openharmony/security_permission
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_permission synced 2024-10-07 10:13:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

modify for codereview

Browse Source 
Signed-off-by: xbingle <xiaobin3@huawei.com>
This commit is contained in:
xbingle 2021-11-12 19:08:11 +08:00
parent 89b3ae7bff
commit ae6806ed79
224 changed files with 9610 additions and 7937 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
BUILD.gn
View File

@ -38,8 +38,8 @@ group("permission_build_module_standard_test") {
group("distributed_permission") {
if (is_standard_system) {
deps = [
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
"${distributed_permission_record_database_path}:permission_standard_infrastructure_record_database",
"${distributed_permission_services_path}:distributed_permission_services",
"${distributed_permission_services_path}/main/sa_profile:distributed_permission_sa_profile_standard",
]

39
frameworks/permission_standard/permissioncommunicationadapter/BUILD.gn
View File

@ -11,6 +11,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import("//base/security/permission/permission.gni")
import("//build/ohos.gni")
################################################################
@ -20,7 +21,13 @@ config("permission_standard_communication_adapter_cxx_public_config") {
visibility = [ ":*" ]
include_dirs = [
"main/cpp/include",
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"//base/security/permission/services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/common",
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include",
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr",
"//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp/include",
]
}
@ -32,14 +39,38 @@ ohos_shared_library("permission_standard_communication_adapter_cxx") {
[ ":permission_standard_communication_adapter_cxx_public_config" ]
include_dirs = [
"main/cpp/include",
"main/cpp/src",
"//utils/native/base/include",
]
sources = [ "main/cpp/src/permission_def_parcel.cpp" ]
sources = [
"main/cpp/src/ams_adapter.cpp",
"main/cpp/src/app_id_info.cpp",
"main/cpp/src/bms_adapter.cpp",
"main/cpp/src/permission_def_parcel.cpp",
"main/cpp/src/pms_adapter.cpp",
]
deps = [ "//utils/native/base:utils" ]
deps = [
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
"//foundation/aafwk/standard/interfaces/innerkits/base:base",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core",
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
external_deps = [ "ipc:ipc_core" ]
#"//foundation/communication/dsoftbus/core/frame/standard/client:softbus_client",
"//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp:devicemanagersdk",
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
"//utils/native/base:utils",
]
external_deps = [
"aafwk_standard:want",
"dsoftbus_standard:softbus_client",
"hiviewdfx_hilog_native:libhilog",
"ipc:ipc_core",
]
cflags_cc = [ "-DHILOG_ENABLE" ]
}

46
frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/ams_adapter.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef AMS_ADAPTER_H
#define AMS_ADAPTER_H
#include <memory>
#include <mutex>
#include <string>
#include <unordered_map>
#include "constant.h"
#include "ability_manager_interface.h"
#include "if_system_ability_manager.h"
namespace OHOS {
namespace Security {
namespace Permission {
class AmsAdapter {
public:
AmsAdapter() = default;
virtual ~AmsAdapter() = default;
sptr<AAFwk::IAbilityManager> GetAbilityManager();
private:
OHOS::sptr<ISystemAbilityManager> saMgr_;
std::mutex saMutex_;
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
sptr<AAFwk::IAbilityManager> iAbilityManager_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // AMS_ADAPTER_H

0
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/app_id_info.h → frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/app_id_info.h
View File

97
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/common/external_deps.h → frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/bms_adapter.h
View File

@ -1,49 +1,48 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef EXTERNAL_DEPS_H
#define EXTERNAL_DEPS_H
#include <memory>
#include <mutex>
#include <string>
#include <unordered_map>
#include "bundle_mgr_interface.h"
#include "constant.h"
#include "i_permission_manager.h"
#include "ability_manager_interface.h"
#include "if_system_ability_manager.h"
#include "ans_manager_interface.h"
namespace OHOS {
namespace Security {
namespace Permission {
class ExternalDeps {
public:
ExternalDeps() = default;
virtual ~ExternalDeps() = default;
sptr<AppExecFwk::IBundleMgr> GetBundleManager(sptr<AppExecFwk::IBundleMgr> iBundleManager_);
sptr<Permission::IPermissionManager> GetPermissionManager(sptr<Permission::IPermissionManager> iPermissionManager_);
sptr<AAFwk::IAbilityManager> GetAbilityManager(sptr<AAFwk::IAbilityManager> iAbilityManager_);
private:
OHOS::sptr<ISystemAbilityManager> saMgr_;
std::mutex saMutex_;
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // EXTERNAL_DEPS_H
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef BMS_ADAPTER_H
#define BMS_ADAPTER_H
#include <memory>
#include <mutex>
#include <string>
#include <unordered_map>
#include "bundle_mgr_interface.h"
#include "constant.h"
#include "i_permission_manager.h"
#include "ability_manager_interface.h"
#include "if_system_ability_manager.h"
namespace OHOS {
namespace Security {
namespace Permission {
class BmsAdapter {
public:
BmsAdapter() = default;
virtual ~BmsAdapter() = default;
sptr<AppExecFwk::IBundleMgr> GetBundleManager();
private:
OHOS::sptr<ISystemAbilityManager> saMgr_;
std::mutex saMutex_;
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // BMS_ADAPTER_H

43
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/idistributed_permission.h → frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/i_distributed_permission.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef PERMISSION_INNERKITS_INCLUDE_IDISRIBUTED_PERMISSION_H
#define PERMISSION_INNERKITS_INCLUDE_IDISRIBUTED_PERMISSION_H
#ifndef PERMISSION_INNERKITS_INCLUDE_I_DISRIBUTED_PERMISSION_H
#define PERMISSION_INNERKITS_INCLUDE_I_DISRIBUTED_PERMISSION_H
#include "iremote_broker.h"
#include "iremote_object.h"
@ -30,7 +30,7 @@ class IDistributedPermission : public IRemoteBroker {
public:
static const int32_t SA_ID_DISTRIBUTED_PERMISSION_MANAGER_SERVICE = 3502;
DECLARE_INTERFACE_DESCRIPTOR(u"ohos.distributedpermission.IDistributedPermission");
DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.permission.IDistributedPermission");
virtual int32_t AllocateDuid(const std::string &nodeId, const int32_t rUid) = 0;
@ -38,8 +38,7 @@ public:
virtual int32_t CheckDPermission(int32_t dUid, const std::string &permissionName) = 0;
virtual int32_t CheckPermission(
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid) = 0;
virtual int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo) = 0;
virtual int32_t CheckSelfPermission(const std::string &permissionName) = 0;
@ -51,8 +50,8 @@ public:
virtual bool IsRestrictedPermission(const std::string &permissionName) = 0;
virtual int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid) = 0;
virtual int32_t VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
const std::string &appIdInfo) = 0;
virtual int32_t VerifySelfPermissionFromRemote(const std::string &permissionName, const std::string &nodeId) = 0;
@ -61,29 +60,25 @@ public:
virtual void RequestPermissionsFromRemote(const std::vector<std::string> permissions,
const sptr<OnRequestPermissionsResult> &callback, const std::string &nodeId, const std::string &bundleName,
int32_t reasonResId) = 0;
virtual void GrantSensitivePermissionToRemoteApp(
const std::string &permissionName, const std::string &nodeId, int32_t ruid) = 0;
virtual void GrantSensitivePermissionToRemoteApp(const std::string &permissionName, const std::string &nodeId,
int32_t ruid) = 0;
virtual int32_t RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) = 0;
virtual int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) = 0;
virtual int32_t CheckPermissionAndStartUsing(
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId) = 0;
virtual int32_t CheckPermissionAndStartUsing(const std::string &permissionName, const std::string &appIdInfo) = 0;
virtual void StartUsingPermission(
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) = 0;
virtual void StartUsingPermission(const std::string &permName, const std::string &appIdInfo) = 0;
virtual void StopUsingPermission(
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) = 0;
virtual void StopUsingPermission(const std::string &permName, const std::string &appIdInfo) = 0;
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId, const int32_t uid,
const int32_t sucCount, const int32_t failCount) = 0;
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
int32_t sucCount, int32_t failCount) = 0;
virtual int32_t GetPermissionRecords(
const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen, std::string &resultStr) = 0;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, std::string &resultStr) = 0;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen,
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr,
const sptr<OnPermissionUsedRecord> &callback) = 0;
enum class MessageCode {
@ -112,8 +107,8 @@ public:
REQUEST_PERMISSION_FROM_REMOTE = 0xf026,
};
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_INNERKITS_INCLUDE_IDISRIBUTED_PERMISSION_H
#endif // PERMISSION_INNERKITS_INCLUDE_I_DISRIBUTED_PERMISSION_H

47
frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include/pms_adapter.h Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PMS_ADAPTER_H
#define PMS_ADAPTER_H
#include <memory>
#include <mutex>
#include <string>
#include <unordered_map>
#include "constant.h"
#include "i_permission_manager.h"
#include "ability_manager_interface.h"
#include "if_system_ability_manager.h"
namespace OHOS {
namespace Security {
namespace Permission {
class PmsAdapter {
public:
PmsAdapter() = default;
virtual ~PmsAdapter() = default;
sptr<Permission::IPermissionManager> GetPermissionManager();
private:
OHOS::sptr<ISystemAbilityManager> saMgr_;
std::mutex saMutex_;
sptr<IRemoteObject> GetSystemAbility(const Constant::ServiceId systemAbilityId);
sptr<Permission::IPermissionManager> iPermissionManager_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PMS_ADAPTER_H

60
frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/ams_adapter.cpp Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ams_adapter.h"
#include "permission_log.h"
#include "ipc_skeleton.h"
#include "if_system_ability_manager.h"
#include "iservice_registry.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "AmsAdapter"};
}
sptr<AAFwk::IAbilityManager> AmsAdapter::GetAbilityManager()
{
if (iAbilityManager_ == nullptr) {
auto abilityObj = GetSystemAbility(Constant::ABILITY_MST_SERVICE_ID);
if (abilityObj == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "failed to get ability manager service.");
return nullptr;
}
iAbilityManager_ = iface_cast<AAFwk::IAbilityManager>(abilityObj);
}
return iAbilityManager_;
}
sptr<IRemoteObject> AmsAdapter::GetSystemAbility(const Constant::ServiceId systemAbilityId)
{
if (saMgr_ == nullptr) {
std::lock_guard<std::mutex> lock(saMutex_);
if (saMgr_ == nullptr) {
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (saMgr_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
return nullptr;
}
}
}
return saMgr_->GetSystemAbility(systemAbilityId);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

66
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/app_id_info.cpp → frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/app_id_info.cpp
View File

@ -1,33 +1,33 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "app_id_info.h"
namespace OHOS {
namespace Security {
namespace Permission {
bool AppIdInfo::Valid() const
{
if (this->pid < 0) {
return false;
}
if (this->uid < 0) {
return false;
}
return this->deviceId.length() <= MAX_DEVICE_ID_LENGTH;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "app_id_info.h"
namespace OHOS {
namespace Security {
namespace Permission {
bool AppIdInfo::Valid() const
{
if (this->pid < 0) {
return false;
}
if (this->uid < 0) {
return false;
}
return this->deviceId.length() <= MAX_DEVICE_ID_LENGTH;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

60
frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/bms_adapter.cpp Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "bms_adapter.h"
#include "permission_log.h"
#include "ipc_skeleton.h"
#include "if_system_ability_manager.h"
#include "iservice_registry.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "BmsAdapter"};
}
sptr<AppExecFwk::IBundleMgr> BmsAdapter::GetBundleManager()
{
if (iBundleManager_ == nullptr) {
auto bundleObj = GetSystemAbility(Constant::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
if (bundleObj == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "failed to get bundle manager service.");
return nullptr;
}
iBundleManager_ = iface_cast<AppExecFwk::IBundleMgr>(bundleObj);
}
return iBundleManager_;
}
sptr<IRemoteObject> BmsAdapter::GetSystemAbility(const Constant::ServiceId systemAbilityId)
{
if (saMgr_ == nullptr) {
std::lock_guard<std::mutex> lock(saMutex_);
if (saMgr_ == nullptr) {
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (saMgr_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
return nullptr;
}
}
}
return saMgr_->GetSystemAbility(systemAbilityId);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

148
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/common/external_deps.cpp → frameworks/permission_standard/permissioncommunicationadapter/main/cpp/src/pms_adapter.cpp
View File

@ -1,88 +1,60 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "external_deps.h"
#include "permission_log.h"
#include "ipc_skeleton.h"
#include "if_system_ability_manager.h"
#include "iservice_registry.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ExternalDeps"};
}
sptr<AppExecFwk::IBundleMgr> ExternalDeps::GetBundleManager(sptr<AppExecFwk::IBundleMgr> iBundleManager_)
{
if (iBundleManager_ == nullptr) {
auto bundleObj = GetSystemAbility(Constant::BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
if (bundleObj == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "failed to get bundle manager service.");
return nullptr;
}
iBundleManager_ = iface_cast<AppExecFwk::IBundleMgr>(bundleObj);
}
return iBundleManager_;
}
sptr<Permission::IPermissionManager> ExternalDeps::GetPermissionManager(
sptr<Permission::IPermissionManager> iPermissionManager_)
{
if (iPermissionManager_ == nullptr) {
auto permissionObj = GetSystemAbility(Constant::SUBSYS_SECURITY_PERMISSION_SYS_SERVICE_ID);
if (permissionObj == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "failed to get permission manager service.");
return nullptr;
}
iPermissionManager_ = iface_cast<Permission::IPermissionManager>(permissionObj);
}
return iPermissionManager_;
}
sptr<AAFwk::IAbilityManager> ExternalDeps::GetAbilityManager(sptr<AAFwk::IAbilityManager> iAbilityManager_)
{
if (iAbilityManager_ == nullptr) {
auto abilityObj = GetSystemAbility(Constant::ABILITY_MST_SERVICE_ID);
if (abilityObj == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "failed to get ability manager service.");
return nullptr;
}
iAbilityManager_ = iface_cast<AAFwk::IAbilityManager>(abilityObj);
}
return iAbilityManager_;
}
sptr<IRemoteObject> ExternalDeps::GetSystemAbility(const Constant::ServiceId systemAbilityId)
{
if (saMgr_ == nullptr) {
std::lock_guard<std::mutex> lock(saMutex_);
if (saMgr_ == nullptr) {
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (saMgr_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
return nullptr;
}
}
}
return saMgr_->GetSystemAbility(systemAbilityId);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "pms_adapter.h"
#include "permission_log.h"
#include "ipc_skeleton.h"
#include "if_system_ability_manager.h"
#include "iservice_registry.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PmsAdapter"};
}
sptr<Permission::IPermissionManager> PmsAdapter::GetPermissionManager()
{
if (iPermissionManager_ == nullptr) {
auto permissionObj = GetSystemAbility(Constant::SUBSYS_SECURITY_PERMISSION_SYS_SERVICE_ID);
if (permissionObj == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "failed to get permission manager service.");
return nullptr;
}
iPermissionManager_ = iface_cast<Permission::IPermissionManager>(permissionObj);
}
return iPermissionManager_;
}
sptr<IRemoteObject> PmsAdapter::GetSystemAbility(const Constant::ServiceId systemAbilityId)
{
if (saMgr_ == nullptr) {
std::lock_guard<std::mutex> lock(saMutex_);
if (saMgr_ == nullptr) {
saMgr_ = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (saMgr_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get Registry.");
return nullptr;
}
}
}
return saMgr_->GetSystemAbility(systemAbilityId);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

