Prepare()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: end as: GetUidPermissionCommand", __func__);
|
||||
}
|
||||
|
||||
void GetUidPermissionCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
// Use this uid to get permission from PMS. Then save the publisher information, which is deviceId and uid.
|
||||
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
int32_t count = 0;
|
||||
|
||||
for (auto bundle : uidPermission_.bundles) {
|
||||
count = bundle.permissions.size();
|
||||
if (count != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Check limit.
|
||||
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"GetUidPermissionCommand: ObjectDevicePermissionManager Save the query deviceId and uid uid: %{public}d, "
|
||||
"deviceId: %{public}s }",
|
||||
uid_,
|
||||
remoteProtocol_.srcDeviceId.c_str());
|
||||
|
||||
// Save the query deviceId and uid.
|
||||
int32_t addResult =
|
||||
ObjectDevicePermissionManager::GetInstance().AddNotifyPermissionMonitorUid(remoteProtocol_.srcDeviceId, uid_);
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"GetUidPermissionCommand: ObjectDevicePermissionManager AddNotifyPermissionMonitorUid result: %{public}d }",
|
||||
addResult);
|
||||
|
||||
if (addResult == Constant::SUCCESS) {
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
} else {
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: end as: GetUidPermissionCommand");
|
||||
}
|
||||
|
||||
void GetUidPermissionCommand::Finish()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "finish: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
if (remoteProtocol_.statusCode != Constant::SUCCESS) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to GetUidPermissionCommand finish.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
// Query PMS to filter uidPermissions and get the granted ones.
|
||||
UidBundleBo rUidPermission;
|
||||
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
|
||||
remoteProtocol_.responseDeviceId, rUidPermission);
|
||||
PERMISSION_LOG_DEBUG(
|
||||
LABEL, "finish: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
|
||||
|
||||
if (addResult == Constant::SUCCESS) {
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
} else {
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "finish: end as: GetUidPermissionCommand");
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,121 +1,120 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "request_remote_permission_callback_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "object_device_permission_manager.h"
|
||||
#include "external_deps.h"
|
||||
#include "request_remote_permission.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCallbackCommand"};
|
||||
}
|
||||
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &srcDeviceId,
|
||||
const std::string &dstDeviceId, const std::string &requestId, const int32_t uid, const std::string &bundleName)
|
||||
: requestId_(requestId), bundleName_(bundleName), uid_(uid)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &json)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand start");
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
jsonObject.at("uid").get_to<int32_t>(uid_);
|
||||
}
|
||||
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
|
||||
jsonObject.at("requestId").get_to<std::string>(requestId_);
|
||||
}
|
||||
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
|
||||
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
|
||||
}
|
||||
if (jsonObject.find("objectGrantedResult") != jsonObject.end() && jsonObject.at("objectGrantedResult") != nullptr) {
|
||||
jsonObject.at("objectGrantedResult").get_to<std::set<std::string>>(objectGrantedResult_);
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand end");
|
||||
}
|
||||
|
||||
std::string RequestRemotePermissionCallbackCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["requestId"] = requestId_;
|
||||
j["bundleName"] = bundleName_;
|
||||
nlohmann::json objectGrantedResultJson;
|
||||
for (auto result : objectGrantedResult_) {
|
||||
objectGrantedResultJson.emplace_back(result);
|
||||
}
|
||||
j["objectGrantedResult"] = objectGrantedResultJson;
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCallbackCommand::Prepare()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: start as: RequestRemotePermissionCallbackCommand");
|
||||
|
||||
objectGrantedResult_ = SubjectDevicePermissionManager::GetInstance().GetGrantSensitivePermissionToRemoteApp(
|
||||
remoteProtocol_.dstDeviceId, uid_);
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCallbackCommand");
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCallbackCommand::Finish()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_INFO(LABEL, "finish: RequestRemotePermissionCallbackCommand{uid=%{public}d }", uid_);
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCallbackCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"execute: start as: RequestRemotePermissionCallbackCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "Start process RequestRemotePermissionCallbackCommand on server");
|
||||
|
||||
// use the last object data to refresh the data in subject device
|
||||
ObjectDevicePermissionManager::GetInstance().ResetGrantSensitivePermission(
|
||||
remoteProtocol_.srcDeviceId, uid_, objectGrantedResult_);
|
||||
RequestRemotePermission::GetInstance().RequestResultForResult(requestId_);
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCallbackCommand");
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "object_device_permission_manager.h"
|
||||
#include "request_remote_permission.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "request_remote_permission_callback_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCallbackCommand"};
|
||||
}
|
||||
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &srcDeviceId,
|
||||
const std::string &dstDeviceId, const std::string &requestId, const int32_t uid, const std::string &bundleName)
|
||||
: requestId_(requestId), bundleName_(bundleName), uid_(uid)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &json)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand start");
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
jsonObject.at("uid").get_to<int32_t>(uid_);
|
||||
}
|
||||
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
|
||||
jsonObject.at("requestId").get_to<std::string>(requestId_);
|
||||
}
|
||||
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
|
||||
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
|
||||
}
|
||||
if (jsonObject.find("objectGrantedResult") != jsonObject.end() && jsonObject.at("objectGrantedResult") != nullptr) {
|
||||
jsonObject.at("objectGrantedResult").get_to<std::set<std::string>>(objectGrantedResult_);
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand end");
|
||||
}
|
||||
|
||||
std::string RequestRemotePermissionCallbackCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["requestId"] = requestId_;
|
||||
j["bundleName"] = bundleName_;
|
||||
nlohmann::json objectGrantedResultJson;
|
||||
for (auto result : objectGrantedResult_) {
|
||||
objectGrantedResultJson.emplace_back(result);
|
||||
}
|
||||
j["objectGrantedResult"] = objectGrantedResultJson;
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCallbackCommand::Prepare()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: start as: RequestRemotePermissionCallbackCommand");
|
||||
|
||||
objectGrantedResult_ = SubjectDevicePermissionManager::GetInstance().GetGrantSensitivePermissionToRemoteApp(
|
||||
remoteProtocol_.dstDeviceId, uid_);
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCallbackCommand");
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCallbackCommand::Finish()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_INFO(LABEL, "finish: RequestRemotePermissionCallbackCommand{uid=%{public}d }", uid_);
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCallbackCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"execute: start as: RequestRemotePermissionCallbackCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "Start process RequestRemotePermissionCallbackCommand on server");
|
||||
|
||||
// use the last object data to refresh the data in subject device
|
||||
ObjectDevicePermissionManager::GetInstance().ResetGrantSensitivePermission(
|
||||
remoteProtocol_.srcDeviceId, uid_, objectGrantedResult_);
|
||||
RequestRemotePermission::GetInstance().RequestResultForResult(requestId_);
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCallbackCommand");
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,233 +1,233 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <chrono>
|
||||
#include <thread>
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "remote_command_factory.h"
|
||||
#include "remote_command_manager.h"
|
||||
#include "permission_log.h"
|
||||
#include "permission_fetcher.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "external_deps.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "distributed_permission_manager_service.h"
|
||||
#include "request_remote_permission_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCommand"};
|
||||
}
|
||||
RequestRemotePermissionCommand::RequestRemotePermissionCommand(
|
||||
const std::string &srcDeviceId, const std::string &dstDeviceId, const std::string &requestId)
|
||||
: requestId_(requestId)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + requestId;
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
RequestRemotePermissionCommand::RequestRemotePermissionCommand(const std::string &json)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
uid_ = jsonObject.at("uid").get<int32_t>();
|
||||
}
|
||||
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
|
||||
jsonObject.at("requestId").get_to<std::string>(requestId_);
|
||||
}
|
||||
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
|
||||
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
|
||||
}
|
||||
if (jsonObject.find("reason") != jsonObject.end() && jsonObject.at("reason").is_string()) {
|
||||
jsonObject.at("reason").get_to<std::string>(reason_);
|
||||
}
|
||||
jsonObject.at("permissions").get_to<std::vector<std::string>>(permissions_);
|
||||
}
|
||||
|
||||
std::string RequestRemotePermissionCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["requestId"] = requestId_;
|
||||
j["bundleName"] = bundleName_;
|
||||
j["reason"] = reason_;
|
||||
nlohmann::json permissionsJson;
|
||||
for (auto permission : permissions_) {
|
||||
permissionsJson.emplace_back(permission);
|
||||
}
|
||||
j["permissions"] = permissionsJson;
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the more request message when the command is new
|
||||
*
|
||||
* @param uid the request uid
|
||||
* @param permissions the request permissions
|
||||
* @param bundleName the request package name
|
||||
* @param reason the request reason string
|
||||
*/
|
||||
void RequestRemotePermissionCommand::SetRequestPermissionInfo(
|
||||
int32_t uid, const std::vector<std::string> &permissions, const std::string &bundleName, const std::string &reason)
|
||||
{
|
||||
uid_ = uid;
|
||||
permissions_ = permissions;
|
||||
bundleName_ = bundleName;
|
||||
reason_ = reason;
|
||||
}
|
||||
|
||||
/**
|
||||
* Current the UI is not design, So use the property item to mock the activity operation。<br>
|
||||
* if "request." + permission is true, DPMS will grant the sensitive permission
|
||||
*
|
||||
* @param permissions the permissions that will grant to remote
|
||||
*/
|
||||
void RequestRemotePermissionCommand::StartActivityForRequestPermission(std::vector<std::string> &permissions)
|
||||
{
|
||||
if (permissions.empty()) {
|
||||
return;
|
||||
}
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
for (auto permission : permissions) {
|
||||
if (iBundleManager_->CheckPermission(bundleName_, permission) == 0) {
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"mock Activity DO GRANT permission{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
SubjectDevicePermissionManager::GetInstance().GrantSensitivePermissionToRemoteApp(
|
||||
permission, remoteProtocol_.srcDeviceId, uid_);
|
||||
} else {
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"mock Activity DO NOT GRANT permission{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Format the permissions to get the permissions that need to use UI to request the permission
|
||||
*
|
||||
* @param permissions the input permission from subject
|
||||
* @param deviceId the deviceId of the subject device
|
||||
* @param ruid the uid of the subject
|
||||
* @return the permission that need to request by UI
|
||||
*/
|
||||
std::vector<std::string> RequestRemotePermissionCommand::FormatRequestPermissions(
|
||||
std::vector<std::string> &permissions, const std::string &deviceId, int32_t ruid)
|
||||
{
|
||||
int32_t duid = SubjectDevicePermissionManager::GetInstance().GetDistributedUid(deviceId, ruid);
|
||||
std::vector<std::string> needRequestPermissions;
|
||||
for (auto permission : permissions) {
|
||||
if (permission.empty()) {
|
||||
continue;
|
||||
}
|
||||
PERMISSION_LOG_DEBUG(LABEL, "get sensitive permission = %{public}s from subject request ", permission.c_str());
|
||||
if (SubjectDevicePermissionManager::GetInstance().CheckDistributedPermission(duid, permission) ==
|
||||
Constant::PERMISSION_GRANTED) {
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"sensitive permission = %{public}s from subject request have been granted before ",
|
||||
permission.c_str());
|
||||
continue;
|
||||
}
|
||||
needRequestPermissions.push_back(permission);
|
||||
}
|
||||
return needRequestPermissions;
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCommand::Prepare()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"prepare: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCommand.");