28
frameworks/permission_standard/permissionrecorddatabase/BUILD.gn → frameworks/permission_standard/permissiondatabase/BUILD.gn
View File

@ -21,14 +21,9 @@ config("permission_standard_infrastructure_cxx_public_config") {
visibility = [ ":*" ]
include_dirs = [ "main/cpp/include" ]
defines = [
"APP_LOG_TAG = \"DistributedPermission\"",
"LOG_DOMAIN = 0xD001024",
]
}
ohos_shared_library("permission_standard_infrastructure_record_database") {
ohos_shared_library("permission_standard_infrastructure_database") {
subsystem_name = "security"
part_name = "permission_standard"
@ -37,19 +32,20 @@ ohos_shared_library("permission_standard_infrastructure_record_database") {
include_dirs = [
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"//third_party/json/single_include",
"${distributed_permission_services_path}/main/cpp/include/common",
"${distributed_permission_services_path}/main/cpp/include/record",
# "${distributed_permission_services_path}/main/cpp/include/common",
# "${distributed_permission_services_path}/main/cpp/include/record",
]
sources = [
"${distributed_permission_record_database_path}/main/cpp/src/data_storage.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/data_translator.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/generic_values.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_helper.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_storage.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/statement.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/variant_value.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
"${distributed_permission_database_path}/main/cpp/src/data_storage.cpp",
"${distributed_permission_database_path}/main/cpp/src/generic_values.cpp",
"${distributed_permission_database_path}/main/cpp/src/sqlite_helper.cpp",
"${distributed_permission_database_path}/main/cpp/src/sqlite_storage.cpp",
"${distributed_permission_database_path}/main/cpp/src/statement.cpp",
"${distributed_permission_database_path}/main/cpp/src/variant_value.cpp",
# "${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
]
deps = [

15
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/data_storage.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/data_storage.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef DATA_STORAGE_H
#define DATA_STORAGE_H
#ifndef DATA_STORAGE_D_H
#define DATA_STORAGE_D_H
#include <vector>
#include <map>
@ -26,8 +26,13 @@ namespace Security {
namespace Permission {
class DataStorage {
public:
enum DataType { PERMISSION_VISITOR, PERMISSION_RECORD };
enum DataType {
PERMISSION_VISITOR,
PERMISSION_RECORD,
PERMISSION_DEF,
PERMISSIONS_STAT_USER_GRANTED,
PERMISSIONS_STAT_SYSTEM_GRANTED
};
static DataStorage &GetRealDataStorage();
virtual ~DataStorage() = default;
@ -49,4 +54,4 @@ public:
} // namespace Security
} // namespace OHOS
#endif // DATA_STORAGE_H
#endif // DATA_STORAGE_D_H

18
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/field_const.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/field_const.h
View File

@ -13,19 +13,29 @@
* limitations under the License.
*/
#ifndef FIELD_CONST_H
#define FIELD_CONST_H
#ifndef FIELD_CONST_D_H
#define FIELD_CONST_D_H
#include <string>
namespace OHOS {
namespace Security {
namespace Permission {
const std::string FIELD_PERMISSION_NAME = "permission_name";
const std::string FIELD_BUNDLE_NAME = "bundle_name";
const std::string FIELD_GRANT_MODE = "grant_mode";
const std::string FIELD_AVAILABLE_SCOPE = "available_scope";
const std::string FIELD_LABEL = "label";
const std::string FIELD_LABEL_ID = "label_id";
const std::string FIELD_DESCRIPTION = "description";
const std::string FIELD_DESCRIPTION_ID = "description_id";
const std::string FIELD_USER_ID = "user_id";
const std::string FIELD_GRANTED = "granted";
const std::string FIELD_FLAGS = "flags";
const std::string FIELD_ID = "id";
const std::string FIELD_DEVICE_ID = "device_id";
const std::string FIELD_DEVICE_NAME = "device_name";
const std::string FIELD_BUNDLE_USER_ID = "bundle_user_id";
const std::string FIELD_BUNDLE_NAME = "bundle_name";
const std::string FIELD_BUNDLE_LABEL = "bundle_label";
const std::string FIELD_TIMESTAMP = "timestamp";
const std::string FIELD_TIMESTAMP_BEGIN = "timestamp_begin";
@ -42,4 +52,4 @@ const std::string FIELD_FLAG = "flag";
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // FIELD_CONST_H
#endif // FIELD_CONST_D_H

6
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/generic_values.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/generic_values.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef GENERIC_VALUES_H
#define GENERIC_VALUES_H
#ifndef GENERIC_VALUES_D_H
#define GENERIC_VALUES_D_H
#include <map>
#include <vector>
@ -56,4 +56,4 @@ private:
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // GENERIC_VALUES_H
#endif // GENERIC_VALUES_D_H

6
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/sqlite_helper.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/sqlite_helper.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef SQLITE_HELPER_H
#define SQLITE_HELPER_H
#ifndef SQLITE_HELPER_D_H
#define SQLITE_HELPER_D_H
#include <string>
@ -58,4 +58,4 @@ private:
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // SQLITE_HELPER_H
#endif // SQLITE_HELPER_D_H

12
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/sqlite_storage.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/sqlite_storage.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef SQLITE_STORAGE_H
#define SQLITE_STORAGE_H
#ifndef SQLITE_STORAGE_D_H
#define SQLITE_STORAGE_D_H
#include "data_storage.h"
#include "sqlite_helper.h"
@ -63,6 +63,9 @@ private:
std::map<DataType, SqliteTable> dataTypeToSqlTable_;
OHOS::Utils::RWLock rwLock_;
int CreatePermissionDefinitionTable() const;
int CreateSystemGrantedPermissionStateTable() const;
int CreateUserGrantedPermissionStateTable() const;
int CreatePermissionVisitorTable() const;
int CreatePermissionRecordTable() const;
@ -76,6 +79,9 @@ private:
const DataType type, const GenericValues &andConditions, const GenericValues &orConditions) const;
private:
inline static const std::string PERMISSION_DEF_TABLE = "permission_definition_table";
inline static const std::string SYS_GRANTED_PERMISSION_STATE_TABLE = "system_granted_permission_state_table";
inline static const std::string USER_GRANTED_PERMISSION_STATE_TABLE = "user_granted_permission_state_table";
inline static const std::string PERMISSION_VISITOR_TABLE = "permission_visitor_table";
inline static const std::string PERMISSION_RECORD_TABLE = "permission_record_table";
inline static const std::string DATABASE_NAME = "permission_record.db";
@ -86,4 +92,4 @@ private:
} // namespace Security
} // namespace OHOS
#endif // SQLITE_STORAGE_H
#endif // SQLITE_STORAGE_D_H

6
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/statement.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/statement.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef STATEMENT_H
#define STATEMENT_H
#ifndef STATEMENT_D_H
#define STATEMENT_D_H
#include <string>
@ -55,4 +55,4 @@ private:
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // STATEMENT_H
#endif // STATEMENT_D_H

6
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/variant_value.h → frameworks/permission_standard/permissiondatabase/main/cpp/include/variant_value.h
View File

@ -13,8 +13,8 @@
* limitations under the License.
*/
#ifndef VARIANT_VALUE_H
#define VARIANT_VALUE_H
#ifndef VARIANT_VALUE_D_H
#define VARIANT_VALUE_D_H
#include <string>
#include <variant>
@ -52,4 +52,4 @@ private:
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // VARIANT_VALUE_H
#endif // VARIANT_VALUE_D_H

0
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/data_storage.cpp → frameworks/permission_standard/permissiondatabase/main/cpp/src/data_storage.cpp
View File

0
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/generic_values.cpp → frameworks/permission_standard/permissiondatabase/main/cpp/src/generic_values.cpp
View File

5
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/sqlite_helper.cpp → frameworks/permission_standard/permissiondatabase/main/cpp/src/sqlite_helper.cpp
View File

@ -34,18 +34,21 @@ SqliteHelper::~SqliteHelper()
void SqliteHelper::Open()
{
if (db_ != nullptr) {
PERMISSION_LOG_INFO(LABEL, "db file already exist");
return;
}
if (dbName_.empty() || dbPath_.empty() || currentVersion_ < 0) {
PERMISSION_LOG_INFO(LABEL, "dbName is empty or currentVersion less than 0");
return;
}
std::string fileName = dbPath_ + dbName_;
PERMISSION_LOG_INFO(LABEL, "fileName is : %{public}s,", fileName.c_str());
int res = sqlite3_open(fileName.c_str(), &db_);
if (res != SQLITE_OK) {
PERMISSION_LOG_ERROR(LABEL, "Failed to open db: %{public}s", sqlite3_errmsg(db_));
return;
}
PERMISSION_LOG_INFO(LABEL, "currentVersion is %{public}d", currentVersion_);
int version = GetVersion();
if (version == currentVersion_) {
return;

88
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/sqlite_storage.cpp → frameworks/permission_standard/permissiondatabase/main/cpp/src/sqlite_storage.cpp
View File

@ -38,6 +38,9 @@ SqliteStorage::~SqliteStorage()
void SqliteStorage::OnCreate()
{
PERMISSION_LOG_INFO(LABEL, "%{public}s called.", __func__);
CreatePermissionDefinitionTable();
CreateSystemGrantedPermissionStateTable();
CreateUserGrantedPermissionStateTable();
CreatePermissionVisitorTable();
CreatePermissionRecordTable();
}
@ -49,6 +52,26 @@ void SqliteStorage::OnUpdate()
SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATABASE_VERSION)
{
SqliteTable permissionDefTable;
permissionDefTable.tableName_ = PERMISSION_DEF_TABLE;
permissionDefTable.tableColumnNames_ = {FIELD_PERMISSION_NAME,
FIELD_BUNDLE_NAME,
FIELD_GRANT_MODE,
FIELD_AVAILABLE_SCOPE,
FIELD_LABEL,
FIELD_LABEL_ID,
FIELD_DESCRIPTION,
FIELD_DESCRIPTION_ID};
SqliteTable sysGrantPermStatTable;
sysGrantPermStatTable.tableName_ = SYS_GRANTED_PERMISSION_STATE_TABLE;
sysGrantPermStatTable.tableColumnNames_ = {FIELD_BUNDLE_NAME, FIELD_PERMISSION_NAME, FIELD_GRANTED, FIELD_FLAGS};
SqliteTable userGrantPermStatTable;
userGrantPermStatTable.tableName_ = USER_GRANTED_PERMISSION_STATE_TABLE;
userGrantPermStatTable.tableColumnNames_ = {
FIELD_BUNDLE_NAME, FIELD_PERMISSION_NAME, FIELD_USER_ID, FIELD_GRANTED, FIELD_FLAGS};
SqliteTable permissionVisitorTable;
permissionVisitorTable.tableName_ = PERMISSION_VISITOR_TABLE;
permissionVisitorTable.tableColumnNames_ = {
@ -59,7 +82,11 @@ SqliteStorage::SqliteStorage() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATA
permissionRecordTable.tableColumnNames_ = {
FIELD_TIMESTAMP, FIELD_VISITOR_ID, FIELD_OP_CODE, FIELD_IS_FOREGROUND, FIELD_ACCESS_COUNT, FIELD_REJECT_COUNT};
dataTypeToSqlTable_ = {{PERMISSION_VISITOR, permissionVisitorTable}, {PERMISSION_RECORD, permissionRecordTable}};
dataTypeToSqlTable_ = {{PERMISSION_DEF, permissionDefTable},
{PERMISSIONS_STAT_SYSTEM_GRANTED, sysGrantPermStatTable},
{PERMISSIONS_STAT_USER_GRANTED, userGrantPermStatTable},
{PERMISSION_VISITOR, permissionVisitorTable},
{PERMISSION_RECORD, permissionRecordTable}};
Open();
}
@ -315,6 +342,65 @@ std::string SqliteStorage::CreateSelectWithConditionPrepareSqlCmd(
return sql;
}
int SqliteStorage::CreatePermissionDefinitionTable() const
{
auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_DEF);
if (it == dataTypeToSqlTable_.end()) {
return FAILURE;
}
std::string sql = "create table if not exists ";
sql.append(it->second.tableName_ + " (")
.append(FIELD_PERMISSION_NAME + " text not null,")
.append(FIELD_BUNDLE_NAME + " text not null,")
.append(FIELD_GRANT_MODE + " integer not null,")
.append(FIELD_AVAILABLE_SCOPE + " integer not null,")
.append(FIELD_LABEL + " text not null,")
.append(FIELD_LABEL_ID + " integer not null,")
.append(FIELD_DESCRIPTION + " text not null,")
.append(FIELD_DESCRIPTION_ID + " integer not null,")
.append("primary key(" + FIELD_PERMISSION_NAME)
.append("))");
return ExecuteSql(sql);
}
int SqliteStorage::CreateSystemGrantedPermissionStateTable() const
{
auto it = dataTypeToSqlTable_.find(DataType::PERMISSIONS_STAT_SYSTEM_GRANTED);
if (it == dataTypeToSqlTable_.end()) {
return FAILURE;
}
std::string sql = "create table if not exists ";
sql.append(it->second.tableName_ + " (")
.append(FIELD_BUNDLE_NAME + " text not null,")
.append(FIELD_PERMISSION_NAME + " text not null,")
.append(FIELD_GRANTED + " integer not null,")
.append(FIELD_FLAGS + " integer not null,")
.append("primary key(" + FIELD_BUNDLE_NAME)
.append("," + FIELD_PERMISSION_NAME)
.append("))");
return ExecuteSql(sql);
}
int SqliteStorage::CreateUserGrantedPermissionStateTable() const
{
auto it = dataTypeToSqlTable_.find(DataType::PERMISSIONS_STAT_USER_GRANTED);
if (it == dataTypeToSqlTable_.end()) {
return FAILURE;
}
std::string sql = "create table if not exists ";
sql.append(it->second.tableName_ + " (")
.append(FIELD_BUNDLE_NAME + " text not null,")
.append(FIELD_PERMISSION_NAME + " text not null,")
.append(FIELD_USER_ID + " integer not null,")
.append(FIELD_GRANTED + " integer not null,")
.append(FIELD_FLAGS + " integer not null,")
.append("primary key(" + FIELD_BUNDLE_NAME)
.append("," + FIELD_PERMISSION_NAME)
.append("," + FIELD_USER_ID)
.append("))");
return ExecuteSql(sql);
}
int SqliteStorage::CreatePermissionVisitorTable() const
{
auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_VISITOR);

1
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/statement.cpp → frameworks/permission_standard/permissiondatabase/main/cpp/src/statement.cpp
View File

@ -47,6 +47,7 @@ void Statement::Bind(const int index, const std::string &text)
void Statement::Bind(const int index, int value)
{
PERMISSION_LOG_ERROR(LABEL, "index: %{public}d, value: %{public}d", index, value);
if (sqlite3_bind_int(statement_, index, value) != SQLITE_OK) {
PERMISSION_LOG_ERROR(LABEL, "Cannot bind int, errorMsg: %{public}s", sqlite3_errmsg(db_));
}

0
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/variant_value.cpp → frameworks/permission_standard/permissiondatabase/main/cpp/src/variant_value.cpp
View File

51
frameworks/permission_standard/permissionrecorddatabase/main/cpp/include/data_translator.h
View File

@ -1,51 +0,0 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DATA_TRANSLATOR_H
#define DATA_TRANSLATOR_H
#include <string>
#include "bundle_permission_used_record.h"
#include "constant.h"
#include "generic_values.h"
#include "permission_record.h"
#include "permission_visitor.h"
#include "query_permission_used_request.h"
namespace OHOS {
namespace Security {
namespace Permission {
class DataTranslator final {
public:
static int TranslationIntoPermissionRecord(
const GenericValues &inGenericValues, PermissionRecord &outPermissionRecord);
static int TranslationIntoGenericValues(
const PermissionRecord &inPermissionRecord, GenericValues &outGenericValues);
static int TranslationIntoPermissionVisitor(
const GenericValues &inGenericValues, PermissionVisitor &outPermissionVisitor);
static int TranslationIntoGenericValues(
const PermissionVisitor &inPermissionVisitor, GenericValues &outGenericValues);
static int TranslationIntoGenericValues(const QueryPermissionUsedRequest &inQueryRequest,
GenericValues &outVisitorValues, GenericValues &outRecordAndValues, GenericValues &outRecordOrValues);
static int TranslationIntoBundlePermissionUsedRecord(
const GenericValues &inGenericValues, BundlePermissionUsedRecord &outBundleRecord);
static int TranslationIntoPermissionUsedRecord(
const GenericValues &inGenericValues, PermissionUsedRecord &outPermRecord);
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DATA_TRANSLATOR_H

154
frameworks/permission_standard/permissionrecorddatabase/main/cpp/src/data_translator.cpp
View File

@ -1,154 +0,0 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "data_translator.h"
#include "field_const.h"
namespace OHOS {
namespace Security {
namespace Permission {
int DataTranslator::TranslationIntoPermissionRecord(
const GenericValues &inGenericValues, PermissionRecord &outPermissionRecord)
{
outPermissionRecord.timestamp = inGenericValues.GetInt(FIELD_TIMESTAMP);
outPermissionRecord.visitorId = inGenericValues.GetInt(FIELD_VISITOR_ID);
outPermissionRecord.opCode = inGenericValues.GetInt(FIELD_OP_CODE);
outPermissionRecord.isForeground = inGenericValues.GetInt(FIELD_IS_FOREGROUND);
outPermissionRecord.accessCount = inGenericValues.GetInt(FIELD_ACCESS_COUNT);
outPermissionRecord.rejectCount = inGenericValues.GetInt(FIELD_REJECT_COUNT);
return Constant::SUCCESS;
}
int DataTranslator::TranslationIntoGenericValues(
const PermissionRecord &inPermissionRecord, GenericValues &outGenericValues)
{
outGenericValues.Put(FIELD_TIMESTAMP, inPermissionRecord.timestamp);
outGenericValues.Put(FIELD_VISITOR_ID, inPermissionRecord.visitorId);
outGenericValues.Put(FIELD_OP_CODE, inPermissionRecord.opCode);
outGenericValues.Put(FIELD_IS_FOREGROUND, inPermissionRecord.isForeground);
outGenericValues.Put(FIELD_ACCESS_COUNT, inPermissionRecord.accessCount);
outGenericValues.Put(FIELD_REJECT_COUNT, inPermissionRecord.rejectCount);
return Constant::SUCCESS;
}
int DataTranslator::TranslationIntoPermissionVisitor(
const GenericValues &inGenericValues, PermissionVisitor &outPermissionVisitor)
{
outPermissionVisitor.id = inGenericValues.GetInt(FIELD_ID);
outPermissionVisitor.deviceId = inGenericValues.GetString(FIELD_DEVICE_ID);
outPermissionVisitor.deviceName = inGenericValues.GetString(FIELD_DEVICE_NAME);
outPermissionVisitor.bundleUserId = inGenericValues.GetInt(FIELD_BUNDLE_USER_ID);
outPermissionVisitor.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
outPermissionVisitor.bundleLabel = inGenericValues.GetString(FIELD_BUNDLE_LABEL);
return Constant::SUCCESS;
}
int DataTranslator::TranslationIntoGenericValues(
const PermissionVisitor &inPermissionVisitor, GenericValues &outGenericValues)
{
outGenericValues.Put(FIELD_DEVICE_ID, inPermissionVisitor.deviceId);
outGenericValues.Put(FIELD_DEVICE_NAME, inPermissionVisitor.deviceName);
outGenericValues.Put(FIELD_BUNDLE_USER_ID, inPermissionVisitor.bundleUserId);
outGenericValues.Put(FIELD_BUNDLE_NAME, inPermissionVisitor.bundleName);
outGenericValues.Put(FIELD_BUNDLE_LABEL, inPermissionVisitor.bundleLabel);
return Constant::SUCCESS;
}
int DataTranslator::TranslationIntoGenericValues(const QueryPermissionUsedRequest &inQueryRequest,
GenericValues &outVisitorValues, GenericValues &outRecordAndValues, GenericValues &outRecordOrValues)
{
if (!inQueryRequest.deviceLabel.empty()) {
outVisitorValues.Put(FIELD_DEVICE_NAME, inQueryRequest.deviceLabel);
}
if (!inQueryRequest.bundleName.empty()) {
outVisitorValues.Put(FIELD_BUNDLE_NAME, inQueryRequest.bundleName);
}
std::string permissionNames;
for (unsigned int i = 0; i < inQueryRequest.permissionNames.size(); i++) {
int32_t code = 0;
std::string perName = inQueryRequest.permissionNames[i];
if (Constant::PermissionNameToOrFromOpCode(perName, code)) {
outRecordOrValues.Put(FIELD_OP_CODE + ToString(i), code);
}
}
int64_t begin = inQueryRequest.beginTimeMillis;
int64_t end = inQueryRequest.endTimeMillis;
if (begin < 0 || end < 0 || (begin > end && end > 0)) {
return Constant::FAILURE;
}
if (begin != 0) {
outRecordAndValues.Put(FIELD_TIMESTAMP_BEGIN, begin);
}
if (end != 0) {
outRecordAndValues.Put(FIELD_TIMESTAMP_END, end);
}
return Constant::SUCCESS;
}
int DataTranslator::TranslationIntoBundlePermissionUsedRecord(
const GenericValues &inGenericValues, BundlePermissionUsedRecord &outBundleRecord)
{
outBundleRecord.deviceId = inGenericValues.GetString(FIELD_DEVICE_ID);
outBundleRecord.deviceLabel = inGenericValues.GetString(FIELD_DEVICE_NAME);
outBundleRecord.bundleName = inGenericValues.GetString(FIELD_BUNDLE_NAME);
outBundleRecord.bundleLabel = inGenericValues.GetString(FIELD_BUNDLE_LABEL);
return Constant::SUCCESS;
}
int DataTranslator::TranslationIntoPermissionUsedRecord(
const GenericValues &inGenericValues, PermissionUsedRecord &outPermRecord)
{
std::string perName;
int32_t code = inGenericValues.GetInt(FIELD_OP_CODE);
if (!Constant::PermissionNameToOrFromOpCode(perName, code)) {
return Constant::FAILURE;
}
outPermRecord.permissionName = perName;
if (inGenericValues.GetInt(FIELD_IS_FOREGROUND) == 1) {
outPermRecord.accessCountFg = inGenericValues.GetInt(FIELD_ACCESS_COUNT);
outPermRecord.rejectCountFg = inGenericValues.GetInt(FIELD_REJECT_COUNT);
} else {
outPermRecord.accessCountBg = inGenericValues.GetInt(FIELD_ACCESS_COUNT);
outPermRecord.rejectCountBg = inGenericValues.GetInt(FIELD_REJECT_COUNT);
}
if (inGenericValues.GetInt(FIELD_ACCESS_COUNT) > inGenericValues.GetInt(FIELD_REJECT_COUNT)) {
if (inGenericValues.GetInt(FIELD_REJECT_COUNT) != 0) {
outPermRecord.lastRejectTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
}
outPermRecord.lastAccessTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
} else {
if (inGenericValues.GetInt(FIELD_ACCESS_COUNT) != 0) {
outPermRecord.lastAccessTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
}
outPermRecord.lastRejectTime = inGenericValues.GetInt64(FIELD_TIMESTAMP);
}
if (inGenericValues.GetInt(FIELD_FLAG) == 1) {
if (outPermRecord.accessCountFg > 0 || outPermRecord.rejectCountFg > 0) {
(outPermRecord.lastAccessTime > 0)
? outPermRecord.accessRecordFg.emplace_back(outPermRecord.lastAccessTime)
: outPermRecord.rejectRecordFg.emplace_back(outPermRecord.lastRejectTime);
} else {
(outPermRecord.lastAccessTime > 0)
? outPermRecord.accessRecordBg.emplace_back(outPermRecord.lastAccessTime)
: outPermRecord.rejectRecordBg.emplace_back(outPermRecord.lastRejectTime);
}
}
return Constant::SUCCESS;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

19
interfaces/innerkits/permission_standard/distributedpermission/BUILD.gn
View File

@ -34,34 +34,35 @@ config("distributed_permission_innerkits_public_config") {
visibility = [ ":*" ]
include_dirs = [
"//base/security/permission/frameworks/permission_standard/permissioncommunicationadapter/main/cpp/include",
"${distributed_permission_services_path}/main/cpp/include/common",
"${distributed_permission_services_path}/main/cpp/include/record",
"${distributed_permission_services_path}/main/cpp/src/record",
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/distributed_permission",
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
"${distributed_permission_services_path}/main/cpp/include/distributed",
"${distributed_permission_database_path}/main/cpp/include",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
"//third_party/json/single_include",
"//utils/native/base/include",
"//utils/system/safwk/native/include",
"//third_party/json/include",
"//third_party/zlib",
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include",
]
}
ohos_shared_library("distributed_permission_innerkits") {
sources = [
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/app_id_info.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_death_recipient.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_kit.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_manager_client.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_proxy.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_stub.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/bundle_permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
@ -73,18 +74,22 @@ ohos_shared_library("distributed_permission_innerkits") {
public_configs = [ ":distributed_permission_innerkits_public_config" ]
deps = [
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
"${permission_path}/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk:libpermissionsdk_standard",
"//utils/native/base:utils",
]
cflags_cc = [ "-DHILOG_ENABLE" ]
external_deps = [
"aafwk_standard:ability_manager",
"aafwk_standard:want",
"hiviewdfx_hilog_native:libhilog",
"ipc:ipc_core",
"samgr_standard:samgr_proxy",
"startup_l2:syspara",
]
subsystem_name = "security"

5
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/distributed_permission_kit.h
View File

@ -17,10 +17,13 @@
#define DISRIBUTED_PERMISSION_KIT_H
#include <iostream>
#include "distributed_permission_manager_client.h"
#include "app_id_info.h"
#include "constant.h"
#include "nlohmann/json.hpp"
#include "on_using_permission_reminder.h"
#include "on_permission_used_record.h"
#include "on_request_permissions_result.h"
#include "query_permission_used_request.h"
namespace OHOS {
namespace Security {

0
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/distributed_permission_death_recipient.h → interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/distributed_permission_death_recipient.h
View File

4
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/distributed_permission_kit.cpp
View File