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCommand::Finish()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"finish: end as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"execute: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
std::vector<std::string> needRequestPermissions =
|
||||
FormatRequestPermissions(permissions_, remoteProtocol_.srcDeviceId, uid_);
|
||||
|
||||
if (needRequestPermissions.size() > 0) {
|
||||
PERMISSION_LOG_INFO(LABEL, "start startActivityForRequestPermission");
|
||||
// start active and the the result of the active
|
||||
StartActivityForRequestPermission(needRequestPermissions);
|
||||
PERMISSION_LOG_INFO(LABEL, "end startActivityForRequestPermission");
|
||||
}
|
||||
|
||||
std::shared_ptr<DistributedPermissionEventHandler> handler =
|
||||
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
|
||||
if (handler == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
|
||||
} else {
|
||||
std::string taskName("RequestRemotePermissionCallbackCommand");
|
||||
// auto task = [this, &remoteProtocol_, uid_, requestId_, &bundleName_]() {
|
||||
auto task = [this]() {
|
||||
// new a command to notice subject the request permission result
|
||||
std::shared_ptr<RequestRemotePermissionCallbackCommand> callbackCommand_ =
|
||||
RemoteCommandFactory::GetInstance().NewRequestRemotePermissionCallbackCommand(
|
||||
remoteProtocol_.responseDeviceId, remoteProtocol_.srcDeviceId, requestId_, uid_, bundleName_);
|
||||
|
||||
RemoteCommandManager::GetInstance().AddCommand(remoteProtocol_.srcDeviceId, callbackCommand_);
|
||||
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(remoteProtocol_.srcDeviceId);
|
||||
};
|
||||
handler->PostTask(task, taskName);
|
||||
}
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCommand");
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <chrono>
|
||||
#include <thread>
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "remote_command_factory.h"
|
||||
#include "remote_command_manager.h"
|
||||
#include "permission_log.h"
|
||||
#include "permission_fetcher.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "distributed_permission_manager_service.h"
|
||||
#include "bms_adapter.h"
|
||||
#include "request_remote_permission_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCommand"};
|
||||
}
|
||||
RequestRemotePermissionCommand::RequestRemotePermissionCommand(
|
||||
const std::string &srcDeviceId, const std::string &dstDeviceId, const std::string &requestId)
|
||||
: requestId_(requestId)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + requestId;
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
RequestRemotePermissionCommand::RequestRemotePermissionCommand(const std::string &json)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
uid_ = jsonObject.at("uid").get<int32_t>();
|
||||
}
|
||||
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
|
||||
jsonObject.at("requestId").get_to<std::string>(requestId_);
|
||||
}
|
||||
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
|
||||
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
|
||||
}
|
||||
if (jsonObject.find("reason") != jsonObject.end() && jsonObject.at("reason").is_string()) {
|
||||
jsonObject.at("reason").get_to<std::string>(reason_);
|
||||
}
|
||||
jsonObject.at("permissions").get_to<std::vector<std::string>>(permissions_);
|
||||
}
|
||||
|
||||
std::string RequestRemotePermissionCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["requestId"] = requestId_;
|
||||
j["bundleName"] = bundleName_;
|
||||
j["reason"] = reason_;
|
||||
nlohmann::json permissionsJson;
|
||||
for (auto permission : permissions_) {
|
||||
permissionsJson.emplace_back(permission);
|
||||
}
|
||||
j["permissions"] = permissionsJson;
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the more request message when the command is new
|
||||
*
|
||||
* @param uid the request uid
|
||||
* @param permissions the request permissions
|
||||
* @param bundleName the request package name
|
||||
* @param reason the request reason string
|
||||
*/
|
||||
void RequestRemotePermissionCommand::SetRequestPermissionInfo(
|
||||
int32_t uid, const std::vector<std::string> &permissions, const std::string &bundleName, const std::string &reason)
|
||||
{
|
||||
uid_ = uid;
|
||||
permissions_ = permissions;
|
||||
bundleName_ = bundleName;
|
||||
reason_ = reason;
|
||||
}
|
||||
|
||||
/**
|
||||
* Current the UI is not design, So use the property item to mock the activity operation。<br>
|
||||
* if "request." + permission is true, DPMS will grant the sensitive permission
|
||||
*
|
||||
* @param permissions the permissions that will grant to remote
|
||||
*/
|
||||
void RequestRemotePermissionCommand::StartActivityForRequestPermission(std::vector<std::string> &permissions)
|
||||
{
|
||||
if (permissions.empty()) {
|
||||
return;
|
||||
}
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
if (bmsAdapter == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
for (auto permission : permissions) {
|
||||
if (iBundleManager_->CheckPermission(bundleName_, permission) == 0) {
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"mock Activity DO GRANT permission{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
SubjectDevicePermissionManager::GetInstance().GrantSensitivePermissionToRemoteApp(
|
||||
permission, remoteProtocol_.srcDeviceId, uid_);
|
||||
} else {
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"mock Activity DO NOT GRANT permission{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Format the permissions to get the permissions that need to use UI to request the permission
|
||||
*
|
||||
* @param permissions the input permission from subject
|
||||
* @param deviceId the deviceId of the subject device
|
||||
* @param ruid the uid of the subject
|
||||
* @return the permission that need to request by UI
|
||||
*/
|
||||
std::vector<std::string> RequestRemotePermissionCommand::FormatRequestPermissions(
|
||||
std::vector<std::string> &permissions, const std::string &deviceId, int32_t ruid)
|
||||
{
|
||||
int32_t duid = SubjectDevicePermissionManager::GetInstance().GetDistributedUid(deviceId, ruid);
|
||||
std::vector<std::string> needRequestPermissions;
|
||||
for (auto permission : permissions) {
|
||||
if (permission.empty()) {
|
||||
continue;
|
||||
}
|
||||
PERMISSION_LOG_DEBUG(LABEL, "get sensitive permission = %{public}s from subject request ", permission.c_str());
|
||||
if (SubjectDevicePermissionManager::GetInstance().CheckDistributedPermission(duid, permission) ==
|
||||
Constant::PERMISSION_GRANTED) {
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"sensitive permission = %{public}s from subject request have been granted before ",
|
||||
permission.c_str());
|
||||
continue;
|
||||
}
|
||||
needRequestPermissions.push_back(permission);
|
||||
}
|
||||
return needRequestPermissions;
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCommand::Prepare()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"prepare: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCommand.");
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCommand::Finish()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"finish: end as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
}
|
||||
|
||||
void RequestRemotePermissionCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"execute: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
|
||||
uid_,
|
||||
requestId_.c_str());
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
std::vector<std::string> needRequestPermissions =
|
||||
FormatRequestPermissions(permissions_, remoteProtocol_.srcDeviceId, uid_);
|
||||
|
||||
if (needRequestPermissions.size() > 0) {
|
||||
PERMISSION_LOG_INFO(LABEL, "start startActivityForRequestPermission");
|
||||
// start active and the the result of the active
|
||||
StartActivityForRequestPermission(needRequestPermissions);
|
||||
PERMISSION_LOG_INFO(LABEL, "end startActivityForRequestPermission");
|
||||
}
|
||||
|
||||
std::shared_ptr<DistributedPermissionEventHandler> handler =
|
||||
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
|
||||
if (handler == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
|
||||
} else {
|
||||
std::string taskName("RequestRemotePermissionCallbackCommand");
|
||||
// auto task = [this, &remoteProtocol_, uid_, requestId_, &bundleName_]() {
|
||||
auto task = [this]() {
|
||||
// new a command to notice subject the request permission result
|
||||
std::shared_ptr<RequestRemotePermissionCallbackCommand> callbackCommand_ =
|
||||
RemoteCommandFactory::GetInstance().NewRequestRemotePermissionCallbackCommand(
|
||||
remoteProtocol_.responseDeviceId, remoteProtocol_.srcDeviceId, requestId_, uid_, bundleName_);
|
||||
|
||||
RemoteCommandManager::GetInstance().AddCommand(remoteProtocol_.srcDeviceId, callbackCommand_);
|
||||
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(remoteProtocol_.srcDeviceId);
|
||||
};
|
||||
handler->PostTask(task, taskName);
|
||||
}
|
||||
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCommand");
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,149 +1,152 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "sync_uid_permission_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "external_deps.h"
|
||||
#include "ipc_skeleton.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "SyncUidPermissionCommand"};
|
||||
}
|
||||
SyncUidPermissionCommand::SyncUidPermissionCommand(
|
||||
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
|
||||
: uid_(uid)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
SyncUidPermissionCommand::SyncUidPermissionCommand(const std::string &json)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
uid_ = jsonObject.at("uid").get<int32_t>();
|
||||
}
|
||||
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
|
||||
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
|
||||
}
|
||||
|
||||
std::string SyncUidPermissionCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
void SyncUidPermissionCommand::Prepare()
|
||||
{
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
// Query PMS to get all permissions and read to send.
|
||||
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
// Check limit.
|
||||
int32_t count = 0;
|
||||
|
||||
for (auto bundle : uidPermission_.bundles) {
|
||||
count = bundle.permissions.size();
|
||||
if (count != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
|
||||
return;
|
||||
}
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: end as: SyncUidPermissionCommand");
|
||||
}
|
||||
|
||||
void SyncUidPermissionCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
// Re-granted the permissions
|
||||
UidBundleBo rUidPermission;
|
||||
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
// Save the result.
|
||||
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
|
||||
remoteProtocol_.srcDeviceId, rUidPermission);
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "execute: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
|
||||
|
||||
if (addResult == Constant::SUCCESS) {
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
} else {
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: end as: SyncUidPermissionCommand");
|
||||
}
|
||||
|
||||
void SyncUidPermissionCommand::Finish()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_INFO(LABEL, "clientProcessResult: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "base_remote_command.h"
|
||||
#include "permission_log.h"
|
||||
#include "subject_device_permission_manager.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "bms_adapter.h"
|
||||
#include "pms_adapter.h"
|
||||
#include "sync_uid_permission_command.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "SyncUidPermissionCommand"};
|
||||
}
|
||||
SyncUidPermissionCommand::SyncUidPermissionCommand(
|
||||
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
|
||||
: uid_(uid)
|
||||
{
|
||||
remoteProtocol_.commandName = COMMAND_NAME;
|
||||
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
|
||||
remoteProtocol_.srcDeviceId = srcDeviceId;
|
||||
remoteProtocol_.dstDeviceId = dstDeviceId;
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
}
|
||||
|
||||
SyncUidPermissionCommand::SyncUidPermissionCommand(const std::string &json)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
|
||||
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
|
||||
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
|
||||
uid_ = jsonObject.at("uid").get<int32_t>();
|
||||
}
|
||||
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
|
||||
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
|
||||
}
|
||||
|
||||
std::string SyncUidPermissionCommand::ToJsonPayload()
|
||||
{
|
||||
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
|
||||
j["uid"] = uid_;
|
||||
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
|
||||
return j.dump();
|
||||
}
|
||||
|
||||
void SyncUidPermissionCommand::Prepare()
|
||||
{
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
// Query PMS to get all permissions and read to send.
|
||||
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
// Check limit.
|
||||
int32_t count = 0;
|
||||
|
||||
for (auto bundle : uidPermission_.bundles) {
|
||||
count = bundle.permissions.size();
|
||||
if (count != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
|
||||
return;
|
||||
}
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "prepare: end as: SyncUidPermissionCommand");
|
||||
}
|
||||
|
||||
void SyncUidPermissionCommand::Execute()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
|
||||
return;
|
||||
}
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
|
||||
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
|
||||
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
|
||||
|
||||
// Re-granted the permissions
|
||||
UidBundleBo rUidPermission;
|
||||
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
|
||||
return;
|
||||
}
|
||||
|
||||
// Save the result.
|
||||
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
|
||||
remoteProtocol_.srcDeviceId, rUidPermission);
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "execute: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
|
||||
|
||||
if (addResult == Constant::SUCCESS) {
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
|
||||
} else {
|
||||
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
|
||||
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "execute: end as: SyncUidPermissionCommand");
|
||||
}
|
||||
|
||||
void SyncUidPermissionCommand::Finish()
|
||||
{
|
||||
remoteProtocol_.statusCode = Constant::SUCCESS;
|
||||
PERMISSION_LOG_INFO(LABEL, "clientProcessResult: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
@ -77,9 +77,10 @@ const std::map<std::string, int32_t> Constant::NAME_TO_OP_CODE_MAP = {
|
||||
bool Constant::PermissionNameToOrFromOpCode(std::string &permissionName, int32_t &opCode)
|
||||
{
|
||||
if (permissionName.empty()) {
|
||||
auto ite = std::find_if(NAME_TO_OP_CODE_MAP.begin(),
|
||||
NAME_TO_OP_CODE_MAP.end(),
|
||||
[opCode](const std::map<std::string, int32_t>::value_type &pair) { return opCode == pair.second; });
|
||||
auto ite = std::find_if(NAME_TO_OP_CODE_MAP.begin(), NAME_TO_OP_CODE_MAP.end(),
|
||||
[opCode](const std::map<std::string, int32_t>::value_type &pair) {
|
||||
return opCode == pair.second;
|
||||
});
|
||||
if (ite != NAME_TO_OP_CODE_MAP.end()) {
|
||||
permissionName = ite->first;
|
||||
return true;
|
||||
@ -101,9 +102,10 @@ const std::vector<std::string> Constant::USE_BY_LOCAL_APP_LIST = {
|
||||
|
||||
bool Constant::UseByLocalApp(std::string &permissionName)
|
||||
{
|
||||
auto it = std::find_if(USE_BY_LOCAL_APP_LIST.begin(),
|
||||
USE_BY_LOCAL_APP_LIST.end(),
|
||||
[&permissionName](const auto &useByLocalApp) { return permissionName == useByLocalApp; });
|
||||
auto it = std::find_if(USE_BY_LOCAL_APP_LIST.begin(), USE_BY_LOCAL_APP_LIST.end(),
|
||||
[&permissionName](const auto &useByLocalApp) {
|
||||
return permissionName == useByLocalApp;
|
||||
});
|
||||
if (it != USE_BY_LOCAL_APP_LIST.end()) {
|
||||
return true;
|
||||
}
|
||||
@ -137,19 +139,10 @@ const int32_t Constant::RESOURCE_SWITCH_STATUS_DENIED = 0;
|
||||
const int32_t Constant::RESOURCE_SWITCH_STATUS_ALLOWED = 1;
|
||||
|
||||
const std::vector<std::string> Constant::PERMISSION_RECORDS_GETTING_LIST = {"ohos.permission.READ_CONTACTS",
|
||||
"ohos.permission.GET_TELEPHONY_STATE",
|
||||
"ohos.permission.LOCATION",
|
||||
"ohos.permission.MICROPHONE",
|
||||
"ohos.permission.CAMERA",
|
||||
"ohos.permission.WRITE_CALENDAR",
|
||||
"ohos.permission.READ_CALENDAR",
|
||||
"ohos.permission.MEDIA_LOCATION",
|
||||
"ohos.permission.READ_MEDIA",
|
||||
"ohos.permission.WRITE_MEDIA",
|
||||
"ohos.permission.ACTIVITY_MOTION",
|
||||
"ohos.permission.READ_HEALTH_DATA",
|
||||
"ohos.permission.DISTRIBUTED_DATA"};
|
||||
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
"ohos.permission.GET_TELEPHONY_STATE", "ohos.permission.LOCATION", "ohos.permission.MICROPHONE",
|
||||
"ohos.permission.CAMERA", "ohos.permission.WRITE_CALENDAR", "ohos.permission.READ_CALENDAR",
|
||||
"ohos.permission.MEDIA_LOCATION", "ohos.permission.READ_MEDIA", "ohos.permission.WRITE_MEDIA",
|
||||
"ohos.permission.ACTIVITY_MOTION", "ohos.permission.READ_HEALTH_DATA", "ohos.permission.DISTRIBUTED_DATA"};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,68 +1,123 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_log.h"
|
||||
#include "zip_util.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ZipUtil"};
|
||||
}
|
||||
bool ZipUtil::ZipCompress(const std::string &input, const unsigned long tlen, unsigned char *output, unsigned long &len)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s called, input: %{public}s", __func__, input.c_str());
|
||||
|
||||
if (output == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
|
||||
return false;
|
||||
}
|
||||
if (compress(output, &len, (unsigned char *)input.c_str(), tlen) != Z_OK) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress failed!", __func__);
|
||||
return false;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ZipUtil::ZipUnCompress(
|
||||
const unsigned char *input, const unsigned long tlen, std::string &output, unsigned long len)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
|
||||
if (len <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return false;
|
||||
}
|
||||
unsigned char *buf = (unsigned char *)malloc(len + 1);
|
||||
if (buf == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
|
||||
return false;
|
||||
}
|
||||
if (uncompress(buf, &len, input, tlen) != Z_OK) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress failed!", __func__);
|
||||
free(buf);
|
||||
return false;
|
||||
}
|
||||
buf[len] = '\0';
|
||||
output = (char *)buf;
|
||||
free(buf);
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output.c_str());
|
||||
return true;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_log.h"
|
||||
#include "zip_util.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ZipUtil"};
|
||||
}
|
||||
bool ZipUtil::ZipCompress(const std::string &input, const unsigned long tlen, unsigned char *output, unsigned long &len)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s called, input: %{public}s", __func__, input.c_str());
|
||||
|
||||
if (output == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
|
||||
return false;
|
||||
}
|
||||
if (compress(output, &len, (unsigned char *)input.c_str(), tlen) != Z_OK) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress failed!", __func__);
|
||||
return false;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ZipUtil::ZipUnCompress(
|
||||
const unsigned char *input, const unsigned long tlen, std::string &output, unsigned long len)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
|
||||
if (len <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return false;
|
||||
}
|
||||
unsigned char *buf = (unsigned char *)malloc(len + 1);
|
||||
if (buf == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
|
||||
return false;
|
||||
}
|
||||
if (uncompress(buf, &len, input, tlen) != Z_OK) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress failed!", __func__);
|
||||
free(buf);
|
||||
return false;
|
||||
}
|
||||
buf[len] = '\0';
|
||||
output = (char *)buf;
|
||||
free(buf);
|
||||
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output.c_str());
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ZipUtil::CompressCode(const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output)
|
||||
{
|
||||
if (codeLen <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return false;
|
||||
}
|
||||
unsigned char *buf = (unsigned char *)malloc(codeLen + 1);
|
||||
if (buf == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
|
||||
return false;
|
||||
}
|
||||
if (!ZipUtil::ZipCompress(input, zipLen, buf, codeLen)) {
|
||||
if (buf != NULL) {
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
}
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress fail!", __func__);
|
||||
return false;
|
||||
}
|
||||
Base64Util::Encode(buf, codeLen, output);
|
||||
if (buf != NULL) {
|
||||
free(buf);
|
||||
buf = NULL;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ZipUtil::UnCompressDeCode(
|
||||
const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output)
|
||||
{
|
||||
if (codeLen <= 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
|
||||
return false;
|
||||
}
|
||||
unsigned char *pOut = (unsigned char *)malloc(codeLen + 1);
|
||||
if (pOut == NULL) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
|
||||
return false;
|
||||
}
|
||||
Base64Util::Decode(input, pOut, codeLen);
|
||||
if (!ZipUtil::ZipUnCompress(pOut, codeLen, output, zipLen)) {
|
||||
if (pOut != NULL) {
|
||||
free(pOut);
|
||||
pOut = NULL;
|
||||
}
|
||||
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress fail!", __func__);
|
||||
return false;
|
||||
}
|
||||
if (pOut != NULL) {
|
||||
free(pOut);
|
||||
pOut = NULL;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,76 +1,77 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef DEVICE_INFO_REPOSITORY_H
|
||||
#define DEVICE_INFO_REPOSITORY_H
|
||||
|
||||
#include <map>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <mutex>
|
||||
|
||||
#include "constant.h"
|
||||
#include "device_info.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class DeviceInfoRepository {
|
||||
public:
|
||||
static DeviceInfoRepository &GetInstance();
|
||||
|
||||
std::vector<DeviceInfo> ListDeviceInfo();
|
||||
|
||||
bool FindDeviceInfo(const std::string &nodeId, DeviceIdType type, DeviceInfo &deviceInfo);
|
||||
|
||||
void DeleteAllDeviceInfoExceptOne(const DeviceInfo deviceInfo);
|
||||
|
||||
void SaveDeviceInfo(const DeviceInfo deviceInfo);
|
||||
|
||||
void SaveDeviceInfo(const DeviceId deviceId, const std::string &deviceName, const std::string &deviceType);
|
||||
|
||||
void SaveDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
|
||||
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
|
||||
|
||||
void DeleteDeviceInfo(const std::string &nodeId, const DeviceIdType type);
|
||||
|
||||
void Clear();
|
||||
|
||||
private:
|
||||
bool FindDeviceIdByNodeIdLocked(const std::string &nodeId, const DeviceIdType type, DeviceId &deviceId) const;
|
||||
|
||||
bool FindDeviceInfoByDeviceIdLocked(const DeviceId deviceId, DeviceInfo &deviceInfo) const;
|
||||
|
||||
bool FindDeviceIdByNetworkIdLocked(const std::string &networkId, DeviceId &deviceId) const;
|
||||
|
||||
bool FindDeviceIdByUniversallyUniqueIdLocked(const std::string &universallyUniqueId, DeviceId &deviceId) const;
|
||||
|
||||
bool FindDeviceIdByUniqueDisabilityIdLocked(const std::string &uniqueDisabilityId, DeviceId &deviceId) const;
|
||||
|
||||
void DeleteDeviceInfoByDeviceIdLocked(const DeviceId deviceId);
|
||||
|
||||
std::map<std::string, DeviceId> deviceIdMapByNetworkId_;
|
||||
|
||||
std::map<std::string, DeviceId> deviceIdMapByUniversallyUniqueId_;
|
||||
|
||||
std::map<std::string, DeviceId> deviceIdMapByUniqueDisabilityId_;
|
||||
|
||||
std::map<std::string, DeviceInfo> deviceInfoMap_;
|
||||
|
||||
std::recursive_mutex stackLock_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // DEVICE_INFO_REPOSITORY_H
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef DEVICE_INFO_REPOSITORY_H
|
||||
#define DEVICE_INFO_REPOSITORY_H
|
||||
|
||||
#include <map>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <mutex>
|
||||
|
||||
#include "constant.h"
|
||||
#include "device_info.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
class DeviceInfoRepository {
|
||||
public:
|
||||
static DeviceInfoRepository &GetInstance();
|
||||
|
||||
std::vector<DeviceInfo> ListDeviceInfo();
|
||||
|
||||
bool FindDeviceInfo(const std::string &nodeId, DeviceIdType type, DeviceInfo &deviceInfo);
|
||||
|
||||
void DeleteAllDeviceInfoExceptOne(const DeviceInfo deviceInfo);
|
||||
|
||||
void SaveDeviceInfo(const DeviceInfo deviceInfo);
|
||||
|
||||
void SaveDeviceInfo(const DeviceId deviceId, const std::string &deviceName, const std::string &deviceType);
|
||||
|
||||
void SaveDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
|
||||
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
|
||||
|
||||
void DeleteDeviceInfo(const std::string &nodeId, const DeviceIdType type);
|
||||
|
||||
void Clear();
|
||||
|
||||
private:
|
||||
bool FindDeviceIdByNodeIdLocked(const std::string &nodeId, const DeviceIdType type, DeviceId &deviceId) const;
|
||||
|
||||
bool FindDeviceInfoByDeviceIdLocked(const DeviceId deviceId, DeviceInfo &deviceInfo) const;
|
||||
|
||||
bool FindDeviceIdByNetworkIdLocked(const std::string &networkId, DeviceId &deviceId) const;
|
||||
|
||||
bool FindDeviceIdByUniversallyUniqueIdLocked(const std::string &universallyUniqueId, DeviceId &deviceId) const;
|
||||
|
||||
bool FindDeviceIdByUniqueDisabilityIdLocked(const std::string &uniqueDisabilityId, DeviceId &deviceId) const;
|
||||
|
||||
void DeleteDeviceInfoByDeviceIdLocked(const DeviceId deviceId);
|
||||
|
||||
std::map<std::string, DeviceId> deviceIdMapByNetworkId_;
|
||||
|
||||
std::map<std::string, DeviceId> deviceIdMapByUniversallyUniqueId_;
|
||||
|
||||
std::map<std::string, DeviceId> deviceIdMapByUniqueDisabilityId_;
|
||||
|
||||
std::map<std::string, DeviceInfo> deviceInfoMap_;
|
||||
|
||||
std::recursive_mutex stackLock_;
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
#endif // DEVICE_INFO_REPOSITORY_H
|
@ -30,7 +30,7 @@
|
||||
#include "nlohmann/json.hpp"
|
||||
|
||||
#include "app_log_wrapper.h"
|
||||
#include "object_device_json.h"
|
||||
#include "object_device_json_object.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
@ -41,7 +41,7 @@ const std::string DEVICE_INFO_UID = "uid_";
|
||||
const std::string DEVICE_INFO_GRABTED_PERMISSION = "grantedPermission_";
|
||||
} // namespace
|
||||
|
||||
std::string &ObjectDeviceJson::ToJsonString(std::string &jsonString) const
|
||||
std::string &ObjectDeviceJsonObject::ToJsonString(std::string &jsonString) const
|
||||
{
|
||||
nlohmann::json jsonObject;
|
||||
jsonObject[DEVICE_INFO_DEVICE_ID] = deviceId_;
|
||||
@ -50,7 +50,7 @@ std::string &ObjectDeviceJson::ToJsonString(std::string &jsonString) const
|
||||
jsonString = jsonObject.dump();
|
||||
return jsonString;
|
||||
}
|
||||
bool ObjectDeviceJson::FromJsonString(const std::string &jsonString)
|
||||
bool ObjectDeviceJsonObject::FromJsonString(const std::string &jsonString)
|
||||
{
|
||||
nlohmann::json jsonObject = nlohmann::json::parse(jsonString);
|
||||
if (jsonObject.is_discarded()) {
|
@ -1,346 +1,346 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "object_device_permission_manager.h"
|
||||
#include "distributed_permission_manager_service.h"
|
||||
#include "permission_kit.h"
|
||||
#include "permission_callback.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionManager"};
|
||||
}
|
||||
ObjectDevicePermissionManager::ObjectDevicePermissionManager() : recovered_(false), registered_(false)
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionManager::~ObjectDevicePermissionManager()
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionManager &ObjectDevicePermissionManager::GetInstance()
|
||||
{
|
||||
static ObjectDevicePermissionManager instance;
|
||||
return instance;
|
||||
}
|
||||
|
||||
/**
|
||||
* If not successfully recovered, recover from file.
|
||||
*/
|
||||
void ObjectDevicePermissionManager::Init()
|
||||
{
|
||||
if (!recovered_.load()) {
|
||||
bool recoverResult = ObjectDevicePermissionRepository::GetInstance().RecoverFromFile();
|
||||
PERMISSION_LOG_INFO(LABEL, "init: recoverResult:%{public}s", recoverResult ? "true" : "false");
|
||||
recovered_.store(recoverResult);
|
||||
}
|
||||
bool falseFlag = false;
|
||||
if (registered_.compare_exchange_strong(falseFlag, true)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "Register uid permission and state changed callback.");
|
||||
MonitorManager::GetInstance().AddOnPermissionChangedListener("ObjectDevicePermissionManager",
|
||||
std::make_shared<std::function<void(int32_t uid, const std::string &packageName)>>(
|
||||
[&](int32_t uid, const std::string &packageName) { this->NotifyPermissionChanged(uid); }));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
|
||||
* for all deviceIds that has a relationship with given uid.
|
||||
*
|
||||
* @param uid The operation uid in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1.
|
||||
*/
|
||||
int32_t ObjectDevicePermissionManager::NotifyPermissionChanged(const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "notifyPermissionChanged: operation start with uid:%{public}d", uid);
|
||||
// Check uid is negative, do remove operation instead.