@ -12,9 +12,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "distributed_permission_kit.h"
#include <sys/types.h>
#include <unistd.h>
#include "distributed_permission_kit.h"
#include "distributed_permission_manager_client.h"
namespace OHOS {
namespace Security {

216
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/distributed_permission_manager_client.cpp
View File

@ -68,37 +68,20 @@ int32_t DistributedPermissionManagerClient::CheckDPermission(int32_t dUid, const
return distributedPermissionProxy_->CheckDPermission(dUid, permissionName);
}
int32_t DistributedPermissionManagerClient::CheckPermission(
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid)
{
PERMISSION_LOG_INFO(LABEL,
"permissionName = %{public}s, nodeId = %{public}s, nodeId = %{public}d, nodeId = %{public}d",
permissionName.c_str(),
Constant::EncryptDevId(nodeId).c_str(),
pid,
uid);
if (!GetDistributedPermissionProxy()) {
return ERROR;
}
return distributedPermissionProxy_->CheckPermission(permissionName, nodeId, pid, uid);
}
int32_t DistributedPermissionManagerClient::CheckPermission(
const std::string &permissionName, const std::string &appIdInfo)
int32_t DistributedPermissionManagerClient::CheckPermission(const std::string &permissionName,
const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(
LABEL, "permissionName = %{public}s, appIdInfo = %{public}s", permissionName.c_str(), appIdInfo.c_str());
if (!GetDistributedPermissionProxy()) {
return ERROR;
}
AppIdInfo appIdInfoObj;
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
return ERROR;
}
return distributedPermissionProxy_->CheckPermission(
permissionName, appIdInfoObj.deviceId, appIdInfoObj.pid, appIdInfoObj.uid);
return distributedPermissionProxy_->CheckPermission(permissionName, appIdInfo);
}
bool DistributedPermissionManagerClient::IsPermissionNameValid(const std::string &permissionName)
{
return !permissionName.empty() && (permissionName.length() <= MAX_LENGTH);
}
int32_t DistributedPermissionManagerClient::CheckSelfPermission(const std::string &permissionName)
@ -107,8 +90,19 @@ int32_t DistributedPermissionManagerClient::CheckSelfPermission(const std::strin
if (!GetDistributedPermissionProxy()) {
return ERROR;
}
return distributedPermissionProxy_->CheckSelfPermission(permissionName);
if (!DistributedPermissionManagerClient::IsPermissionNameValid(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "CheckSelfPermission::permissionName is not valid");
return Constant::PERMISSION_DENIED;
}
// CheckSelfPermission is used by applications to check whether they have certain permissions,
// so the IPC package is used to get the process id and uid of the call source.
pid_t pid = IPCSkeleton::GetCallingPid();
pid_t uid = IPCSkeleton::GetCallingUid();
std::cout << "pid:"<<pid<<std::endl;
std::cout << "uid:"<<uid<<std::endl;
AppIdInfo appIdInfoObj;
std::string appIdInfo = DistributedPermissionKit::AppIdInfoHelper::CreateAppIdInfo(pid, uid, "");
return distributedPermissionProxy_->CheckPermission(permissionName, appIdInfo);
}
int32_t DistributedPermissionManagerClient::CheckCallingPermission(const std::string &permissionName)
@ -141,31 +135,44 @@ int32_t DistributedPermissionManagerClient::CheckCallerPermission(const std::str
return distributedPermissionProxy_->CheckCallerPermission(permissionName);
}
// bool DistributedPermissionManagerClient::IsRestrictedPermission(const std::string &permissionName)
// {
// PERMISSION_LOG_INFO(LABEL, "permissionName = %{public}s", permissionName.c_str());
// // if (!GetDistributedPermissionProxy()) {
// // return ERROR;
// // }
// // return distributedPermissionProxy_->IsRestrictedPermission(permissionName);
// }
bool DistributedPermissionManagerClient::IsRestrictedPermission(const std::string &permissionName)
{
PERMISSION_LOG_INFO(LABEL, "permissionName = %{public}s", permissionName.c_str());
if (!GetDistributedPermissionProxy()) {
return ERROR;
if (!DistributedPermissionManagerClient::IsPermissionNameValid(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "PermissionName data invalid");
return false;
}
return distributedPermissionProxy_->IsRestrictedPermission(permissionName);
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
PermissionDefParcel permissionDefResult;
int ret = iPermissionManager_->GetDefPermission(permissionName, permissionDefResult);
if (ret != 0) {
PERMISSION_LOG_ERROR(LABEL, "get permission def failed");
return false;
}
if (permissionDefResult.permissionDef.availableScope == Permission::AvailableScope::AVAILABLE_SCOPE_RESTRICTED) {
return true;
}
return false;
}
int32_t DistributedPermissionManagerClient::VerifyPermissionFromRemote(
const std::string &permission, const std::string &nodeId, const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(
LABEL, "permission = %{public}s, appIdInfo = %{public}s", permission.c_str(), appIdInfo.c_str());
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, nodeId = %{public}s, appIdInfo = %{public}s",
permission.c_str(), Constant::EncryptDevId(nodeId).c_str(), appIdInfo.c_str());
if (!GetDistributedPermissionProxy()) {
return ERROR;
}
AppIdInfo appIdInfoObj;
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
return ERROR;
}
return distributedPermissionProxy_->VerifyPermissionFromRemote(
permission, nodeId, appIdInfoObj.pid, appIdInfoObj.uid);
return distributedPermissionProxy_->VerifyPermissionFromRemote(permission, nodeId, appIdInfo);
}
int32_t DistributedPermissionManagerClient::VerifySelfPermissionFromRemote(
@ -201,6 +208,7 @@ void DistributedPermissionManagerClient::RequestPermissionsFromRemote(const std:
int32_t reasonResId)
{
if (callback == nullptr) {
PERMISSION_LOG_INFO(LABEL, "RequestPermissionsFromRemote param callback is null!");
return;
}
PERMISSION_LOG_INFO(LABEL,
@ -274,15 +282,7 @@ int32_t DistributedPermissionManagerClient::CheckPermissionAndStartUsing(
if (!GetDistributedPermissionProxy()) {
return ERROR;
}
AppIdInfo appIdInfoObj;
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
return ERROR;
}
return distributedPermissionProxy_->CheckPermissionAndStartUsing(
permissionName, appIdInfoObj.pid, appIdInfoObj.uid, appIdInfoObj.deviceId);
return distributedPermissionProxy_->CheckPermissionAndStartUsing(permissionName, appIdInfo);
}
int32_t DistributedPermissionManagerClient::CheckCallerPermissionAndStartUsing(const std::string &permissionName)
@ -326,15 +326,7 @@ void DistributedPermissionManagerClient::StartUsingPermission(const std::string
if (!GetDistributedPermissionProxy()) {
return;
}
AppIdInfo appIdInfoObj;
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
return;
}
return distributedPermissionProxy_->StartUsingPermission(
permName, appIdInfoObj.pid, appIdInfoObj.uid, appIdInfoObj.deviceId);
return distributedPermissionProxy_->StartUsingPermission(permName, appIdInfo);
}
void DistributedPermissionManagerClient::StopUsingPermission(const std::string &permName, const std::string &appIdInfo)
@ -345,19 +337,10 @@ void DistributedPermissionManagerClient::StopUsingPermission(const std::string &
PERMISSION_LOG_INFO(LABEL, "checkresult : Param Empty");
return;
}
if (!GetDistributedPermissionProxy()) {
return;
}
AppIdInfo appIdInfoObj;
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
PERMISSION_LOG_INFO(LABEL, "appIdInfo data invalid");
return;
}
return distributedPermissionProxy_->StopUsingPermission(
permName, appIdInfoObj.pid, appIdInfoObj.uid, appIdInfoObj.deviceId);
return distributedPermissionProxy_->StopUsingPermission(permName, appIdInfo);
}
void DistributedPermissionManagerClient::ResetDistributedPermissionProxy()
@ -385,109 +368,49 @@ void DistributedPermissionManagerClient::AddPermissionUsedRecord(
PERMISSION_LOG_ERROR(LABEL, "%{public}s permissionName invalid", __func__);
return;
}
Permission::AppIdInfo appIdInfoObj;
if (!DistributedPermissionKit::AppIdInfoHelper::ParseAppIdInfo(appIdInfo, appIdInfoObj)) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s appIdInfo data invalid", __func__);
return;
}
if (appIdInfoObj.deviceId.empty()) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s deviceId invalid", __func__);
return;
}
if (!GetDistributedPermissionProxy()) {
return;
}
distributedPermissionProxy_->AddPermissionsRecord(
permissionName, appIdInfoObj.deviceId, appIdInfoObj.uid, sucCount, failCount);
distributedPermissionProxy_->AddPermissionsRecord(permissionName, appIdInfo, sucCount, failCount);
}
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(
const QueryPermissionUsedRequest &request, QueryPermissionUsedResult &result)
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(const QueryPermissionUsedRequest &request,
QueryPermissionUsedResult &result)
{
if (!GetDistributedPermissionProxy()) {
return Constant::FAILURE_DPMS;
}
nlohmann::json jsonObj = request.to_json(request);
std::string queryJsonStr = jsonObj.dump(-1, ' ', false, nlohmann::detail::error_handler_t::replace);
unsigned long zipLen = queryJsonStr.length();
unsigned long len = compressBound(zipLen);
if (len <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return Constant::FAILURE;
}
unsigned char *buf = (unsigned char *)malloc(len + 1);
if (buf == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
return Constant::FAILURE;
}
if (!ZipUtil::ZipCompress(queryJsonStr, zipLen, buf, len)) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress fail!", __func__);
free(buf);
return Constant::FAILURE;
}
std::string queryGzipStr;
Base64Util::Encode(buf, len, queryGzipStr);
free(buf);
buf = NULL;
if (ZipUtils::CompressString(queryJsonStr, queryGzipStr) != ZipUtils::OK) {
return Constant::FAILURE;
}
std::string resultGzipStr;
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, len, zipLen, resultGzipStr);
if (len <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return Constant::FAILURE;
}
unsigned char *pOut = (unsigned char *)malloc(len + 1);
if (pOut == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
return Constant::FAILURE;
}
Base64Util::Decode(resultGzipStr, pOut, len);
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, resultGzipStr);
std::string resultJsonStr;
bool opResult = ZipUtil::ZipUnCompress(pOut, len, resultJsonStr, zipLen);
free(pOut);
pOut = NULL;
if (opResult == false) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress fail!", __func__);
if (ZipUtils::DecompressString(resultGzipStr, resultJsonStr) != ZipUtils::OK) {
return Constant::FAILURE;
}
nlohmann::json jsonRes = nlohmann::json::parse(resultJsonStr, nullptr, false);
result.from_json(jsonRes, result);
return ret;
}
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(
const QueryPermissionUsedRequest &request, const sptr<OnPermissionUsedRecord> &callback)
int32_t DistributedPermissionManagerClient::GetPermissionUsedRecords(const QueryPermissionUsedRequest &request,
const sptr<OnPermissionUsedRecord> &callback)
{
if (!GetDistributedPermissionProxy()) {
return Constant::FAILURE_DPMS;
}
nlohmann::json jsonObj = request.to_json(request);
std::string queryJsonStr = jsonObj.dump(-1, ' ', false, nlohmann::detail::error_handler_t::replace);
unsigned long zipLen = queryJsonStr.length();
unsigned long len = compressBound(zipLen);
if (len <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return Constant::FAILURE;
}
unsigned char *buf = (unsigned char *)malloc(len + 1);
if (buf == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
return Constant::FAILURE;
}
if (!ZipUtil::ZipCompress(queryJsonStr, zipLen, buf, len)) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress fail!", __func__);
free(buf);
return Constant::FAILURE;
}
std::string queryGzipStr;
Base64Util::Encode(buf, len, queryGzipStr);
free(buf);
buf = NULL;
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, len, zipLen, callback);
if (ZipUtils::CompressString(queryJsonStr, queryGzipStr) != ZipUtils::OK) {
return Constant::FAILURE;
}
int32_t ret = distributedPermissionProxy_->GetPermissionRecords(queryGzipStr, callback);
return ret;
}
@ -515,8 +438,7 @@ bool DistributedPermissionManagerClient::GetDistributedPermissionProxy()
PERMISSION_LOG_ERROR(LABEL, "failed to get distributedPermissionProxy_.");
return false;
}
recipient_ = new DistributedPermissionDeathRecipient();
recipient_ = new (std::nothrow) DistributedPermissionDeathRecipient();
if (!recipient_) {
PERMISSION_LOG_ERROR(LABEL, "failed to new recipient_.");
return false;
@ -527,6 +449,6 @@ bool DistributedPermissionManagerClient::GetDistributedPermissionProxy()
return true;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
} // namespace Permission
} // namespace Security
} // namespace OHOS

19
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/distributed_permission_manager_client.h → interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/distributed_permission_manager_client.h
View File

@ -16,9 +16,14 @@
#ifndef PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_H
#define PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_H
#include "base64_util.h"
#include "idistributed_permission.h"
#include "zip_util.h"
#include <string>
#include <set>
#include "i_distributed_permission.h"
#include "zip_utils.h"
#include "pms_adapter.h"
#include "permission/permission.h"
#include "permission_def.h"
#include "permission_log.h"
namespace OHOS {
namespace Security {
@ -33,8 +38,6 @@ public:
int32_t CheckDPermission(int32_t dUid, const std::string &permissionName);
int32_t CheckPermission(const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid);
int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo);
int32_t CheckSelfPermission(const std::string &permissionName);
@ -74,7 +77,7 @@ public:
void StopUsingPermission(const std::string &permName, const std::string &appIdInfo);
void AddPermissionUsedRecord(const std::string &permissionName, const std::string &appIdInfo,
const int32_t sucCount, const int32_t failCount);
int32_t sucCount, int32_t failCount);
int32_t GetPermissionUsedRecords(const QueryPermissionUsedRequest &request, QueryPermissionUsedResult &result);
@ -85,11 +88,13 @@ public:
private:
bool GetDistributedPermissionProxy();
bool IsPermissionNameValid(const std::string &permissionName);
private:
std::mutex mutex_;
sptr<IDistributedPermission> distributedPermissionProxy_;
sptr<IRemoteObject::DeathRecipient> recipient_;
const static int MAX_LENGTH = 256;
sptr<Permission::IPermissionManager> iPermissionManager_;
};
} // namespace Permission
} // namespace Security