|
||||
if (uid == SPECIAL_INVALID_UID) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid: -1 is SPECIAL_INVALID_UID, return SUCCESS");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
if (uid < 0) {
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "notifyPermissionChanged: uid: %{public}d is negative, call removeNotifyPermissionMonitorUid", uid);
|
||||
return RemoveNotifyPermissionMonitorUid(-uid);
|
||||
}
|
||||
|
||||
// For special uid, do not need to notify.
|
||||
if (DistributedDataValidator::IsSpecRuid(uid)) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid is special, return success");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
// Find all deviceIds and build command, push to RemoteExecutorManager.
|
||||
const std::set<std::string> toSyncDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
|
||||
for (const std::string &deviceId : toSyncDevices) {
|
||||
const std::shared_ptr<SyncUidPermissionCommand> command =
|
||||
RemoteCommandFactory::GetInstance().NewSyncUidPermissionCommand(
|
||||
uid, Constant::GetLocalDeviceId(), deviceId);
|
||||
const int32_t resultCode = RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
|
||||
if (resultCode != Constant::SUCCESS) {
|
||||
PERMISSION_LOG_WARN(LABEL,
|
||||
"notifyPermissionChanged: SyncUidPermissionCommand resultCode is not SUCCESS: %{public}d",
|
||||
resultCode);
|
||||
}
|
||||
}
|
||||
|
||||
if (toSyncDevices.empty()) {
|
||||
PERMISSION_LOG_DEBUG(
|
||||
LABEL, "notifyPermissionChanged: devicesToSync is empty, no need to notify, return success");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
// Start a new thread to wait 1000 milliseconds, and return the result.
|
||||
return ProcessDeviceCommandImmediately(uid, toSyncDevices);
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUid(const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: operation start with uid: %{public}d", uid);
|
||||
|
||||
// For special uid, do not need to notify.
|
||||
if (DistributedDataValidator::IsSpecRuid(uid)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: uid is special, return success");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
// Find all deviceIds and build command.
|
||||
const std::set<std::string> toDeleteDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
|
||||
|
||||
for (const std::string &deviceId : toDeleteDevices) {
|
||||
const std::shared_ptr<DeleteUidPermissionCommand> command =
|
||||
RemoteCommandFactory::GetInstance().NewDeleteUidPermissionCommand(
|
||||
uid, Constant::GetLocalDeviceId(), deviceId);
|
||||
RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
|
||||
}
|
||||
// Remove uid to deviceId relationship anyway.
|
||||
ObjectDevicePermissionRepository::GetInstance().RemoveUid(uid);
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
|
||||
// Ask RemoteExecutorManager to process command
|
||||
return RemoteCommandManager::GetInstance().Loop();
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::ProcessDeviceCommandImmediately(
|
||||
const int32_t uid, const std::set<std::string> &devicesToSync)
|
||||
{
|
||||
const std::shared_ptr<CountDownLatch> latch = std::make_shared<CountDownLatch>(1);
|
||||
std::string taskName("ProcessDeviceCommandImmediately");
|
||||
auto task = [devicesToSync, uid, latch]() {
|
||||
for (std::string deviceId : devicesToSync) {
|
||||
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(deviceId);
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"processDeviceCommandImmediately: all thread for NotifyPermissionChanged finish "
|
||||
"for uid: %{public}d finished",
|
||||
uid);
|
||||
latch->CountDown();
|
||||
};
|
||||
std::thread thread(task);
|
||||
thread.detach();
|
||||
latch->Await(MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT);
|
||||
if (latch->GetCount() != 0L) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged time out, return FAILURE");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged succeed, return SUCCESS");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"addNotifyPermissionMonitorUid: operation start with deviceId: %{public}s",
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
|
||||
if (!DistributedDataValidator::IsDeviceIdValid(deviceId) || !DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL,
|
||||
"addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: deviceId or uid "
|
||||
"is invalid, return FAILURE");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
if (DistributedDataValidator::IsSpecRuid(uid)) {
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: uid is special, return SUCCESS");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
ObjectDevicePermissionRepository::GetInstance().PutDeviceIdUidPair(deviceId, uid);
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::NotifySyncPermission(
|
||||
std::string &deviceId, int32_t uid, std::string &packageName)
|
||||
{
|
||||
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "notifySyncPermission: invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
return Constant::INVALID_DEVICE_ID;
|
||||
}
|
||||
if (!DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
if (packageName.empty()) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid pkgName:%{public}s", packageName.c_str());
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::shared_ptr<DistributedPermissionEventHandler> handler =
|
||||
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
|
||||
if (handler == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
|
||||
} else {
|
||||
std::string taskName("RequestPermissionsFromRemoteTimeout");
|
||||
auto task = [&deviceId, &uid, this]() {
|
||||
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
|
||||
std::shared_ptr<SyncUidPermissionCommand> syncUidPermissionCommand =
|
||||
std::make_shared<SyncUidPermissionCommand>(uid, Constant::GetLocalDeviceId(), deviceId);
|
||||
int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand(deviceId, syncUidPermissionCommand);
|
||||
if (resultCode == Constant::SUCCESS) {
|
||||
AddNotifyPermissionMonitorUid(deviceId, uid);
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: get resultCode:%{public}d", resultCode);
|
||||
};
|
||||
handler->PostTask(task, taskName);
|
||||
}
|
||||
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
|
||||
"%{public}d ,uid = %{public}d ",
|
||||
permission.c_str(),
|
||||
Constant::EncryptDevId(deviceId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
int32_t result = VerifyPermissionFromRemoteInner(permission, deviceId, pid, uid);
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
|
||||
"%{public}d ,uid = %{public}d ",
|
||||
permission.c_str(),
|
||||
Constant::EncryptDevId(deviceId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
return result;
|
||||
}
|
||||
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemoteInner(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "VerifyPermissionFromRemoteInner: start");
|
||||
|
||||
if (!IsValidVerificationParams(permission, deviceId, uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "VerifyPermissionFromRemoteInner: with invalid param");
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
if (!DeviceInfoManager::GetInstance().ExistDeviceInfo(deviceId, DeviceIdType::UNIQUE_DISABILITY_ID)) {
|
||||
PERMISSION_LOG_ERROR(LABEL,
|
||||
"VerifyPermissionFromRemoteInner:device is ot online: %{public}s",
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
if (UserHandleManager::IsRootOrSystemUid(uid)) {
|
||||
return Constant::PERMISSION_GRANTED;
|
||||
}
|
||||
if (PermissionBmsManager::GetInstance().IsSystemSignatureUid(uid)) {
|
||||
// For system program,check if self have the permissin ,the permission will sync to object
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
|
||||
std::vector<std::string> bundleNames;
|
||||
iBundleManager_->GetBundlesForUid(uid, bundleNames);
|
||||
bool allPermissionFlag = true;
|
||||
for (auto bundleName : bundleNames) {
|
||||
if (Permission::PermissionKit::VerifyPermission(bundleName, permission, Constant::DEFAULT_USERID) !=
|
||||
Constant::PERMISSION_GRANTED) {
|
||||
allPermissionFlag = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (allPermissionFlag && bundleNames.size() > 0) {
|
||||
return Constant::PERMISSION_GRANTED;
|
||||
}
|
||||
}
|
||||
return ObjectDevicePermissionRepository::GetInstance().VerifyPermissionFromRemote(permission, deviceId, pid, uid);
|
||||
}
|
||||
bool ObjectDevicePermissionManager::IsValidVerificationParams(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t uid)
|
||||
{
|
||||
if (!DistributedDataValidator::IsPermissionNameValid(permission)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "invalid permission: %{public}s", permission.c_str());
|
||||
return false;
|
||||
}
|
||||
if (!BaseRemoteCommand::IsSensitiveResource(permission)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, " permission is not sensitive permission: %{public}s", permission.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
return false;
|
||||
}
|
||||
if (!DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "uid is invalid: %{public}d", uid);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
void ObjectDevicePermissionManager::ResetGrantSensitivePermission(
|
||||
std::string &deviceId, int32_t uid, std::set<std::string> &permissions)
|
||||
{
|
||||
ObjectDevicePermissionRepository::GetInstance().GetOrCreateObjectDevice(deviceId)->ResetGrantSensitivePermission(
|
||||
uid, permissions);
|
||||
}
|
||||
void ObjectDevicePermissionManager::RemoveObject(const std::string &deviceId)
|
||||
{
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "removeObject: operation start with deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
ObjectDevicePermissionRepository::GetInstance().RemoveDeviceId(deviceId);
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
};
|
||||
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUserId(const int32_t userId)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(remove_notify_permission_monitor_user_id_locl_);
|
||||
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUserId: operation start with uid: %{public}d", userId);
|
||||
std::set<int32_t> uidList = ObjectDevicePermissionRepository::GetInstance().ListAllUid();
|
||||
std::set<int32_t>::iterator iter;
|
||||
int32_t resultCode = Constant::FAILURE;
|
||||
for (iter = uidList.begin(); iter != uidList.end(); iter++) {
|
||||
if (userId == (*iter / UserHandleManager::PER_USER_RANGE)) {
|
||||
int32_t result = RemoveNotifyPermissionMonitorUid(*iter);
|
||||
if (result == Constant::SUCCESS) {
|
||||
resultCode = Constant::SUCCESS;
|
||||
}
|
||||
}
|
||||
}
|
||||
return resultCode;
|
||||
};
|
||||
|
||||
void ObjectDevicePermissionManager::Clear()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "clear: remove caches related to all object devices");
|
||||
ObjectDevicePermissionRepository::GetInstance().Clear();
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "object_device_permission_manager.h"
|
||||
#include "distributed_permission_manager_service.h"
|
||||
#include "permission_kit.h"
|
||||
#include "permission_callback.h"
|
||||
#include "bms_adapter.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionManager"};
|
||||
}
|
||||
ObjectDevicePermissionManager::ObjectDevicePermissionManager() : recovered_(false), registered_(false)
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionManager::~ObjectDevicePermissionManager()
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionManager &ObjectDevicePermissionManager::GetInstance()
|
||||
{
|
||||
static ObjectDevicePermissionManager instance;
|
||||
return instance;
|
||||
}
|
||||
|
||||
/**
|
||||
* If not successfully recovered, recover from file.
|
||||
*/
|
||||
void ObjectDevicePermissionManager::Init()
|
||||
{
|
||||
if (!recovered_.load()) {
|
||||
bool recoverResult = ObjectDevicePermissionRepository::GetInstance().RecoverFromFile();
|
||||
PERMISSION_LOG_INFO(LABEL, "init: recoverResult:%{public}s", recoverResult ? "true" : "false");
|
||||
recovered_.store(recoverResult);
|
||||
}
|
||||
bool falseFlag = false;
|
||||
if (registered_.compare_exchange_strong(falseFlag, true)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "Register uid permission and state changed callback.");
|
||||
MonitorManager::GetInstance().AddOnPermissionChangedListener("ObjectDevicePermissionManager",
|
||||
std::make_shared<std::function<void(int32_t uid, const std::string &packageName)>>(
|
||||
[&](int32_t uid, const std::string &packageName) { this->NotifyPermissionChanged(uid); }));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
|
||||
* for all deviceIds that has a relationship with given uid.
|
||||
*
|
||||
* @param uid The operation uid in local device.
|
||||
* @return SUCCESS: 0; FAILURE: -1.
|
||||
*/
|
||||
int32_t ObjectDevicePermissionManager::NotifyPermissionChanged(const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "notifyPermissionChanged: operation start with uid:%{public}d", uid);
|
||||
// Check uid is negative, do remove operation instead.
|
||||
if (uid == SPECIAL_INVALID_UID) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid: -1 is SPECIAL_INVALID_UID, return SUCCESS");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
if (uid < 0) {
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "notifyPermissionChanged: uid: %{public}d is negative, call removeNotifyPermissionMonitorUid", uid);
|
||||
return RemoveNotifyPermissionMonitorUid(-uid);
|
||||
}
|
||||
|
||||
// For special uid, do not need to notify.
|
||||
if (DistributedDataValidator::IsSpecRuid(uid)) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid is special, return success");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
// Find all deviceIds and build command, push to RemoteExecutorManager.
|
||||
const std::set<std::string> toSyncDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
|
||||
for (const std::string &deviceId : toSyncDevices) {
|
||||
const std::shared_ptr<SyncUidPermissionCommand> command =
|
||||
RemoteCommandFactory::GetInstance().NewSyncUidPermissionCommand(
|
||||
uid, Constant::GetLocalDeviceId(), deviceId);
|
||||
const int32_t resultCode = RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
|
||||
if (resultCode != Constant::SUCCESS) {
|
||||
PERMISSION_LOG_WARN(LABEL,
|
||||
"notifyPermissionChanged: SyncUidPermissionCommand resultCode is not SUCCESS: %{public}d",
|
||||
resultCode);
|
||||
}
|
||||
}
|
||||
|
||||
if (toSyncDevices.empty()) {
|
||||
PERMISSION_LOG_DEBUG(
|
||||
LABEL, "notifyPermissionChanged: devicesToSync is empty, no need to notify, return success");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
// Start a new thread to wait 1000 milliseconds, and return the result.
|
||||
return ProcessDeviceCommandImmediately(uid, toSyncDevices);
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUid(const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: operation start with uid: %{public}d", uid);
|
||||
|
||||
// For special uid, do not need to notify.
|
||||
if (DistributedDataValidator::IsSpecRuid(uid)) {
|
||||
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: uid is special, return success");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
// Find all deviceIds and build command.
|
||||
const std::set<std::string> toDeleteDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
|
||||
|
||||
for (const std::string &deviceId : toDeleteDevices) {
|
||||
const std::shared_ptr<DeleteUidPermissionCommand> command =
|
||||
RemoteCommandFactory::GetInstance().NewDeleteUidPermissionCommand(
|
||||
uid, Constant::GetLocalDeviceId(), deviceId);
|
||||
RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
|
||||
}
|
||||
// Remove uid to deviceId relationship anyway.
|
||||
ObjectDevicePermissionRepository::GetInstance().RemoveUid(uid);
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
|
||||
// Ask RemoteExecutorManager to process command
|
||||
return RemoteCommandManager::GetInstance().Loop();
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::ProcessDeviceCommandImmediately(const int32_t uid,
|
||||
const std::set<std::string> &devicesToSync) const
|
||||
{
|
||||
const std::shared_ptr<CountDownLatch> latch = std::make_shared<CountDownLatch>(1);
|
||||
std::string taskName("ProcessDeviceCommandImmediately");
|
||||
auto task = [devicesToSync, uid, latch]() {
|
||||
for (std::string deviceId : devicesToSync) {
|
||||
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(deviceId);
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"processDeviceCommandImmediately: all thread for NotifyPermissionChanged finish "
|
||||
"for uid: %{public}d finished",
|
||||
uid);
|
||||
latch->CountDown();
|
||||
};
|
||||
std::thread thread(task);
|
||||
thread.detach();
|
||||
latch->Await(MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT);
|
||||
if (latch->GetCount() != 0L) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged time out, return FAILURE");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged succeed, return SUCCESS");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"addNotifyPermissionMonitorUid: operation start with deviceId: %{public}s",
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
|
||||
if (!DistributedDataValidator::IsDeviceIdValid(deviceId) || !DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL,
|
||||
"addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: deviceId or uid "
|
||||
"is invalid, return FAILURE");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
if (DistributedDataValidator::IsSpecRuid(uid)) {
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: uid is special, return SUCCESS");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
ObjectDevicePermissionRepository::GetInstance().PutDeviceIdUidPair(deviceId, uid);
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionManager::NotifySyncPermission(
|
||||
std::string &deviceId, int32_t uid, std::string &packageName)
|
||||
{
|
||||
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "notifySyncPermission: invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
return Constant::INVALID_DEVICE_ID;
|
||||
}
|
||||
if (!DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
if (packageName.empty()) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid pkgName:%{public}s", packageName.c_str());
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::shared_ptr<DistributedPermissionEventHandler> handler =
|
||||
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
|
||||
if (handler == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
|
||||
} else {
|
||||
std::string taskName("RequestPermissionsFromRemoteTimeout");
|
||||
auto task = [&deviceId, &uid, this]() {
|
||||
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
|
||||
std::shared_ptr<SyncUidPermissionCommand> syncUidPermissionCommand =
|
||||
std::make_shared<SyncUidPermissionCommand>(uid, Constant::GetLocalDeviceId(), deviceId);
|
||||
int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand(deviceId, syncUidPermissionCommand);
|
||||
if (resultCode == Constant::SUCCESS) {
|
||||
AddNotifyPermissionMonitorUid(deviceId, uid);
|
||||
}
|
||||
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: get resultCode:%{public}d", resultCode);
|
||||
};
|
||||
handler->PostTask(task, taskName);
|
||||
}
|
||||
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
|
||||
"%{public}d ,uid = %{public}d ",
|
||||
permission.c_str(),
|
||||
Constant::EncryptDevId(deviceId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
int32_t result = VerifyPermissionFromRemoteInner(permission, deviceId, pid, uid);
|
||||
PERMISSION_LOG_DEBUG(LABEL,
|
||||
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
|
||||
"%{public}d ,uid = %{public}d ",
|
||||
permission.c_str(),
|
||||
Constant::EncryptDevId(deviceId).c_str(),
|
||||
pid,
|
||||
uid);
|
||||
return result;
|
||||
}
|
||||
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemoteInner(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "VerifyPermissionFromRemoteInner: start");
|
||||
|
||||
if (!IsValidVerificationParams(permission, deviceId, uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "VerifyPermissionFromRemoteInner: with invalid param");
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
if (!DeviceInfoManager::GetInstance().ExistDeviceInfo(deviceId, DeviceIdType::UNIQUE_DISABILITY_ID)) {
|
||||
PERMISSION_LOG_ERROR(LABEL,
|
||||
"VerifyPermissionFromRemoteInner:device is ot online: %{public}s",
|
||||
Constant::EncryptDevId(deviceId).c_str());
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
if (UserHandleManager::IsRootOrSystemUid(uid)) {
|
||||
return Constant::PERMISSION_GRANTED;
|
||||
}
|
||||
if (PermissionBmsManager::GetInstance().IsSystemSignatureUid(uid)) {
|
||||
// For system program,check if self have the permissin ,the permission will sync to object
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
|
||||
std::vector<std::string> bundleNames;
|
||||
iBundleManager_->GetBundlesForUid(uid, bundleNames);
|
||||
bool allPermissionFlag = true;
|
||||
for (auto bundleName : bundleNames) {
|
||||
if (Permission::PermissionKit::VerifyPermission(bundleName, permission, Constant::DEFAULT_USERID) !=
|
||||
Constant::PERMISSION_GRANTED) {
|
||||
allPermissionFlag = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (allPermissionFlag && bundleNames.size() > 0) {
|
||||
return Constant::PERMISSION_GRANTED;
|
||||
}
|
||||
}
|
||||
return ObjectDevicePermissionRepository::GetInstance().VerifyPermissionFromRemote(permission, deviceId, pid, uid);
|
||||
}
|
||||
bool ObjectDevicePermissionManager::IsValidVerificationParams(const std::string &permission,
|
||||
const std::string &deviceId, const int32_t uid) const
|
||||
{
|
||||
if (!DistributedDataValidator::IsPermissionNameValid(permission)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "invalid permission: %{public}s", permission.c_str());
|
||||
return false;
|
||||
}
|
||||
if (!BaseRemoteCommand::IsSensitiveResource(permission)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, " permission is not sensitive permission: %{public}s", permission.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
return false;
|
||||
}
|
||||
if (!DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "uid is invalid: %{public}d", uid);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
void ObjectDevicePermissionManager::ResetGrantSensitivePermission(
|
||||
std::string &deviceId, int32_t uid, std::set<std::string> &permissions)
|
||||
{
|
||||
ObjectDevicePermissionRepository::GetInstance().GetOrCreateObjectDevice(deviceId)->ResetGrantSensitivePermission(
|
||||
uid, permissions);
|
||||
}
|
||||
void ObjectDevicePermissionManager::RemoveObject(const std::string &deviceId)
|
||||
{
|
||||
PERMISSION_LOG_INFO(
|
||||
LABEL, "removeObject: operation start with deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
|
||||
ObjectDevicePermissionRepository::GetInstance().RemoveDeviceId(deviceId);
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
};
|
||||
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUserId(const int32_t userId)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(remove_notify_permission_monitor_user_id_locl_);
|
||||
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUserId: operation start with uid: %{public}d", userId);
|
||||
std::set<int32_t> uidList = ObjectDevicePermissionRepository::GetInstance().ListAllUid();
|
||||
std::set<int32_t>::iterator iter;
|
||||
int32_t resultCode = Constant::FAILURE;
|
||||
for (iter = uidList.begin(); iter != uidList.end(); iter++) {
|
||||
if (userId == (*iter / UserHandleManager::PER_USER_RANGE)) {
|
||||
int32_t result = RemoveNotifyPermissionMonitorUid(*iter);
|
||||
if (result == Constant::SUCCESS) {
|
||||
resultCode = Constant::SUCCESS;
|
||||
}
|
||||
}
|
||||
}
|
||||
return resultCode;
|
||||
};
|
||||
|
||||
void ObjectDevicePermissionManager::Clear()
|
||||
{
|
||||
PERMISSION_LOG_INFO(LABEL, "clear: remove caches related to all object devices");
|
||||
ObjectDevicePermissionRepository::GetInstance().Clear();
|
||||
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
|
||||
};
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
@ -1,337 +1,337 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "object_device_permission_repository.h"
|
||||
|
||||
// #include "req_object_device.h"
|
||||
// #include "req_object_device object_uid.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionRepository"};
|
||||
}
|
||||
namespace {
|
||||
const std::string JSON_KEY_DEVICE_JSON = "devicesJson_";
|
||||
} // namespace
|
||||
ObjectDevicePermissionRepository::ObjectDevicePermissionRepository()
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionRepository::~ObjectDevicePermissionRepository()
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionRepository &ObjectDevicePermissionRepository::GetInstance()
|
||||
{
|
||||
static ObjectDevicePermissionRepository instance;
|
||||
return instance;
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionRepository::VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
auto iter = objectDevices_.find(deviceId);
|
||||
if (iter == objectDevices_.end()) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "VerifyPermissionFromRemote:the deviceUids is null and it has not been initialized");
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (objectDevices_.at(deviceId)->IsGrantPermission(uid, permission)) {
|
||||
return Constant::PERMISSION_GRANTED;
|
||||
}
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
std::shared_ptr<ObjectDevice> ObjectDevicePermissionRepository::GetOrCreateObjectDevice(std::string &deviceId)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
auto iter = objectDevices_.find(deviceId);
|
||||
if (iter != objectDevices_.end()) {
|
||||
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
|
||||
if (device == nullptr) {
|
||||
device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
}
|
||||
return device;
|
||||
}
|
||||
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
return device;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::PutDeviceIdUidPair(const std::string deviceId, const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
auto iter = objectDevices_.find(deviceId);
|
||||
if (iter != objectDevices_.end()) {
|
||||
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
|
||||
if (device == nullptr) {
|
||||
device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
}
|
||||
device->AddObjectUid(uid);
|
||||
return;
|
||||
}
|
||||
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
device->AddObjectUid(uid);
|
||||
}
|
||||
std::vector<ObjectDeviceJson> ObjectDevicePermissionRepository::GetDevicesJsonVector()
|
||||
{
|
||||
std::vector<ObjectDeviceJson> objectDeviceJson;
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
std::string deviceId = iter->first;
|
||||
if (iter->second == nullptr) {
|
||||
continue;
|
||||
}
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> objectUids = iter->second->GetUidPermissions();
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator iterU;
|
||||
for (iterU = objectUids.begin(); iterU != objectUids.end(); iterU++) {
|
||||
std::string uid = std::to_string(iterU->second->GetUid());
|
||||
std::set<std::string> grabtedPermissions = iterU->second->GetGrabtedPermission();
|
||||
if (grabtedPermissions.size() == 0) {
|
||||
std::string noGrabtedPermission("");
|
||||
ObjectDeviceJson odj = {deviceId, uid, noGrabtedPermission};
|
||||
objectDeviceJson.push_back(odj);
|
||||
}
|
||||
std::set<std::string>::iterator iterSet;
|
||||
for (iterSet = grabtedPermissions.begin(); iterSet != grabtedPermissions.end(); iterSet++) {
|
||||
std::string grabtedPermission = *iterSet;
|
||||
ObjectDeviceJson odj = {deviceId, uid, grabtedPermission};
|
||||
objectDeviceJson.push_back(odj);
|
||||
}
|
||||
}
|
||||
}
|
||||
return objectDeviceJson;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::SaveToFile()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::vector<ObjectDeviceJson> objectDeviceVector = GetDevicesJsonVector();
|
||||
DevicesJsonVector devicesJsonVector = {objectDeviceVector};
|
||||
nlohmann::json j = devicesJsonVector;
|
||||
std::string devicesJsonVectorStr = j.dump();
|
||||
std::ofstream out(repository_file_path_);
|
||||
out << devicesJsonVectorStr << std::endl;
|
||||
out.close();
|
||||
}
|
||||
bool ObjectDevicePermissionRepository::RecoverFromFile()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::ifstream jsonStream(repository_file_path_);