241
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/distributed_permission_proxy.cpp
View File

@ -23,7 +23,7 @@ namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "DistributedPermissionProxy"};
}
const int32_t PERMISSION_NOT_GRANTED = -1;
const int32_t PERMISSION_DENIED = -1;
const int32_t ERROR = -1;
DistributedPermissionProxy::DistributedPermissionProxy(const sptr<IRemoteObject> &object)
@ -40,11 +40,11 @@ int32_t DistributedPermissionProxy::AllocateDuid(const std::string &nodeId, cons
MessageParcel data;
if (!data.WriteString(nodeId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteInt32(rUid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(rUid).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -64,11 +64,11 @@ int32_t DistributedPermissionProxy::QueryDuid(const std::string &deviceId, const
MessageParcel data;
if (!data.WriteString(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteInt32(rUid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(rUid).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -87,11 +87,11 @@ int32_t DistributedPermissionProxy::CheckDPermission(int32_t dUid, const std::st
MessageParcel data;
if (!data.WriteInt32(dUid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(dUid).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -102,32 +102,20 @@ int32_t DistributedPermissionProxy::CheckDPermission(int32_t dUid, const std::st
}
return result;
}
int32_t DistributedPermissionProxy::CheckPermission(
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid)
int32_t DistributedPermissionProxy::CheckPermission(const std::string &permissionName, const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(LABEL, "enter");
PERMISSION_LOG_INFO(LABEL,
"permissionName = %{public}s, nodeId = %{public}s, pid = %{public}d, uid = %{public}d",
permissionName.c_str(),
Constant::EncryptDevId(nodeId).c_str(),
pid,
uid);
PERMISSION_LOG_INFO(LABEL, "permissionName = %{public}s, appIdInfo = %{public}s", permissionName.c_str(),
appIdInfo.c_str());
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteString(nodeId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
return PERMISSION_NOT_GRANTED;
}
if (!data.WriteInt32(pid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
return PERMISSION_NOT_GRANTED;
}
if (!data.WriteInt32(uid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
return PERMISSION_NOT_GRANTED;
if (!data.WriteString(appIdInfo)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -146,7 +134,7 @@ int32_t DistributedPermissionProxy::CheckSelfPermission(const std::string &permi
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -165,7 +153,7 @@ int32_t DistributedPermissionProxy::CheckCallingPermission(const std::string &pe
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -184,7 +172,7 @@ int32_t DistributedPermissionProxy::CheckCallingOrSelfPermission(const std::stri
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -203,7 +191,7 @@ int32_t DistributedPermissionProxy::CheckCallerPermission(const std::string &per
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -233,32 +221,24 @@ bool DistributedPermissionProxy::IsRestrictedPermission(const std::string &permi
}
return result;
}
int32_t DistributedPermissionProxy::VerifyPermissionFromRemote(
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid)
int32_t DistributedPermissionProxy::VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(LABEL, "enter");
PERMISSION_LOG_INFO(LABEL,
"permission = %{public}s, nodeId = %{public}s, pid = %{public}d, uid = %{public}d",
permission.c_str(),
Constant::EncryptDevId(nodeId).c_str(),
pid,
uid);
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, nodeId = %{public}s, appIdInfo = %{public}s",
permission.c_str(), Constant::EncryptDevId(nodeId).c_str(), appIdInfo.c_str());
MessageParcel data;
if (!data.WriteString(permission)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteString(nodeId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteInt32(pid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
return PERMISSION_NOT_GRANTED;
}
if (!data.WriteInt32(uid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
return PERMISSION_NOT_GRANTED;
if (!data.WriteString(appIdInfo)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -280,11 +260,11 @@ int32_t DistributedPermissionProxy::VerifySelfPermissionFromRemote(
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
if (!data.WriteString(nodeId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(nodeId).");
return PERMISSION_NOT_GRANTED;
return PERMISSION_DENIED;
}
MessageParcel reply;
int32_t result = ERROR;
@ -404,16 +384,14 @@ void DistributedPermissionProxy::GrantSensitivePermissionToRemoteApp(
int32_t DistributedPermissionProxy::RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback)
{
PERMISSION_LOG_INFO(LABEL, "callback = OnUsingPermissionReminder");
int32_t result = ERROR;
MessageParcel data;
MessageParcel reply;
if (!data.WriteRemoteObject(callback->AsObject())) {
PERMISSION_LOG_ERROR(LABEL, "failed to WirteRomoteObject(callback->AsObject()).");
return PERMISSION_NOT_GRANTED;
return result;
}
MessageParcel reply;
int32_t result = ERROR;
bool ret = SendRequest(IDistributedPermission::MessageCode::REGISTER_USINH_PERMISSION_REMINDER, data, reply);
if (ret) {
result = reply.ReadInt32();
@ -432,12 +410,13 @@ int32_t DistributedPermissionProxy::UnregisterUsingPermissionReminder(const sptr
{
PERMISSION_LOG_INFO(LABEL, "callback = OnUsingPermissionReminder");
MessageParcel data;
if (!data.WriteRemoteObject(callback->AsObject())) {
PERMISSION_LOG_ERROR(LABEL, "failed to WirteRomoteObject(callback->AsObject()).");
return PERMISSION_NOT_GRANTED;
}
MessageParcel reply;
int32_t result = ERROR;
if (!data.WriteRemoteObject(callback->AsObject())) {
PERMISSION_LOG_ERROR(LABEL, "failed to WirteRomoteObject(callback->AsObject()).");
return result;
}
bool ret = SendRequest(IDistributedPermission::MessageCode::UNREGISTER_USINH_PERMISSION_REMINDER, data, reply);
if (ret) {
result = reply.ReadInt32();
@ -450,39 +429,26 @@ int32_t DistributedPermissionProxy::UnregisterUsingPermissionReminder(const sptr
* Check permission and start permission using reminder if permission granted.
*
* @param permissionName permission name.
* @param pid the pid from pid json string indicates app information
* @param uid the uid from pid json string indicates app information
* @param deviceId thd deviceId from pid json string indicates app information
* @param appIdInfo the json string indicates app information
* @return Permission checked result, {@link #GRANTED} indicates permission granted, otherwise {@link #DENIED}.
*/
int32_t DistributedPermissionProxy::CheckPermissionAndStartUsing(
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId)
int32_t DistributedPermissionProxy::CheckPermissionAndStartUsing(const std::string &permissionName,
const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(LABEL,
"permissionName = %{public}s, pid = %{public}d, uid = %{public}d, deviceId = %{public}s",
permissionName.c_str(),
pid,
uid,
Constant::EncryptDevId(deviceId).c_str());
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, appIdInfo = %{public}s", permissionName.c_str(),
appIdInfo.c_str());
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return PERMISSION_NOT_GRANTED;
}
if (!data.WriteInt32(pid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
return PERMISSION_NOT_GRANTED;
}
if (!data.WriteInt32(uid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
return PERMISSION_NOT_GRANTED;
}
if (!data.WriteString(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
return PERMISSION_NOT_GRANTED;
}
MessageParcel reply;
int32_t result = ERROR;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return result;
}
if (!data.WriteString(appIdInfo)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
return result;
}
bool ret = SendRequest(IDistributedPermission::MessageCode::CHECK_PERMISSION_AND_START_USING, data, reply);
if (ret) {
result = reply.ReadInt32();
@ -495,34 +461,18 @@ int32_t DistributedPermissionProxy::CheckPermissionAndStartUsing(
* Used to permission using remind when app start using permission continuously.
*
* @param permName the permission name which app start using.
* @param pid the pid from pid json string indicates app information
* @param uid the uid from pid json string indicates app information
* @param deviceId thd deviceId from pid json string indicates app information
* @param appIdInfo the pid from pid json string indicates app information
*/
void DistributedPermissionProxy::StartUsingPermission(
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId)
void DistributedPermissionProxy::StartUsingPermission(const std::string &permName, const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(LABEL,
"permName = %{public}s, pid = %{public}d, uid = %{public}d, deviceId = %{public}s",
permName.c_str(),
pid,
uid,
Constant::EncryptDevId(deviceId).c_str());
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, appIdInfo = %{public}s", permName.c_str(), appIdInfo.c_str());
MessageParcel data;
if (!data.WriteString(permName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permName).");
return;
}
if (!data.WriteInt32(pid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
return;
}
if (!data.WriteInt32(uid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
return;
}
if (!data.WriteString(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
if (!data.WriteString(appIdInfo)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
return;
}
MessageParcel reply;
@ -538,34 +488,18 @@ void DistributedPermissionProxy::StartUsingPermission(
* Used to permission using remind when app stop using permission continuously.
*
* @param permName the permission name which app stop using.
* @param pid the pid from pid json string indicates app information
* @param uid the uid from pid json string indicates app information
* @param deviceId thd deviceId from pid json string indicates app information
* @param appIdInfo the json string indicates app information
*/
void DistributedPermissionProxy::StopUsingPermission(
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId)
void DistributedPermissionProxy::StopUsingPermission(const std::string &permName, const std::string &appIdInfo)
{
PERMISSION_LOG_INFO(LABEL,
"permName = %{public}s, pid = %{public}d, uid = %{public}d, deviceId = %{public}s",
permName.c_str(),
pid,
uid,
Constant::EncryptDevId(deviceId).c_str());
PERMISSION_LOG_INFO(LABEL, "permission = %{public}s, appIdInfo = %{public}s", permName.c_str(), appIdInfo.c_str());
MessageParcel data;
if (!data.WriteString(permName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permName).");
return;
}
if (!data.WriteInt32(pid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(pid).");
return;
}
if (!data.WriteInt32(uid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
return;
}
if (!data.WriteString(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
if (!data.WriteString(appIdInfo)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
return;
}
MessageParcel reply;
@ -577,28 +511,20 @@ void DistributedPermissionProxy::StopUsingPermission(
}
}
void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId,
const int32_t uid, const int32_t sucCount, const int32_t failCount)
void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
int32_t sucCount, int32_t failCount)
{
PERMISSION_LOG_INFO(LABEL,
"permissionName = %{public}s, deviceId = %{public}s, uid = %{public}d, sucCount = "
"permissionName = %{public}s, appIdInfo = %{public}s, sucCount = "
"%{public}d, failCount = %{public}d",
permissionName.c_str(),
Constant::EncryptDevId(deviceId).c_str(),
uid,
sucCount,
failCount);
permissionName.c_str(), appIdInfo.c_str(), sucCount, failCount);
MessageParcel data;
if (!data.WriteString(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(permissionName).");
return;
}
if (!data.WriteString(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(deviceId).");
return;
}
if (!data.WriteInt32(uid)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteInt32(uid).");
if (!data.WriteString(appIdInfo)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(appIdInfo).");
return;
}
if (!data.WriteInt32(sucCount)) {
@ -618,8 +544,7 @@ void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permiss
}
}
int32_t DistributedPermissionProxy::GetPermissionRecords(
const std::string &request, unsigned long &codeLen, unsigned long &zipLen, std::string &resultStr)
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, std::string &resultStr)
{
PERMISSION_LOG_INFO(LABEL, "request = %{public}s, resultStr = %{public}s", request.c_str(), resultStr.c_str());
MessageParcel data;
@ -627,14 +552,6 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
return false;
}
if (!data.WriteUint64(codeLen)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(codeLen).");
return false;
}
if (!data.WriteUint64(zipLen)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(zipLen).");
return false;
}
MessageParcel reply;
int32_t result = 0;
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS, data, reply);
@ -642,14 +559,12 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
result = reply.ReadInt32();
PERMISSION_LOG_INFO(LABEL, "result = %{public}d", result);
resultStr = reply.ReadString();
codeLen = reply.ReadUint64();
zipLen = reply.ReadUint64();
}
return result;
}
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, unsigned long &codeLen,
unsigned long &zipLen, const sptr<OnPermissionUsedRecord> &callback)
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request,
const sptr<OnPermissionUsedRecord> &callback)
{
PERMISSION_LOG_INFO(LABEL, "queryGzipStr = %{public}s, callback = OnPermissionUsedRecord", request.c_str());
MessageParcel data;
@ -657,14 +572,6 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &requ
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
return false;
}
if (!data.WriteUint64(codeLen)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(codeLen).");
return false;
}
if (!data.WriteUint64(zipLen)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(zipLen).");
return false;
}
if (!data.WriteRemoteObject(callback->AsObject())) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteRemoteObject(callback).");
return false;
@ -696,6 +603,6 @@ bool DistributedPermissionProxy::SendRequest(
}
return true;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
} // namespace Permission
} // namespace Security
} // namespace OHOS

44
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/distributed_permission_proxy.h → interfaces/innerkits/permission_standard/distributedpermission/main/cpp/src/distributed_permission_proxy.h
View File