|
||||
if (!jsonStream.good()) {
|
||||
return false;
|
||||
}
|
||||
nlohmann::json jsonResult;
|
||||
jsonStream >> jsonResult;
|
||||
DevicesJsonVector devicesJsonVector = jsonResult.get<DevicesJsonVector>();
|
||||
std::vector<ObjectDeviceJson> devicesJson = devicesJsonVector.devicesJson_;
|
||||
std::string lastTimeDeviceId("");
|
||||
std::string lastTimeUid("");
|
||||
std::set<std::string> lastPermissionSet;
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> lastUniPermissions;
|
||||
for (std::vector<ObjectDeviceJson>::iterator it = devicesJson.begin(); it != devicesJson.end(); it++) {
|
||||
std::string deviceId = it->deviceId_;
|
||||
std::string uid = it->uid_;
|
||||
std::string grabtedPermission = it->grantedPermission_;
|
||||
if ((lastTimeDeviceId != deviceId || lastTimeUid != uid) && !lastTimeUid.empty()) {
|
||||
std::shared_ptr<ObjectUid> uidResult =
|
||||
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
|
||||
lastUniPermissions.insert(
|
||||
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
|
||||
lastPermissionSet.clear();
|
||||
}
|
||||
if (lastTimeDeviceId != deviceId) {
|
||||
if (!lastTimeDeviceId.empty()) {
|
||||
std::shared_ptr<ObjectDevice> objectDeviceResult =
|
||||
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
|
||||
objectDevices_.insert(
|
||||
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
|
||||
lastUniPermissions.clear();
|
||||
}
|
||||
}
|
||||
if (!grabtedPermission.empty()) {
|
||||
lastPermissionSet.insert(grabtedPermission);
|
||||
}
|
||||
lastTimeDeviceId = deviceId;
|
||||
lastTimeUid = uid;
|
||||
}
|
||||
if (devicesJson.size() > 0) {
|
||||
std::shared_ptr<ObjectUid> uidResult =
|
||||
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
|
||||
lastUniPermissions.insert(
|
||||
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
|
||||
std::shared_ptr<ObjectDevice> objectDeviceResult =
|
||||
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
|
||||
objectDevices_.insert(
|
||||
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
std::set<std::string> ObjectDevicePermissionRepository::ListDeviceId(const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::set<std::string> set;
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
if (iter->second->ContainUid(uid)) {
|
||||
set.insert(iter->second->GetDeviceId());
|
||||
}
|
||||
}
|
||||
return set;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::RemoveUid(const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
iter->second->RemoveObjectUid(uid);
|
||||
}
|
||||
}
|
||||
void ObjectDevicePermissionRepository::RemoveDeviceId(const std::string &deviceId)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
objectDevices_.erase(deviceId);
|
||||
}
|
||||
std::set<int32_t> ObjectDevicePermissionRepository::ListAllUid()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::set<int32_t> s;
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> m = iter->second->GetUidPermissions();
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator it;
|
||||
for (it = m.begin(); it != m.end(); it++) {
|
||||
s.insert(it->second->GetUid());
|
||||
}
|
||||
}
|
||||
return s;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::Clear()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
objectDevices_.clear();
|
||||
}
|
||||
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector)
|
||||
{
|
||||
std::vector<std::string> deviceStrings;
|
||||
for (const ObjectDeviceJson &objectDeviceJson : devicesJsonVector.devicesJson_) {
|
||||
std::string deviceStr;
|
||||
objectDeviceJson.ToJsonString(deviceStr);
|
||||
deviceStrings.emplace_back(deviceStr);
|
||||
}
|
||||
jsonObject[JSON_KEY_DEVICE_JSON] = deviceStrings;
|
||||
}
|
||||
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector)
|
||||
{
|
||||
if (jsonObject.find(JSON_KEY_DEVICE_JSON) != jsonObject.end()) {
|
||||
std::vector<std::string> deviceStrings = jsonObject.at(JSON_KEY_DEVICE_JSON).get<std::vector<std::string>>();
|
||||
for (std::string &deviceStr : deviceStrings) {
|
||||
ObjectDeviceJson objectDeviceJson;
|
||||
objectDeviceJson.FromJsonString(deviceStr);
|
||||
devicesJsonVector.devicesJson_.emplace_back(objectDeviceJson);
|
||||
}
|
||||
}
|
||||
}
|
||||
ObjectDevice::ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions)
|
||||
: deviceId_(deviceId)
|
||||
{
|
||||
for (auto it = uniPermissions.begin(); it != uniPermissions.end(); it++) {
|
||||
uniPermissions_.insert(*it);
|
||||
}
|
||||
}
|
||||
std::string ObjectDevice::GetDeviceId()
|
||||
{
|
||||
return deviceId_;
|
||||
}
|
||||
bool ObjectDevice::ContainUid(int32_t uid)
|
||||
{
|
||||
return uniPermissions_.find(uid) != uniPermissions_.end();
|
||||
}
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> ObjectDevice::GetUidPermissions()
|
||||
{
|
||||
return uniPermissions_;
|
||||
}
|
||||
void ObjectDevice::AddObjectUid(int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
|
||||
uniPermissions_.insert(std::pair<int32_t, std::shared_ptr<ObjectUid>>(uid, std::make_shared<ObjectUid>(uid)));
|
||||
}
|
||||
void ObjectDevice::RemoveObjectUid(int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
|
||||
uniPermissions_.erase(uid);
|
||||
}
|
||||
void ObjectDevice::ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
|
||||
if (ContainUid(uid)) {
|
||||
auto iter = uniPermissions_.find(uid);
|
||||
if (iter != uniPermissions_.end()) {
|
||||
uniPermissions_.at(uid)->ResetGrantSensitivePermission(permissions);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bool ObjectDevice::IsGrantPermission(int32_t uid, std::string permission)
|
||||
{
|
||||
if (ContainUid(uid)) {
|
||||
auto iter = uniPermissions_.find(uid);
|
||||
if (iter != uniPermissions_.end()) {
|
||||
return uniPermissions_.at(uid)->IsGrantPermission(permission);
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
int32_t ObjectUid::GetUid()
|
||||
{
|
||||
return uid_;
|
||||
}
|
||||
std::set<std::string> ObjectUid::GetGrabtedPermission()
|
||||
{
|
||||
return grantedPermission_;
|
||||
}
|
||||
|
||||
void ObjectUid::ResetGrantSensitivePermission(std::set<std::string> permissions)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_uid_locl_);
|
||||
if (permissions.size() == 0) {
|
||||
return;
|
||||
}
|
||||
grantedPermission_.clear();
|
||||
std::set<std::string>::iterator iter;
|
||||
for (iter = permissions.begin(); iter != permissions.end(); iter++) {
|
||||
if (BaseRemoteCommand::IsSensitiveResource(*iter)) {
|
||||
grantedPermission_.insert(*iter);
|
||||
}
|
||||
}
|
||||
}
|
||||
bool ObjectUid::IsGrantPermission(std::string permission)
|
||||
{
|
||||
return grantedPermission_.count(permission) > 0;
|
||||
}
|
||||
ObjectUid::ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission) : uid_(uid)
|
||||
{
|
||||
std::set<std::string>::iterator it;
|
||||
for (auto it = grabtedPermission.begin(); it != grabtedPermission.end(); it++) {
|
||||
grantedPermission_.insert(*it);
|
||||
}
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "object_device_permission_repository.h"
|
||||
|
||||
// #include "req_object_device.h"
|
||||
// #include "req_object_device object_uid.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
|
||||
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionRepository"};
|
||||
}
|
||||
namespace {
|
||||
const std::string JSON_KEY_DEVICE_JSON = "devicesJson_";
|
||||
} // namespace
|
||||
ObjectDevicePermissionRepository::ObjectDevicePermissionRepository()
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionRepository::~ObjectDevicePermissionRepository()
|
||||
{}
|
||||
|
||||
ObjectDevicePermissionRepository &ObjectDevicePermissionRepository::GetInstance()
|
||||
{
|
||||
static ObjectDevicePermissionRepository instance;
|
||||
return instance;
|
||||
}
|
||||
|
||||
int32_t ObjectDevicePermissionRepository::VerifyPermissionFromRemote(
|
||||
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
auto iter = objectDevices_.find(deviceId);
|
||||
if (iter == objectDevices_.end()) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "VerifyPermissionFromRemote:the deviceUids is null and it has not been initialized");
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (objectDevices_.at(deviceId)->IsGrantPermission(uid, permission)) {
|
||||
return Constant::PERMISSION_GRANTED;
|
||||
}
|
||||
return Constant::PERMISSION_DENIED;
|
||||
}
|
||||
std::shared_ptr<ObjectDevice> ObjectDevicePermissionRepository::GetOrCreateObjectDevice(std::string &deviceId)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
auto iter = objectDevices_.find(deviceId);
|
||||
if (iter != objectDevices_.end()) {
|
||||
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
|
||||
if (device == nullptr) {
|
||||
device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
}
|
||||
return device;
|
||||
}
|
||||
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
return device;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::PutDeviceIdUidPair(const std::string deviceId, const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
auto iter = objectDevices_.find(deviceId);
|
||||
if (iter != objectDevices_.end()) {
|
||||
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
|
||||
if (device == nullptr) {
|
||||
device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
}
|
||||
device->AddObjectUid(uid);
|
||||
return;
|
||||
}
|
||||
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
|
||||
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
|
||||
device->AddObjectUid(uid);
|
||||
}
|
||||
std::vector<ObjectDeviceJsonObject> ObjectDevicePermissionRepository::GetDevicesJsonVector()
|
||||
{
|
||||
std::vector<ObjectDeviceJsonObject> objectDeviceJsonObject;
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
std::string deviceId = iter->first;
|
||||
if (iter->second == nullptr) {
|
||||
continue;
|
||||
}
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> objectUids = iter->second->GetUidPermissions();
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator iterU;
|
||||
for (iterU = objectUids.begin(); iterU != objectUids.end(); iterU++) {
|
||||
std::string uid = std::to_string(iterU->second->GetUid());
|
||||
std::set<std::string> grabtedPermissions = iterU->second->GetGrantedPermission();
|
||||
if (grabtedPermissions.size() == 0) {
|
||||
std::string noGrabtedPermission("");
|
||||
ObjectDeviceJsonObject odj = {deviceId, uid, noGrabtedPermission};
|
||||
objectDeviceJsonObject.push_back(odj);
|
||||
}
|
||||
std::set<std::string>::iterator iterSet;
|
||||
for (iterSet = grabtedPermissions.begin(); iterSet != grabtedPermissions.end(); iterSet++) {
|
||||
std::string grabtedPermission = *iterSet;
|
||||
ObjectDeviceJsonObject odj = {deviceId, uid, grabtedPermission};
|
||||
objectDeviceJsonObject.push_back(odj);
|
||||
}
|
||||
}
|
||||
}
|
||||
return objectDeviceJsonObject;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::SaveToFile()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::vector<ObjectDeviceJsonObject> objectDeviceVector = GetDevicesJsonVector();
|
||||
DevicesJsonVector devicesJsonVector = {objectDeviceVector};
|
||||
nlohmann::json j = devicesJsonVector;
|
||||
std::string devicesJsonVectorStr = j.dump();
|
||||
std::ofstream out(repository_file_path_);
|
||||
out << devicesJsonVectorStr << std::endl;
|
||||
out.close();
|
||||
}
|
||||
bool ObjectDevicePermissionRepository::RecoverFromFile()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::ifstream jsonStream(repository_file_path_);
|
||||
if (!jsonStream.good()) {
|
||||
return false;
|
||||
}
|
||||
nlohmann::json jsonResult;
|
||||
jsonStream >> jsonResult;
|
||||
DevicesJsonVector devicesJsonVector = jsonResult.get<DevicesJsonVector>();
|
||||
std::vector<ObjectDeviceJsonObject> devicesJson = devicesJsonVector.devicesJson_;
|
||||
std::string lastTimeDeviceId("");
|
||||
std::string lastTimeUid("");
|
||||
std::set<std::string> lastPermissionSet;
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> lastUniPermissions;
|
||||
for (std::vector<ObjectDeviceJsonObject>::iterator it = devicesJson.begin(); it != devicesJson.end(); it++) {
|
||||
std::string deviceId = it->deviceId_;
|
||||
std::string uid = it->uid_;
|
||||
std::string grabtedPermission = it->grantedPermission_;
|
||||
if ((lastTimeDeviceId != deviceId || lastTimeUid != uid) && !lastTimeUid.empty()) {
|
||||
std::shared_ptr<ObjectUid> uidResult =
|
||||
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
|
||||
lastUniPermissions.insert(
|
||||
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
|
||||
lastPermissionSet.clear();
|
||||
}
|
||||
if (lastTimeDeviceId != deviceId) {
|
||||
if (!lastTimeDeviceId.empty()) {
|
||||
std::shared_ptr<ObjectDevice> objectDeviceResult =
|
||||
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
|
||||
objectDevices_.insert(
|
||||
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
|
||||
lastUniPermissions.clear();
|
||||
}
|
||||
}
|
||||
if (!grabtedPermission.empty()) {
|
||||
lastPermissionSet.insert(grabtedPermission);
|
||||
}
|
||||
lastTimeDeviceId = deviceId;
|
||||
lastTimeUid = uid;
|
||||
}
|
||||
if (devicesJson.size() > 0) {
|
||||
std::shared_ptr<ObjectUid> uidResult =
|
||||
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
|
||||
lastUniPermissions.insert(
|
||||
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
|
||||
std::shared_ptr<ObjectDevice> objectDeviceResult =
|
||||
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
|
||||
objectDevices_.insert(
|
||||
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
std::set<std::string> ObjectDevicePermissionRepository::ListDeviceId(const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::set<std::string> set;
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
if (iter->second->ContainUid(uid)) {
|
||||
set.insert(iter->second->GetDeviceId());
|
||||
}
|
||||
}
|
||||
return set;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::RemoveUid(const int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
iter->second->RemoveObjectUid(uid);
|
||||
}
|
||||
}
|
||||
void ObjectDevicePermissionRepository::RemoveDeviceId(const std::string &deviceId)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
objectDevices_.erase(deviceId);
|
||||
}
|
||||
std::set<int32_t> ObjectDevicePermissionRepository::ListAllUid()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
std::set<int32_t> s;
|
||||
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
|
||||
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> m = iter->second->GetUidPermissions();
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator it;
|
||||
for (it = m.begin(); it != m.end(); it++) {
|
||||
s.insert(it->second->GetUid());
|
||||
}
|
||||
}
|
||||
return s;
|
||||
}
|
||||
void ObjectDevicePermissionRepository::Clear()
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
|
||||
objectDevices_.clear();
|
||||
}
|
||||
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector)
|
||||
{
|
||||
std::vector<std::string> deviceStrings;
|
||||
for (const ObjectDeviceJsonObject &objectDeviceJsonObject : devicesJsonVector.devicesJson_) {
|
||||
std::string deviceStr;
|
||||
objectDeviceJsonObject.ToJsonString(deviceStr);
|
||||
deviceStrings.emplace_back(deviceStr);
|
||||
}
|
||||
jsonObject[JSON_KEY_DEVICE_JSON] = deviceStrings;
|
||||
}
|
||||
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector)
|
||||
{
|
||||
if (jsonObject.find(JSON_KEY_DEVICE_JSON) != jsonObject.end()) {
|
||||
std::vector<std::string> deviceStrings = jsonObject.at(JSON_KEY_DEVICE_JSON).get<std::vector<std::string>>();
|
||||
for (std::string &deviceStr : deviceStrings) {
|
||||
ObjectDeviceJsonObject objectDeviceJsonObject;
|
||||
objectDeviceJsonObject.FromJsonString(deviceStr);
|
||||
devicesJsonVector.devicesJson_.emplace_back(objectDeviceJsonObject);
|
||||
}
|
||||
}
|
||||
}
|
||||
ObjectDevice::ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions)
|
||||
: deviceId_(deviceId)
|
||||
{
|
||||
for (auto it = uniPermissions.begin(); it != uniPermissions.end(); it++) {
|
||||
uniPermissions_.insert(*it);
|
||||
}
|
||||
}
|
||||
std::string ObjectDevice::GetDeviceId() const
|
||||
{
|
||||
return deviceId_;
|
||||
}
|
||||
bool ObjectDevice::ContainUid(int32_t uid) const
|
||||
{
|
||||
return uniPermissions_.find(uid) != uniPermissions_.end();
|
||||
}
|
||||
std::map<int32_t, std::shared_ptr<ObjectUid>> ObjectDevice::GetUidPermissions()
|
||||
{
|
||||
return uniPermissions_;
|
||||
}
|
||||
void ObjectDevice::AddObjectUid(int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
|
||||
uniPermissions_.insert(std::pair<int32_t, std::shared_ptr<ObjectUid>>(uid, std::make_shared<ObjectUid>(uid)));
|
||||
}
|
||||
void ObjectDevice::RemoveObjectUid(int32_t uid)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
|
||||
uniPermissions_.erase(uid);
|
||||
}
|
||||
void ObjectDevice::ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
|
||||
if (ContainUid(uid)) {
|
||||
auto iter = uniPermissions_.find(uid);
|
||||
if (iter != uniPermissions_.end()) {
|
||||
uniPermissions_.at(uid)->ResetGrantSensitivePermission(permissions);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bool ObjectDevice::IsGrantPermission(int32_t uid, std::string permission)
|
||||
{
|
||||
if (ContainUid(uid)) {
|
||||
auto iter = uniPermissions_.find(uid);
|
||||
if (iter != uniPermissions_.end()) {
|
||||
return uniPermissions_.at(uid)->IsGrantPermission(permission);
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
int32_t ObjectUid::GetUid()
|
||||
{
|
||||
return uid_;
|
||||
}
|
||||
std::set<std::string> ObjectUid::GetGrantedPermission() const
|
||||
{
|
||||
return grantedPermission_;
|
||||
}
|
||||
|
||||
void ObjectUid::ResetGrantSensitivePermission(std::set<std::string> permissions)
|
||||
{
|
||||
std::lock_guard<std::recursive_mutex> guard(object_uid_locl_);
|
||||
if (permissions.size() == 0) {
|
||||
return;
|
||||
}
|
||||
grantedPermission_.clear();
|
||||
std::set<std::string>::iterator iter;
|
||||
for (iter = permissions.begin(); iter != permissions.end(); iter++) {
|
||||
if (BaseRemoteCommand::IsSensitiveResource(*iter)) {
|
||||
grantedPermission_.insert(*iter);
|
||||
}
|
||||
}
|
||||
}
|
||||
bool ObjectUid::IsGrantPermission(std::string permission) const
|
||||
{
|
||||
return grantedPermission_.count(permission) > 0;
|
||||
}
|
||||
ObjectUid::ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission) : uid_(uid)
|
||||
{
|
||||
std::set<std::string>::iterator it;
|
||||
for (auto it = grabtedPermission.begin(); it != grabtedPermission.end(); it++) {
|
||||
grantedPermission_.insert(*it);
|
||||
}
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
@ -1,166 +1,169 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_bms_manager.h"
|
||||
#include "monitor_manager.h"
|
||||
#include "distributed_data_validator.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionBmsManager"};
|
||||
}
|
||||
namespace {
|
||||
static const std::string TAG = "PERMISSION_BMS_MANAGER";
|
||||
}
|
||||
|
||||
PermissionBmsManager::PermissionBmsManager()
|
||||
: iBundleManager_(nullptr), iPermissionManager_(nullptr), permissionFetcher_(nullptr), appInfoFetcher_(nullptr)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "PermissionBmsManager()");
|
||||
}
|
||||
|
||||
PermissionBmsManager::~PermissionBmsManager()
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "~PermissionBmsManager()");
|
||||
}
|
||||
|
||||
PermissionBmsManager &PermissionBmsManager::GetInstance()
|
||||
{
|
||||
static PermissionBmsManager instance;
|
||||
return instance;
|
||||
}
|
||||
|
||||
int PermissionBmsManager::Init()
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "Init begin");
|
||||
appInfoFetcher_ = std::make_shared<AppInfoFetcher>();
|
||||
if (appInfoFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "construct AppInfoFetcher failed.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "construct ExternalDeps failed.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "construct PermissionFetcher failed.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
PermissionListener::Init();
|
||||
|
||||
std::function<void(int uid, const std::string &packageName)> callback =
|
||||
std::bind(&AppInfoFetcher::RemoveAttributeBuffer, appInfoFetcher_, std::placeholders::_1);
|
||||
auto callbackPtr = std::make_shared<MonitorManager::OnPermissionChangedCallback>(callback);
|
||||
MonitorManager::GetInstance().AddOnPermissionChangedListener(TAG, callbackPtr);
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "Init end");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t PermissionBmsManager::GetPermissions(int32_t uid, UidBundleBo &info)
|
||||
{
|
||||
if (!DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "parameter invalid. uid: %{public}d", uid);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
return permissionFetcher_->GetPermissions(uid, info);
|
||||
}
|
||||
|
||||
int32_t PermissionBmsManager::GetRegrantedPermissions(UidBundleBo &pInfo, UidBundleBo &rInfo)
|
||||
{
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
return permissionFetcher_->GetRegrantedPermissions(pInfo, rInfo);
|
||||
}
|
||||
|
||||
bool PermissionBmsManager::IsSystemSignatureUid(const int32_t &uid)
|
||||
{
|
||||
if (uid < 0) {
|
||||
return false;
|
||||
}
|
||||
if (uid % Constant::PER_USER_RANGE < Constant::FIRST_APPLICATION_UID) {
|
||||
return true;
|
||||
}
|
||||
|
||||
std::shared_ptr<ExternalDeps> externalDeps = std::make_shared<ExternalDeps>();
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
|
||||
std::vector<std::string> bundleNames;
|
||||
if (!iBundleManager_->GetBundlesForUid(uid, bundleNames)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get bundleName. uid: %{public}d", uid);
|
||||
return false;
|
||||
}
|
||||
|
||||
for (auto bundleName : bundleNames) {
|
||||
AppExecFwk::BundleInfo bundleInfo;
|
||||
if (iBundleManager_->GetBundleInfo(bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo)) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "getPermissions cannot get BundleInfo. bundleName: %{public}s", bundleName.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
int32_t attribute = AppInfoFetcher::GetInstance().GetAppAttribute(uid, bundleInfo);
|
||||
if (attribute < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get appAttribute. uid: %{public}d", uid);
|
||||
return false;
|
||||
}
|
||||
int32_t key = static_cast<int32_t>(AppAttribute::APP_ATTRIBUTE_SIGNED_WITH_PLATFORM_KEY);
|
||||
|
||||
if (((uint32_t)attribute & (uint32_t)key) != 0) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
int PermissionBmsManager::InitSystemDefinedPermissions()
|
||||
{
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "InitSystemDefinedPermissions should not used.");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
void PermissionBmsManager::ReGrantDuidPermissions(UidBundleBo &uidBundlePermInfo)
|
||||
{
|
||||
if (uidBundlePermInfo.remoteSensitivePermission.size() == 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:invalid params.");
|
||||
return;
|
||||
}
|
||||
|
||||
PermissionReGranter::ReGrantDuidPermissions(uidBundlePermInfo);
|
||||
}
|
||||
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_bms_manager.h"
|
||||
#include "monitor_manager.h"
|
||||
#include "distributed_data_validator.h"
|
||||
#include "bms_adapter.h"
|
||||
#include "pms_adapter.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionBmsManager"};
|
||||
}
|
||||
namespace {
|
||||
static const std::string TAG = "PERMISSION_BMS_MANAGER";
|
||||
}
|
||||
|
||||
PermissionBmsManager::PermissionBmsManager()
|
||||
: iBundleManager_(nullptr), iPermissionManager_(nullptr), permissionFetcher_(nullptr), appInfoFetcher_(nullptr)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "PermissionBmsManager()");
|
||||
}
|
||||
|
||||
PermissionBmsManager::~PermissionBmsManager()
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "~PermissionBmsManager()");
|
||||
}
|
||||
|
||||
PermissionBmsManager &PermissionBmsManager::GetInstance()
|
||||
{
|
||||
static PermissionBmsManager instance;
|
||||
return instance;
|
||||
}
|
||||
|
||||
int PermissionBmsManager::Init()
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "Init begin");
|
||||
appInfoFetcher_ = std::make_shared<AppInfoFetcher>();
|
||||
if (appInfoFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "construct AppInfoFetcher failed.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "construct bmsAdapter or pmsAdapter failed.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "construct PermissionFetcher failed.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
PermissionListener::Init();
|
||||
|
||||
std::function<void(int uid, const std::string &packageName)> callback =
|
||||
std::bind(&AppInfoFetcher::RemoveAttributeBuffer, appInfoFetcher_, std::placeholders::_1);
|
||||
auto callbackPtr = std::make_shared<MonitorManager::OnPermissionChangedCallback>(callback);
|
||||
MonitorManager::GetInstance().AddOnPermissionChangedListener(TAG, callbackPtr);
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "Init end");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
int32_t PermissionBmsManager::GetPermissions(int32_t uid, UidBundleBo &info)
|
||||
{
|
||||
if (!DistributedDataValidator::IsUidValid(uid)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "parameter invalid. uid: %{public}d", uid);
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
return permissionFetcher_->GetPermissions(uid, info);
|
||||
}
|
||||
|
||||
int32_t PermissionBmsManager::GetRegrantedPermissions(UidBundleBo &pInfo, UidBundleBo &rInfo)
|
||||
{
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
return permissionFetcher_->GetRegrantedPermissions(pInfo, rInfo);
|
||||
}
|
||||
|
||||
bool PermissionBmsManager::IsSystemSignatureUid(const int32_t &uid)
|
||||
{
|
||||
if (uid < 0) {
|
||||
return false;
|
||||
}
|
||||
if (uid % Constant::PER_USER_RANGE < Constant::FIRST_APPLICATION_UID) {
|
||||
return true;
|
||||
}
|
||||
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
|
||||
std::vector<std::string> bundleNames;
|
||||
if (!iBundleManager_->GetBundlesForUid(uid, bundleNames)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get bundleName. uid: %{public}d", uid);
|
||||
return false;
|
||||
}
|
||||
|
||||
for (auto bundleName : bundleNames) {
|
||||
AppExecFwk::BundleInfo bundleInfo;
|
||||
if (iBundleManager_->GetBundleInfo(bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo)) {
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "getPermissions cannot get BundleInfo. bundleName: %{public}s", bundleName.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
int32_t attribute = AppInfoFetcher::GetInstance().GetAppAttribute(uid, bundleInfo);
|
||||
if (attribute < 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get appAttribute. uid: %{public}d", uid);
|
||||
return false;
|
||||
}
|
||||
int32_t key = static_cast<int32_t>(AppAttribute::APP_ATTRIBUTE_SIGNED_WITH_PLATFORM_KEY);
|
||||
|
||||
if (((uint32_t)attribute & (uint32_t)key) != 0) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
int PermissionBmsManager::InitSystemDefinedPermissions()
|
||||
{
|
||||
if (permissionFetcher_ == nullptr) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
|
||||
return Constant::FAILURE;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "InitSystemDefinedPermissions should not used.");
|
||||
return Constant::SUCCESS;
|
||||
}
|
||||
|
||||
void PermissionBmsManager::ReGrantDuidPermissions(UidBundleBo &uidBundlePermInfo)