@ -17,7 +17,7 @@
#define PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_PROXY_H
#include "constant.h"
#include "idistributed_permission.h"
#include "i_distributed_permission.h"
#include "iremote_proxy.h"
namespace OHOS {
@ -34,8 +34,7 @@ public:
virtual int32_t CheckDPermission(int32_t dUid, const std::string &permissionName) override;
virtual int32_t CheckPermission(
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid) override;
virtual int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo) override;
virtual int32_t CheckSelfPermission(const std::string &permissionName) override;
@ -47,11 +46,11 @@ public:
virtual bool IsRestrictedPermission(const std::string &permissionName) override;
virtual int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid) override;
virtual int32_t VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
const std::string &appIdInfo) override;
virtual int32_t VerifySelfPermissionFromRemote(
const std::string &permissionName, const std::string &nodeId) override;
virtual int32_t VerifySelfPermissionFromRemote(const std::string &permissionName,
const std::string &nodeId) override;
virtual bool CanRequestPermissionFromRemote(const std::string &permissionName, const std::string &nodeId) override;
@ -59,29 +58,26 @@ public:
const sptr<OnRequestPermissionsResult> &callback, const std::string &nodeId, const std::string &bundleName,
int32_t reasonResId) override;
virtual void GrantSensitivePermissionToRemoteApp(
const std::string &permissionName, const std::string &nodeId, int32_t ruid) override;
virtual void GrantSensitivePermissionToRemoteApp(const std::string &permissionName, const std::string &nodeId,
int32_t ruid) override;
virtual int32_t RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) override;
virtual int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback) override;
virtual int32_t CheckPermissionAndStartUsing(
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId) override;
virtual int32_t CheckPermissionAndStartUsing(const std::string &permissionName,
const std::string &appIdInfo) override;
virtual void StartUsingPermission(
const std::string &permName, int32_t pid, int32_t, const std::string &deviceId) override;
virtual void StartUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
virtual void StopUsingPermission(
const std::string &permName, int32_t, int32_t, const std::string &deviceId) override;
virtual void StopUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId, const int32_t uid,
const int32_t sucCount, const int32_t failCount) override;
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
int32_t sucCount, int32_t failCount) override;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen,
std::string &resultStr) override;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, std::string &resultStr) override;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, unsigned long &codeLen, unsigned long &zipLen,
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr,
const sptr<OnPermissionUsedRecord> &callback) override;
private:
@ -90,8 +86,8 @@ private:
private:
static inline BrokerDelegator<DistributedPermissionProxy> delegator_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_PROXY_H
#endif // PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_PROXY_H

5
interfaces/innerkits/permission_standard/distributedpermission/test/BUILD.gn
View File

@ -19,7 +19,7 @@ config("permission_test_config") {
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/permission",
"${distributed_permission_record_database_path}/main/cpp/include",
"${distributed_permission_database_path}/main/cpp/include",
"${distributed_permission_services_path}/main/cpp/include",
"${distributed_permission_services_path}/main/cpp/include/command",
"${distributed_permission_services_path}/main/cpp/include/common",
@ -27,6 +27,7 @@ config("permission_test_config") {
"${distributed_permission_services_path}/main/cpp/include/distributed",
"${distributed_permission_services_path}/main/cpp/include/protocol",
"${distributed_permission_services_path}/main/cpp/include/record",
"${distributed_permission_services_path}/main/cpp/src/record",
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
"${distributed_permission_services_path}/main/cpp/include/remote",
@ -63,7 +64,5 @@ group("unittest") {
deps = [
"unittest/app_id_info_helper_test:unittest",
"unittest/app_id_info_test:unittest",
"unittest/check_permission_inner_test:unittest",
"unittest/permission_remind_inner_test:unittest",
]
}

83
interfaces/innerkits/permission_standard/distributedpermission/test/mock/mock_distributed_permission_proxy.cpp
View File

@ -13,10 +13,7 @@
* limitations under the License.
*/
#include "distributed_permission_proxy.h"
#include "constant.h"
#include "base64_util.h"
#include "zip_util.h"
#include "permission_log.h"
namespace OHOS {
@ -569,7 +566,7 @@ void DistributedPermissionProxy::StopUsingPermission(
}
void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permissionName, const std::string &deviceId,
const int32_t uid, const int32_t sucCount, const int32_t failCount)
const int32_t uid, int32_t sucCount, int32_t failCount)
{
PERMISSION_LOG_INFO(LABEL,
"permissionName = %{public}s, deviceId = %{public}s, uid = %{public}d, sucCount = "
@ -609,8 +606,7 @@ void DistributedPermissionProxy::AddPermissionsRecord(const std::string &permiss
}
}
int32_t DistributedPermissionProxy::GetPermissionRecords(
const std::string &request, unsigned long &codeLen, unsigned long &zipLen, std::string &resultStr)
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, std::string &resultStr)
{
PERMISSION_LOG_INFO(LABEL, "request = %{public}s, resultStr = %{public}s", request.c_str(), resultStr.c_str());
MessageParcel data;
@ -618,26 +614,12 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
return -1;
}
if (!data.WriteUint64(codeLen)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(codeLen).");
return -1;
}
if (!data.WriteUint64(zipLen)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteUint64(zipLen).");
return -1;
}
MessageParcel reply;
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS, data, reply);
if (ret) {
// PERMISSION_LOG_INFO(LABEL, "result = %{public}s", result.c_str());
// result = reply.ReadString();
// codeLen = reply.ReadUint64();
// zipLen = reply.ReadUint64();
QueryPermissionUsedRequest query;
unsigned char *pOut = (unsigned char *)malloc(codeLen);
Base64Util::Decode(request, pOut, codeLen);
std::string requestJsonStr;
if (!ZipUtil::ZipUnCompress(pOut, codeLen, requestJsonStr, zipLen)) {
if (ZipUtils::DecompressString(request, requestJsonStr) != ZipUtils::OK) {
return Constant::FAILURE;
}
nlohmann::json jsonRes = nlohmann::json::parse(requestJsonStr, nullptr, false);
@ -648,46 +630,37 @@ int32_t DistributedPermissionProxy::GetPermissionRecords(
result.code = Constant::SUCCESS_GET_RECORD;
nlohmann::json jsonObj = result.to_json(result);
std::string resultJsonStr = jsonObj.dump();
unsigned long zipLen = resultJsonStr.length();
unsigned long len = compressBound(zipLen);
unsigned char *buf = (unsigned char *)malloc(len);
if (!ZipUtil::ZipCompress(resultJsonStr, zipLen, buf, len)) {
if (ZipUtils::CompressString(resultJsonStr, resultStr) != ZipUtils::OK) {
return Constant::FAILURE;
}
Base64Util::Encode(buf, len, resultStr);
}
return Constant::SUCCESS;
}
return Constant::SUCCESS;
}
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request, unsigned long &codeLen,
unsigned long &zipLen, const sptr<OnPermissionUsedRecord> &callback)
{
PERMISSION_LOG_INFO(LABEL, "queryGzipStr = %{public}s, callback = OnPermissionUsedRecord", request.c_str());
MessageParcel data;
if (!data.WriteString(request)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
return false;
}
if (!data.WriteRemoteObject(callback->AsObject())) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteRemoteObject(callback).");
return false;
}
MessageParcel reply;
int32_t code = ERROR;
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS_ASYNCH, data, reply);
if (ret) {
QueryPermissionUsedRequest query;
unsigned char *pOut = (unsigned char *)malloc(codeLen);
Base64Util::Decode(request, pOut, codeLen);
std::string requestJsonStr;
if (!ZipUtil::ZipUnCompress(pOut, codeLen, requestJsonStr, zipLen)) {
return Constant::FAILURE;
int32_t DistributedPermissionProxy::GetPermissionRecords(const std::string &request,
const sptr<OnPermissionUsedRecord> &callback)
{
PERMISSION_LOG_INFO(LABEL, "queryGzipStr = %{public}s, callback = OnPermissionUsedRecord", request.c_str());
MessageParcel data;
if (!data.WriteString(request)) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteString(request).");
return false;
}
nlohmann::json jsonRes = nlohmann::json::parse(requestJsonStr, nullptr, false);
query.from_json(jsonRes, query);
if (!data.WriteRemoteObject(callback->AsObject())) {
PERMISSION_LOG_ERROR(LABEL, "failed to WriteRemoteObject(callback).");
return false;
}
MessageParcel reply;
int32_t code = ERROR;
bool ret = SendRequest(IDistributedPermission::MessageCode::GET_PERMISSION_RECORDS_ASYNCH, data, reply);
if (ret) {
QueryPermissionUsedRequest query;
std::string requestJsonStr;
if (ZipUtils::DecompressString(request, requestJsonStr) != ZipUtils::OK) {
return Constant::FAILURE;
}
nlohmann::json jsonRes = nlohmann::json::parse(requestJsonStr, nullptr, false);
query.from_json(jsonRes, query);
if (query.bundleName == "success") {
QueryPermissionUsedResult result;

44
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/app_id_info_helper_test/app_id_info_helper_test.cpp
View File

@ -13,38 +13,28 @@
* limitations under the License.
*/
#include <thread>
#include <functional>
#include "gtest/gtest.h"
#include <iostream>
#include "distributed_permission_kit.h"
#include "app_id_info_helper_test.h"
using namespace testing::ext;
using namespace OHOS::Security::Permission;
using namespace std;
class AppIdInfoHelperTest : public testing::Test {
public:
static void SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
}
static void TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void SetUp()
{
cout << "SetUp() is running" << endl;
}
void TearDown()
{
cout << "TearDown()" << endl;
}
};
void AppIdInfoHelperTest::SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
}
void AppIdInfoHelperTest::TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void AppIdInfoHelperTest::SetUp()
{
cout << "SetUp() is running" << endl;
}
void AppIdInfoHelperTest::TearDown()
{
cout << "TearDown()" << endl;
}
HWTEST_F(AppIdInfoHelperTest, Test01, Function | MediumTest | Level1)
{
pid_t pid = 1;

39
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/app_id_info_helper_test/app_id_info_helper_test.h Normal file
View File

@ -0,0 +1,39 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef APP_ID_INFO_HELPER_TEST_H
#define APP_ID_INFO_HELPER_TEST_H
#include <thread>
#include <functional>
#include <iostream>
#include "gtest/gtest.h"
#include "distributed_permission_kit.h"
namespace OHOS {
namespace Security {
namespace Permission {
class AppIdInfoHelperTest : public testing::Test {
public:
static void SetUpTestCase();
static void TearDownTestCase();
void SetUp();
void TearDown();
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // APP_ID_INFO_HELPER_TEST_H

43
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/app_id_info_test/app_id_info_test.cpp
View File

@ -13,38 +13,29 @@
* limitations under the License.
*/
#include <thread>
#include <functional>
#include "gtest/gtest.h"
#include <iostream>
#include "app_id_info.h"
#include "app_id_info_test.h"
using namespace testing::ext;
using namespace OHOS::Security::Permission;
using namespace std;
class AppIdInfoTest : public testing::Test {
public:
static void SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
}
static void TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void SetUp()
{
cout << "SetUp() is running" << endl;
}
void TearDown()
{
cout << "TearDown()" << endl;
}
};
void AppIdInfoTest::SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
}
void AppIdInfoTest::TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void AppIdInfoTest::SetUp()
{
cout << "SetUp() is running" << endl;
}
void AppIdInfoTest::TearDown()
{
cout << "TearDown()" << endl;
}
HWTEST_F(AppIdInfoTest, Test01, Function | MediumTest | Level1)
{
AppIdInfo pidInvalidAppIdInfo;

37
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/app_id_info_test/app_id_info_test.h Normal file
View File

@ -0,0 +1,37 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef APP_ID_INFO_TEST_H
#define APP_ID_INFO_TEST_H
#include <thread>
#include <functional>
#include <iostream>
#include "gtest/gtest.h"
namespace OHOS {
namespace Security {
namespace Permission {
class AppIdInfoTest : public testing::Test {
public:
static void SetUpTestCase();
static void TearDownTestCase();
void SetUp();
void TearDown();
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // APP_ID_INFO_TEST_H

89
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/check_permission_inner_test/BUILD.gn
View File

@ -1,89 +0,0 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//base/security/permission/permission.gni")
import("//build/test.gni")
module_output_path = "permission_standard/permissiontest"
ohos_unittest("check_permission_inner_test") {
module_out_path = module_output_path
include_dirs = [
"${distributed_permission_services_path}/main/cpp/include/common",
"${distributed_permission_services_path}/main/cpp/include/record",
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/distributed_permission",
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
"${distributed_permission_services_path}/main/cpp/include/distributed",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
"//third_party/json/single_include",
"//utils/native/base/include",
"//utils/system/safwk/native/include",
"//third_party/json/include",
"//third_party/zlib",
"//base/notification/ans_standard/frameworks/wantagent:wantagent_innerkits",
"//base/notification/ans_standard/frameworks/ans/core:ans_core",
]
sources = [
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/app_id_info.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_death_recipient.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_kit.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_manager_client.cpp",
"${distributed_permission_innerkits_distributed_path}/main/cpp/src/distributed_permission_stub.cpp",
"${distributed_permission_innerkits_distributed_path}/test/mock/mock_distributed_permission_proxy.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/bundle_permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_result.cpp",
"check_permission_inner_test.cpp",
]
configs =
[ "${distributed_permission_services_path}/test:permission_test_config" ]
deps = [
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
"${permission_path}/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
"//foundation/aafwk/standard/interfaces/innerkits/base:base",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core",
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
"//third_party/sqlite:sqlite",
"//third_party/zlib:libz",
"//utils/native/base:utils",
]
external_deps = [
"aafwk_standard:want",
"dsoftbus_standard:softbus_client",
"hiviewdfx_hilog_native:libhilog",
"ipc:ipc_core",
"safwk:system_ability_fwk",
"samgr_standard:samgr_proxy",
]
}
group("unittest") {
testonly = true
deps = [ ":check_permission_inner_test" ]
}

104
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/check_permission_inner_test/check_permission_inner_test.cpp
View File

@ -1,104 +0,0 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <thread>
#include <functional>
#include "gtest/gtest.h"
#include <iostream>
#include "distributed_permission_kit.h"
#include "distributed_permission_manager_client.h"
#include "system_ability_definition.h"
#include "distributed_permission_death_recipient.h"
#include "permission_log.h"
#include "iservice_registry.h"
#include "ipc_skeleton.h"
#include "on_using_permission_reminder_stub.h"
using namespace testing::ext;
using namespace OHOS::Security::Permission;
using namespace std;
namespace OHOS {
pid_t IPCSkeleton::pid_ = 1;
pid_t IPCSkeleton::uid_ = 1;
std::string IPCSkeleton::localDeviceId_ = "1004";
std::string IPCSkeleton::deviceId_ = "";
} // namespace OHOS
class CheckPermissionInnerTest : public testing::Test {
public:
static void SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
}
static void TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void SetUp()
{
cout << "SetUp() is running" << endl;
}
void TearDown()
{
cout << "TearDown()" << endl;
}
int CheckProxy()
{
OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
return -1;
}
OHOS::sptr<OHOS::IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(
IDistributedPermission::SA_ID_DISTRIBUTED_PERMISSION_MANAGER_SERVICE);
if (!remoteObject) {
return -1;
}
OHOS::sptr<IDistributedPermission> distributedPermissionProxyTest;
distributedPermissionProxyTest = OHOS::iface_cast<IDistributedPermission>(remoteObject);
if ((!distributedPermissionProxyTest) || (!distributedPermissionProxyTest->AsObject())) {
return -1;
}
OHOS::sptr<OHOS::IRemoteObject::DeathRecipient> recipientTest;
recipientTest = new DistributedPermissionDeathRecipient();
if (!recipientTest) {
return -1;
}
return 0;
}
};
HWTEST_F(CheckPermissionInnerTest, Test01, Function | MediumTest | Level1)
{
int ret = -1;
int exRet = CheckProxy();
string permissionName = "ohos.permission.test";
string appIdInfo = "{\"deviceID\":\"1001\",\"pid\":1,\"uid\":2}";
ret = DistributedPermissionKit::CheckPermission(permissionName, appIdInfo);
EXPECT_EQ(exRet, ret);
}

4
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/permission_remind_inner_test/BUILD.gn
View File

@ -19,8 +19,10 @@ module_output_path = "permission_standard/permissiontest"
ohos_unittest("PermissionRemindInnerTest") {
module_out_path = module_output_path
include_dirs = [
"permission_remind_inner_test.h",
"${distributed_permission_services_path}/main/cpp/include/common",
"${distributed_permission_services_path}/main/cpp/include/record",
"${distributed_permission_services_path}/main/cpp/src/record",
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include/distributed_permission",
@ -47,8 +49,6 @@ ohos_unittest("PermissionRemindInnerTest") {
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_proxy.cpp",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_stub.cpp",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/permission_reminder_info.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/bundle_permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",

103
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/permission_remind_inner_test/permission_remind_inner_test.cpp
View File

@ -12,21 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <thread>
#include <functional>
#include <iostream>
#include "gtest/gtest.h"
#include "distributed_permission_kit.h"
#include "distributed_permission_manager_client.h"
#include "distributed_permission_death_recipient.h"
#include "iservice_registry.h"
#include "ipc_skeleton.h"
#include "on_using_permission_reminder_stub.h"
#include "permission_log.h"
#include "system_ability_definition.h"
#include "permission_remind_inner_test.h"
using namespace testing::ext;
using namespace OHOS::Security::Permission;
@ -38,35 +24,30 @@ pid_t IPCSkeleton::uid_ = 1;
std::string IPCSkeleton::localDeviceId_ = "1004";
std::string IPCSkeleton::deviceId_ = "";
} // namespace OHOS
class PermissionRemindInnerTest : public testing::Test {
public:
static void SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
void PermissionRemindInnerTest::SetUpTestCase()
{
cout << "SetUpTestCase()" << endl;
}
void PermissionRemindInnerTest::TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void PermissionRemindInnerTest::SetUp()
{
cout << "SetUp() is running" << endl;
}
void PermissionRemindInnerTest::TearDown()
{
cout << "TearDown()" << endl;
}
int PermissionRemindInnerTest::CheckProxy()
{
OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
return -1;
}
static void TearDownTestCase()
{
cout << "TearDownTestCase()" << endl;
}
void SetUp()
{
cout << "SetUp() is running" << endl;
}
void TearDown()
{
cout << "TearDown()" << endl;
}
int CheckProxy()
{
OHOS::sptr<OHOS::ISystemAbilityManager> systemAbilityManager =
OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
return -1;
}
OHOS::sptr<OHOS::IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(
IDistributedPermission::SA_ID_DISTRIBUTED_PERMISSION_MANAGER_SERVICE);
if (!remoteObject) {
@ -80,32 +61,22 @@ public:
return -1;
}
OHOS::sptr<OHOS::IRemoteObject::DeathRecipient> recipientTest;
recipientTest = new DistributedPermissionDeathRecipient();
if (!recipientTest) {
return -1;
}
return 0;
std::unique_ptr<OHOS::IRemoteObject::DeathRecipient> recipientTest;
recipientTest = std::make_unique<DistributedPermissionDeathRecipient>();
if (!recipientTest) {
return -1;
}
};
class TestCallback : public OnUsingPermissionReminderStub {
public:
TestCallback() = default;
virtual ~TestCallback() = default;
std::string permName = "ohos.permission.CAMERA";
void StartUsingPermission(const PermissionReminderInfo &permReminderInfo)
{
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
}
void StopUsingPermission(const PermissionReminderInfo &permReminderInfo)
{
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
}
};
return 0;
}
void PermissionRemindInnerTest::TestCallback::StartUsingPermission(const PermissionReminderInfo &permReminderInfo)
{
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
}
void PermissionRemindInnerTest::TestCallback::StopUsingPermission(const PermissionReminderInfo &permReminderInfo)
{
EXPECT_EQ(permName, OHOS::Str16ToStr8(permReminderInfo.permName));
}
HWTEST_F(PermissionRemindInnerTest, Test01, Function | MediumTest | Level1)
{
OHOS::sptr<TestCallback> callback(new TestCallback());

48
interfaces/innerkits/permission_standard/distributedpermission/test/unittest/permission_remind_inner_test/permission_remind_inner_test.h Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PERMISSION_REMIND_INNER_TEST_H
#define PERMISSION_REMIND_INNER_TEST_H
#include <thread>
#include <functional>
#include <iostream>
#include "gtest/gtest.h"
#include "distributed_permission_kit.h"
#include "distributed_permission_manager_client.h"
#include "distributed_permission_death_recipient.h"
#include "iservice_registry.h"
#include "ipc_skeleton.h"
#include "on_using_permission_reminder_stub.h"
#include "permission_log.h"
#include "system_ability_definition.h"
class PermissionRemindInnerTest : public testing::Test {
public:
static void SetUpTestCase();
static void TearDownTestCase();
void SetUp();
void TearDown();
int CheckProxy();
class TestCallback : public OHOS::Security::Permission::OnUsingPermissionReminderStub {
public:
TestCallback() = default;
virtual ~TestCallback() = default;
std::string permName = "ohos.permission.CAMERA";
void StartUsingPermission(const OHOS::Security::Permission::PermissionReminderInfo &permReminderInfo);
void StopUsingPermission(const OHOS::Security::Permission::PermissionReminderInfo &permReminderInfo);
};
};
#endif // PERMISSION_REMIND_INNER_TEST_H

14
interfaces/kits/permission_standard/BUILD.gn
View File

@ -1,14 +0,0 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")

18
interfaces/kits/permission_standard/napi/BUILD.gn
View File

@ -1,18 +0,0 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//build/ohos.gni")
group("napi_packages") {
deps = [ "//base/security/permission/interfaces/kits/permission_standard/napi/permission_record_mgr:record" ]
}

76
interfaces/kits/permission_standard/record/BUILD.gn Normal file
View File

@ -0,0 +1,76 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//base/security/permission/permission.gni")
import("//build/ohos.gni")
group("napi_packages") {
deps = [ "//base/security/permission/interfaces/kits/permission_standard/record:record" ]
}
ohos_shared_library("record") {
include_dirs = [
"//base/security/permission/frameworks/permission_standard/permissioninfrastructure",
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler/include",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy/include",
"${distributed_permission_frameworks_log_path}/main/cpp/include",
"//foundation/ace/napi/interfaces/kits",
"//third_party/json/single_include",
"//third_party/node/src",
"//utils/system/safwk/native/include",
"//foundation/communication/dsoftbus/interfaces/kits/transport",
"//foundation/communication/dsoftbus/interfaces/kits/common",
"//foundation/communication/dsoftbus/interfaces/kits/bus_center",
"//third_party/json/include",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr",
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
"${distributed_permission_kits_path}/record/main/napi",
]
sources = [
"${distributed_permission_kits_path}/record/main/napi/native_module.cpp",
"${distributed_permission_kits_path}/record/main/napi/permission_record_mgr.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/time_util.cpp",
]
deps = [
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
"${distributed_permission_innerkits_sdk_path}:libpermissionsdk_standard",
"${distributed_permission_services_path}:distributed_permission_services",
"${permission_path}/frameworks/permission_standard/permissioncommunicationadapter:permission_standard_communication_adapter_cxx",
"//base/notification/ans_standard/frameworks/ans/core:ans_core",
"//base/notification/ans_standard/frameworks/wantagent:wantagent_innerkits",
"//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
"//foundation/aafwk/standard/interfaces/innerkits/base:base",
"//foundation/ace/napi:ace_napi",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core",
"//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler",
"//foundation/distributedschedule/safwk/interfaces/innerkits/safwk:system_ability_fwk",
"//foundation/distributedschedule/samgr/interfaces/innerkits/samgr_proxy:samgr_proxy",
"//utils/native/base:utils",
]
cflags_cc = [ "-DHILOG_ENABLE" ]
external_deps = [
"aafwk_standard:want",
"hiviewdfx_hilog_native:libhilog",
"ipc:ipc_core",
]
relative_install_dir = "module"
subsystem_name = "security"
part_name = "permission_standard"
}

19
interfaces/kits/permission_standard/napi/permission_record_mgr/BUILD.gn → interfaces/kits/permission_standard/record/main/napi/BUILD.gn
View File

@ -14,6 +14,10 @@
import("//base/security/permission/permission.gni")
import("//build/ohos.gni")
group("napi_packages") {
deps = [ "//base/security/permission/interfaces/kits/permission_standard/record/main/napi:record" ]
}
ohos_shared_library("record") {
include_dirs = [
"//base/security/permission/frameworks/permission_standard/permissioninfrastructure",
@ -24,35 +28,24 @@ ohos_shared_library("record") {
"//third_party/json/single_include",
"//third_party/node/src",
"//utils/system/safwk/native/include",
"${distributed_permission_services_path}/main/cpp/include/record",
"${distributed_permission_services_path}/main/cpp/include/common",
"${distributed_permission_services_path}/main/cpp/include/device",
"${distributed_permission_services_path}/main/cpp/include/remote",
"${distributed_permission_services_path}/main/cpp/include/command",
"${distributed_permission_services_path}/main/cpp/include/protocol",
"${distributed_permission_innerkits_distributed_path}/main/cpp/include",
"//foundation/communication/dsoftbus/interfaces/kits/transport",
"//foundation/communication/dsoftbus/interfaces/kits/common",
"//foundation/communication/dsoftbus/interfaces/kits/bus_center",
"//third_party/json/include",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base/include",
"//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core/include/bundlemgr",
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include",
"//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include/permission",
"//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include",
"//base/security/permission/interfaces/kits/permission_standard/napi/permission_record_mgr",
"./",
"${distributed_permission_kits_path}/record/main/napi",
]
sources = [
"${distributed_permission_services_path}/main/cpp/src/common/external_deps.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/time_util.cpp",
"native_module.cpp",
"permission_record_mgr.cpp",
]
deps = [
"${distributed_permission_database_path}:permission_standard_infrastructure_database",
"${distributed_permission_frameworks_log_path}:permission_standard_infrastructure_cxx",
"${distributed_permission_innerkits_distributed_path}:distributed_permission_innerkits",
"${distributed_permission_innerkits_sdk_path}:libpermissionsdk_standard",

1
interfaces/kits/permission_standard/napi/permission_record_mgr/native_module.cpp → interfaces/kits/permission_standard/record/main/napi/native_module.cpp
View File

@ -39,7 +39,6 @@ static napi_value Init(napi_env env, napi_value exports)
};
NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc));
// HILOG_INFO("-----Init end------");
return exports;
}
EXTERN_C_END

1
interfaces/kits/permission_standard/napi/permission_record_mgr/native_module.h → interfaces/kits/permission_standard/record/main/napi/native_module.h
View File

@ -18,6 +18,7 @@
#include <cstdio>
#include <cstring>
#include <unistd.h>
#include "napi/native_api.h"
#include "napi/native_node_api.h"
#include "permission_record_mgr.h"

11
interfaces/kits/permission_standard/napi/permission_record_mgr/permission_record_mgr.cpp → interfaces/kits/permission_standard/record/main/napi/permission_record_mgr.cpp
View File

@ -20,6 +20,7 @@
#include "system_ability_definition.h"
#include "singleton.h"
#include "time_util.h"
#include "bms_adapter.h"
namespace OHOS {
namespace Security {
@ -388,9 +389,9 @@ static void ProcessQueryResult(napi_env env, napi_value result, const int32_t fl
{
PERMISSION_LOG_INFO(
LABEL, "--------------------local deviceId is -----%{public}s", Constant::EncryptDevId(deviceId).c_str());
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
sptr<AppExecFwk::IBundleMgr> iBundleMgr;
iBundleMgr = externalDeps->GetBundleManager(iBundleMgr);
iBundleMgr = bmsAdapter->GetBundleManager();
if (!iBundleMgr) {
PERMISSION_LOG_ERROR(LABEL, "can not get iBundleMgr");
}
@ -448,11 +449,10 @@ napi_value GetPermissionRecord(napi_env env, napi_callback_info info)
napi_value thisArg;
void *data = nullptr;
NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, &thisArg, &data));
// PERMISSION_LOG_INFO(LABEL, "ARGCSIZE is =%{public}d.", argc);
QueryPermissionUsedRequest request;
ParseQuery(env, request, argv[0]);
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo{
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo {
.env = env, .asyncWork = nullptr, .deferred = nullptr, .flag = request.flag, .request = request};
PERMISSION_LOG_INFO(LABEL, "GetPermissionRecord promise.");
@ -501,11 +501,10 @@ napi_value GetPermissionRecordAsync(napi_env env, napi_callback_info info)
napi_value thisArg;
void *data = nullptr;
NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, &thisArg, &data));
// PERMISSION_LOG_INFO(LABEL, "ARGCSIZE is =%{public}d.", argc);
QueryPermissionUsedRequest request;
ParseQuery(env, request, argv[0]);
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo{
AsyncRecordsCallbackInfo *asyncCallbackInfo = new AsyncRecordsCallbackInfo {
.env = env, .asyncWork = nullptr, .deferred = nullptr, .flag = request.flag, .request = request};
PERMISSION_LOG_INFO(LABEL, "GetPermissionRecord asyncCallback.");