|
||||
{
|
||||
if (uidBundlePermInfo.remoteSensitivePermission.size() == 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:invalid params.");
|
||||
return;
|
||||
}
|
||||
|
||||
PermissionReGranter::ReGrantDuidPermissions(uidBundlePermInfo);
|
||||
}
|
||||
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
|
@ -1,54 +1,54 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_definition.h"
|
||||
#include "permission_kit.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionDefinition"};
|
||||
}
|
||||
PermissionDefinition &PermissionDefinition::GetInstance()
|
||||
{
|
||||
static PermissionDefinition instance;
|
||||
return instance;
|
||||
}
|
||||
PermissionDefinition::PermissionDefinition()
|
||||
{}
|
||||
PermissionDefinition::~PermissionDefinition()
|
||||
{}
|
||||
bool PermissionDefinition::IsRestrictedPermission(const std::string &permissionName)
|
||||
{
|
||||
if (!DistributedDataValidator::IsPermissionNameValid(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionName data invalid");
|
||||
return false;
|
||||
}
|
||||
PermissionDefParcel permissionDefParcel;
|
||||
PermissionDef permissionDefResult = permissionDefParcel.permissionDef;
|
||||
int ret = Permission::PermissionKit::GetDefPermission(permissionName, permissionDefResult);
|
||||
if (ret != 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "get permission def failed");
|
||||
return false;
|
||||
}
|
||||
if (permissionDefResult.availableScope == Permission::AvailableScope::AVAILABLE_SCOPE_RESTRICTED) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_definition.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionDefinition"};
|
||||
}
|
||||
PermissionDefinition &PermissionDefinition::GetInstance()
|
||||
{
|
||||
static PermissionDefinition instance;
|
||||
return instance;
|
||||
}
|
||||
PermissionDefinition::PermissionDefinition()
|
||||
{}
|
||||
PermissionDefinition::~PermissionDefinition()
|
||||
{}
|
||||
bool PermissionDefinition::IsRestrictedPermission(const std::string &permissionName)
|
||||
{
|
||||
if (!DistributedDataValidator::IsPermissionNameValid(permissionName)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "PermissionName data invalid");
|
||||
return false;
|
||||
}
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
PermissionDefParcel permissionDefResult;
|
||||
int ret = iPermissionManager_->GetDefPermission(permissionName, permissionDefResult);
|
||||
if (ret != 0) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "get permission def failed");
|
||||
return false;
|
||||
}
|
||||
if (permissionDefResult.permissionDef.availableScope == Permission::AvailableScope::AVAILABLE_SCOPE_RESTRICTED) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -1,148 +1,150 @@
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_re_granter.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionReGranter"};
|
||||
}
|
||||
void PermissionReGranter::ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo)
|
||||
{
|
||||
if (BaseRemoteCommand::IsValid(uidBundlePermInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:No remoteSensitivePermission need to reGrand");
|
||||
return;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "begin");
|
||||
|
||||
for (auto item = uidBundlePermInfo.bundles.at(0).permissions.begin();
|
||||
item != uidBundlePermInfo.bundles.at(0).permissions.end();
|
||||
item++) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "loop, status: %{public}d, grant mode: %{public}d", item->status, item->grantMode);
|
||||
PermissionDefParcel permInfo;
|
||||
|
||||
GetPermissionInfoNoThrow(item->name, permInfo);
|
||||
|
||||
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
|
||||
SetStatusGranted(true, *item);
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "ReGrantDuidPermissions: remote permission granted due to normal protect level");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (item->grantMode == USER_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
|
||||
SetStatusGranted(IsRemoteGranted(*item), *item);
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "ReGrantDuidPermissions: remote permission set granted due to remote granted status");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope == AVAILABLE_SCOPE_RESTRICTED) {
|
||||
bool isSignaturePermissionGranted = VerifySignatruePermission(permInfo, uidBundlePermInfo);
|
||||
SetStatusGranted(isSignaturePermissionGranted, *item);
|
||||
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions: remote permission set granted");
|
||||
continue;
|
||||
}
|
||||
|
||||
SetStatusGranted(false, *item);
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "ReGrantDuidPermissions: remote permission set no granted due to unknown availableScope");
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "end");
|
||||
}
|
||||
|
||||
void PermissionReGranter::GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo)
|
||||
{
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
if (externalDeps == nullptr) {
|
||||
PERMISSION_LOG_INFO(LABEL, "getPermissionInfoNoThrow::externalDeps is nullptr.");
|
||||
return;
|
||||
}
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
|
||||
iPermissionManager_->GetDefPermission(permission, permInfo);
|
||||
}
|
||||
|
||||
bool PermissionReGranter::VerifySignatruePermission(
|
||||
const PermissionDefParcel &permInfo, const UidBundleBo &uidBundlePermInfo)
|
||||
{
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
|
||||
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
|
||||
|
||||
AppExecFwk::BundleInfo bundleInfo;
|
||||
int result = iBundleManager_->GetBundleInfo(
|
||||
permInfo.permissionDef.bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo);
|
||||
if (!result) {
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"%{public}s cannot get bundleInfo by bundleName %{public}s",
|
||||
__func__,
|
||||
permInfo.permissionDef.bundleName.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if (bundleInfo.defPermissions.size() != uidBundlePermInfo.remoteSensitivePermission.size()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
std::set<std::string>::iterator permName = uidBundlePermInfo.remoteSensitivePermission.begin();
|
||||
while (permName != uidBundlePermInfo.remoteSensitivePermission.end()) {
|
||||
if (find(bundleInfo.defPermissions.begin(), bundleInfo.defPermissions.end(), *permName) ==
|
||||
bundleInfo.defPermissions.end()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool PermissionReGranter::IsGranted(const PermissionDto& permission)
|
||||
{
|
||||
return (permission.status & FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) != 0;
|
||||
}
|
||||
|
||||
bool PermissionReGranter::IsRemoteGranted(const PermissionDto& permission)
|
||||
{
|
||||
return (permission.status & FLAG_PERMISSION_STATUS_REMOTE_GRANTED) != 0;
|
||||
}
|
||||
|
||||
void PermissionReGranter::SetStatusGranted(const bool isGranted, PermissionDto& permission)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "begin, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
|
||||
if (isGranted) {
|
||||
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) &
|
||||
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED);
|
||||
} else {
|
||||
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED) &
|
||||
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED);
|
||||
}
|
||||
PERMISSION_LOG_DEBUG(LABEL, "end, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
|
||||
}
|
||||
|
||||
void PermissionReGranter::SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission)
|
||||
{
|
||||
if (isRemoteGranted) {
|
||||
permission.status |= FLAG_PERMISSION_STATUS_REMOTE_GRANTED;
|
||||
} else {
|
||||
permission.status &= (~FLAG_PERMISSION_STATUS_REMOTE_GRANTED);
|
||||
}
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
/*
|
||||
* Copyright (c) 2021 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "permission_re_granter.h"
|
||||
#include "bms_adapter.h"
|
||||
#include "pms_adapter.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace Security {
|
||||
namespace Permission {
|
||||
namespace {
|
||||
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionReGranter"};
|
||||
}
|
||||
void PermissionReGranter::ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo)
|
||||
{
|
||||
if (BaseRemoteCommand::IsValid(uidBundlePermInfo)) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:No remoteSensitivePermission need to reGrand");
|
||||
return;
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "begin");
|
||||
|
||||
for (auto item = uidBundlePermInfo.bundles.at(0).permissions.begin();
|
||||
item != uidBundlePermInfo.bundles.at(0).permissions.end();
|
||||
item++) {
|
||||
PERMISSION_LOG_DEBUG(LABEL, "loop, status: %{public}d, grant mode: %{public}d", item->status, item->grantMode);
|
||||
PermissionDefParcel permInfo;
|
||||
|
||||
GetPermissionInfoNoThrow(item->name, permInfo);
|
||||
|
||||
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
|
||||
SetStatusGranted(true, *item);
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "ReGrantDuidPermissions: remote permission granted due to normal protect level");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (item->grantMode == USER_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
|
||||
SetStatusGranted(IsRemoteGranted(*item), *item);
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "ReGrantDuidPermissions: remote permission set granted due to remote granted status");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope == AVAILABLE_SCOPE_RESTRICTED) {
|
||||
bool isSignaturePermissionGranted = VerifySignatruePermission(permInfo, uidBundlePermInfo);
|
||||
SetStatusGranted(isSignaturePermissionGranted, *item);
|
||||
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions: remote permission set granted");
|
||||
continue;
|
||||
}
|
||||
|
||||
SetStatusGranted(false, *item);
|
||||
PERMISSION_LOG_ERROR(
|
||||
LABEL, "ReGrantDuidPermissions: remote permission set no granted due to unknown availableScope");
|
||||
}
|
||||
|
||||
PERMISSION_LOG_DEBUG(LABEL, "end");
|
||||
}
|
||||
|
||||
void PermissionReGranter::GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo)
|
||||
{
|
||||
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
|
||||
if (pmsAdapter == nullptr) {
|
||||
PERMISSION_LOG_INFO(LABEL, "getPermissionInfoNoThrow::pmsAdapter is nullptr.");
|
||||
return;
|
||||
}
|
||||
sptr<Permission::IPermissionManager> iPermissionManager_;
|
||||
iPermissionManager_ = pmsAdapter->GetPermissionManager();
|
||||
iPermissionManager_->GetDefPermission(permission, permInfo);
|
||||
}
|
||||
|
||||
bool PermissionReGranter::VerifySignatruePermission(
|
||||
const PermissionDefParcel &permInfo, const UidBundleBo &uidBundlePermInfo)
|
||||
{
|
||||
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
|
||||
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
|
||||
iBundleManager_ = bmsAdapter->GetBundleManager();
|
||||
|
||||
AppExecFwk::BundleInfo bundleInfo;
|
||||
int result = iBundleManager_->GetBundleInfo(
|
||||
permInfo.permissionDef.bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo);
|
||||
if (!result) {
|
||||
PERMISSION_LOG_INFO(LABEL,
|
||||
"%{public}s cannot get bundleInfo by bundleName %{public}s",
|
||||
__func__,
|
||||
permInfo.permissionDef.bundleName.c_str());
|
||||
return false;
|
||||
}
|
||||
|
||||
if (bundleInfo.defPermissions.size() != uidBundlePermInfo.remoteSensitivePermission.size()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
std::set<std::string>::iterator permName = uidBundlePermInfo.remoteSensitivePermission.begin();
|
||||
while (permName != uidBundlePermInfo.remoteSensitivePermission.end()) {
|
||||
if (find(bundleInfo.defPermissions.begin(), bundleInfo.defPermissions.end(), *permName) ==
|
||||
bundleInfo.defPermissions.end()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool PermissionReGranter::IsGranted(const PermissionDto& permission)
|
||||
{
|
||||
return (permission.status & FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) != 0;
|
||||
}
|
||||
|
||||
bool PermissionReGranter::IsRemoteGranted(const PermissionDto& permission)
|
||||
{
|
||||
return (permission.status & FLAG_PERMISSION_STATUS_REMOTE_GRANTED) != 0;
|
||||
}
|
||||
|
||||
void PermissionReGranter::SetStatusGranted(const bool isGranted, PermissionDto& permission)
|
||||
{
|
||||
PERMISSION_LOG_DEBUG(LABEL, "begin, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
|
||||
if (isGranted) {
|
||||
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) &
|
||||
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED);
|
||||
} else {
|
||||
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED) &
|
||||
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED);
|
||||
}
|
||||
PERMISSION_LOG_DEBUG(LABEL, "end, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
|
||||
}
|
||||
|
||||
void PermissionReGranter::SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission)
|
||||
{
|
||||
if (isRemoteGranted) {
|
||||
permission.status |= FLAG_PERMISSION_STATUS_REMOTE_GRANTED;
|
||||
} else {
|
||||
permission.status &= (~FLAG_PERMISSION_STATUS_REMOTE_GRANTED);
|
||||
}
|
||||
}
|
||||
} // namespace Permission
|
||||
} // namespace Security
|
||||
} // namespace OHOS
|
@ -41,7 +41,7 @@ RequestPermissionsInfo::RequestPermissionsInfo(const std::vector<std::string> pe
|
||||
timeStringStream << std::put_time(std::localtime(&time), "%H%M%S");
|
||||
requestId_ = deviceId + timeStringStream.str();
|
||||
}
|
||||
bool RequestPermissionsInfo::NeedStopProcess()
|
||||
bool RequestPermissionsInfo::NeedStopProcess() const
|
||||
{
|
||||
if (permissions_.empty()) {
|
||||
PERMISSION_LOG_ERROR(LABEL, "requestPermissionsFromRemote permissions is null");
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user