1
interfaces/kits/permission_standard/napi/permission_record_mgr/permission_record_mgr.h → interfaces/kits/permission_standard/record/main/napi/permission_record_mgr.h
View File

@ -21,7 +21,6 @@
#include "constant.h"
#include "device_info_manager.h"
#include "distributed_permission_kit.h"
#include "external_deps.h"
#include "ipc_skeleton.h"
#include "napi/native_common.h"
#include "napi/native_node_api.h"

2
ohos.build
View File

@ -20,7 +20,7 @@
}
],
"module_list": [
"//base/security/permission/interfaces/kits/permission_standard/napi:napi_packages",
"//base/security/permission/interfaces/kits/permission_standard/record/main/napi:napi_packages",
"//base/security/permission:permission_build_module_standard",
"//base/security/permission:distributed_permission"
],

7
permission.gni
View File

@ -13,12 +13,13 @@
permission_path = "//base/security/permission"
distributed_permission_record_database_path =
"${permission_path}/frameworks/permission_standard/permissionrecorddatabase"
distributed_permission_database_path =
"${permission_path}/frameworks/permission_standard/permissiondatabase"
distributed_permission_frameworks_log_path =
"${permission_path}/frameworks/permission_standard/permissioninfrastructure"
distributed_permission_innerkits_distributed_path = "${permission_path}/interfaces/innerkits/permission_standard/distributedpermission"
distributed_permission_kits_path = "${permission_path}/interfaces/kits/permission_standard/distributedpermission"
distributed_permission_kits_path =
"${permission_path}/interfaces/kits/permission_standard"
distributed_permission_services_path = "${permission_path}/services/permission_standard/distributedpermissionmanagerservice"
distributed_permission_standard_path =
"${permission_path}/services/permission_standard"

30
services/permission_standard/distributedpermissionmanagerservice/BUILD.gn
View File

@ -17,7 +17,10 @@ import("//build/ohos.gni")
config("distributed_permission_services_config") {
visibility = [ ":*" ]
include_dirs = []
include_dirs = [
"${distributed_permission_services_path}/main/cpp/src/record",
"${distributed_permission_services_path}/main/cpp/include/record",
]
cflags = []
if (target_cpu == "arm") {
@ -44,13 +47,12 @@ config("distributed_permission_services_public_config") {
"//third_party/node/src",
"//utils/native/base/include",
"//utils/system/safwk/native/include",
"${distributed_permission_record_database_path}/main/cpp/include",
"${distributed_permission_services_path}/main/cpp/include/command",
"${distributed_permission_services_path}/main/cpp/include/common",
"${distributed_permission_services_path}/main/cpp/include/device",
"${distributed_permission_services_path}/main/cpp/src/device",
"${distributed_permission_services_path}/main/cpp/include/distributed",
"${distributed_permission_services_path}/main/cpp/include/protocol",
"${distributed_permission_services_path}/main/cpp/include/record",
"${distributed_permission_services_path}/main/cpp/include/remind",
"${distributed_permission_innerkits_sdk_path}/main/cpp/include/permission_using_remind",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind",
@ -85,16 +87,15 @@ ohos_prebuilt_etc("distributedpermission_service.rc") {
ohos_shared_library("distributed_permission_services") {
sources = [
"${distributed_permission_database_path}/main/cpp/src/data_storage.cpp",
"${distributed_permission_database_path}/main/cpp/src/generic_values.cpp",
"${distributed_permission_database_path}/main/cpp/src/sqlite_helper.cpp",
"${distributed_permission_database_path}/main/cpp/src/sqlite_storage.cpp",
"${distributed_permission_database_path}/main/cpp/src/statement.cpp",
"${distributed_permission_database_path}/main/cpp/src/variant_value.cpp",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_proxy.cpp",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/on_using_permission_reminder_stub.cpp",
"${distributed_permission_innerkits_sdk_path}/main/cpp/src/permission_using_remind/permission_reminder_info.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/data_storage.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/data_translator.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/generic_values.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_helper.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/sqlite_storage.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/statement.cpp",
"${distributed_permission_record_database_path}/main/cpp/src/variant_value.cpp",
"${distributed_permission_services_path}/main/cpp/src/command/base_remote_command.cpp",
"${distributed_permission_services_path}/main/cpp/src/command/delete_uid_permission_command.cpp",
"${distributed_permission_services_path}/main/cpp/src/command/get_uid_permission_command.cpp",
@ -102,18 +103,15 @@ ohos_shared_library("distributed_permission_services") {
"${distributed_permission_services_path}/main/cpp/src/command/request_remote_permission_command.cpp",
"${distributed_permission_services_path}/main/cpp/src/command/sync_uid_permission_command.cpp",
"${distributed_permission_services_path}/main/cpp/src/command/sync_uid_state_command.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/base64_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/constant.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/external_deps.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/time_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/common/zip_util.cpp",
"${distributed_permission_services_path}/main/cpp/src/device/device_info_manager.cpp",
"${distributed_permission_services_path}/main/cpp/src/device/device_info_repository.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/app_info_fetcher.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/distributed_data_validator.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/distributed_uid_allocator.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/monitor_manager.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_json.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_json_object.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_permission_manager.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/object_device_permission_repository.cpp",
"${distributed_permission_services_path}/main/cpp/src/distributed/on_request_permissions_result_proxy.cpp",
@ -133,12 +131,15 @@ ohos_shared_library("distributed_permission_services") {
"${distributed_permission_services_path}/main/cpp/src/record/on_permission_used_record_proxy.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/on_permission_used_record_stub.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_record_dao.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_record_manager.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_record_repository.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_used_record.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/permission_visitor.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_request.cpp",
"${distributed_permission_services_path}/main/cpp/src/record/query_permission_used_result.cpp",
"${distributed_permission_services_path}/main/cpp/src/remind/remind_info.cpp",
"${distributed_permission_services_path}/main/cpp/src/remind/sensitive_permission_reminder.cpp",
"${distributed_permission_services_path}/main/cpp/src/remote/remote_command_executor.cpp",
"${distributed_permission_services_path}/main/cpp/src/remote/remote_command_factory.cpp",
"${distributed_permission_services_path}/main/cpp/src/remote/remote_command_manager.cpp",
@ -154,6 +155,7 @@ ohos_shared_library("distributed_permission_services") {
"${distributed_permission_services_path}/main/cpp/src/sensitive/sensitive_resource_switch_setting.cpp",
"${distributed_permission_services_path}/main/cpp/src/service/distributed_permission_event_handler.cpp",
"${distributed_permission_services_path}/main/cpp/src/service/distributed_permission_manager_service.cpp",
"${distributed_permission_services_path}/main/cpp/src/service/distributed_permission_stub.cpp",
]
configs = [ ":distributed_permission_services_config" ]

8
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/common/zip_util.h
View File

@ -21,6 +21,8 @@
#include <string>
#include <zlib.h>
#include "base64_util.h"
namespace OHOS {
namespace Security {
namespace Permission {
@ -31,6 +33,12 @@ public:
static bool ZipUnCompress(
const unsigned char *input, const unsigned long tlen, std::string &output, unsigned long len);
static bool CompressCode(
const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output);
static bool UnCompressDeCode(
const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output);
};
} // namespace Permission
} // namespace Security

92
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/device/device_info.h
View File

@ -1,46 +1,46 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_INFO_H
#define DEVICE_INFO_H
#include <string>
namespace OHOS {
namespace Security {
namespace Permission {
enum DeviceIdType {
NETWORK_ID,
UNIVERSALLY_UNIQUE_ID,
UNIQUE_DISABILITY_ID,
UNKNOWN,
};
struct DeviceId {
std::string networkId;
std::string universallyUniqueId;
std::string uniqueDisabilityId;
};
struct DeviceInfo {
DeviceId deviceId;
std::string deviceName;
std::string deviceType;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DEVICE_INFO_H
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_INFO_H
#define DEVICE_INFO_H
#include <string>
namespace OHOS {
namespace Security {
namespace Permission {
enum DeviceIdType {
NETWORK_ID,
UNIVERSALLY_UNIQUE_ID,
UNIQUE_DISABILITY_ID,
UNKNOWN,
};
struct DeviceId {
std::string networkId;
std::string universallyUniqueId;
std::string uniqueDisabilityId;
};
struct DeviceInfo {
DeviceId deviceId;
std::string deviceName;
std::string deviceType;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DEVICE_INFO_H

207
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/device/device_info_manager.h
View File

@ -1,103 +1,104 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_INFO_MANAGER_H
#define DEVICE_INFO_MANAGER_H
#include <string>
#include "device_info_repository.h"
#include "distributed_data_validator.h"
#include "permission_log.h"
#include "parameter.h"
#include "ipc_skeleton.h"
#include "soft_bus_manager.h"
namespace OHOS {
namespace Security {
namespace Permission {
class DeviceInfoManager {
public:
static DeviceInfoManager &GetInstance();
/**
* Get device info by device id.
*
* @param nodeId Device id.
* @param deviceIdType Device id type {@link DeviceIdType}
* @return Optional deviceInfo
*/
bool GetDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType, DeviceInfo &deviceInfo) const;
/**
* Check device info exist. Online and local device info will be here.
*
* @param nodeId Device id.
* @param deviceIdType Device id type {@link DeviceIdType}
* @return True for exist, false otherwise.
*/
bool ExistDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType) const;
/**
* Add device info with device ids and device properties.
*
* @param networkId Device networkId.
* @param universallyUniqueId Device uuid.
* @param uniqueDisabilityId Device udid.
* @param deviceName Device name.
* @param deviceType Device type.
*/
void AddDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
/**
* Remote all device info.
*/
void RemoveAllRemoteDeviceInfo();
/**
* Remove one device info.
*
* @param nodeId Device id.
*/
void RemoveRemoteDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType);
/**
* Convert nodeId to deviceId(UUID) if possible.
*
* @param nodeId which is considered as indefinite id, maybe deviceId(UUID) or networkId.
* @return The deviceId if local or device online, otherwise return empty string.
*/
std::string ConvertToUniversallyUniqueIdOrFetch(const std::string &nodeId) const;
/**
* Convert nodeId to deviceId(UDID) if possible.
*
* @param nodeId which is considered as indefinite id, maybe deviceId(UDID) or networkId.
* @return The deviceId if local or device online, otherwise return empty string.
*/
std::string ConvertToUniqueDisabilityIdOrFetch(const std::string &nodeId) const;
/**
* Check nodeId is uuid or not.
*
* @param nodeId Node id.
* @return True if node id is uuid. False otherwise.
*/
bool IsDeviceUniversallyUniqueId(const std::string &nodeId) const;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_BASE_SERVICE_H
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_INFO_MANAGER_H
#define DEVICE_INFO_MANAGER_H
#include <string>
#include "device_info_repository.h"
#include "distributed_data_validator.h"
#include "permission_log.h"
#include "parameter.h"
#include "ipc_skeleton.h"
#include "soft_bus_manager.h"
namespace OHOS {
namespace Security {
namespace Permission {
class DeviceInfoManager {
public:
static DeviceInfoManager &GetInstance();
/**
* Get device info by device id.
*
* @param nodeId Device id.
* @param deviceIdType Device id type {@link DeviceIdType}
* @return Optional deviceInfo
*/
bool GetDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType, DeviceInfo &deviceInfo) const;
/**
* Check device info exist. Online and local device info will be here.
*
* @param nodeId Device id.
* @param deviceIdType Device id type {@link DeviceIdType}
* @return True for exist, false otherwise.
*/
bool ExistDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType) const;
/**
* Add device info with device ids and device properties.
*
* @param networkId Device networkId.
* @param universallyUniqueId Device uuid.
* @param uniqueDisabilityId Device udid.
* @param deviceName Device name.
* @param deviceType Device type.
*/
void AddDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
/**
* Remote all device info.
*/
void RemoveAllRemoteDeviceInfo();
/**
* Remove one device info.
*
* @param nodeId Device id.
*/
void RemoveRemoteDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType);
/**
* Convert nodeId to deviceId(UUID) if possible.
*
* @param nodeId which is considered as indefinite id, maybe deviceId(UUID) or networkId.
* @return The deviceId if local or device online, otherwise return empty string.
*/
std::string ConvertToUniversallyUniqueIdOrFetch(const std::string &nodeId) const;
/**
* Convert nodeId to deviceId(UDID) if possible.
*
* @param nodeId which is considered as indefinite id, maybe deviceId(UDID) or networkId.
* @return The deviceId if local or device online, otherwise return empty string.
*/
std::string ConvertToUniqueDisabilityIdOrFetch(const std::string &nodeId) const;
/**
* Check nodeId is uuid or not.
*
* @param nodeId Node id.
* @return True if node id is uuid. False otherwise.
*/
bool IsDeviceUniversallyUniqueId(const std::string &nodeId) const;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DEVICE_INFO_MANAGER_H

2
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/app_info_fetcher.h
View File

@ -23,7 +23,6 @@
namespace OHOS {
namespace Security {
namespace Permission {
enum class AppAttribute {
// Attribute indicates the application is installed in the device's system image.
APP_ATTRIBUTE_PRESET = 1 << 0,
@ -46,7 +45,6 @@ public:
private:
std::map<int32_t, int32_t> attributeBuffer_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS

8
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/distributed_uid_allocator.h
View File

@ -97,7 +97,7 @@ private:
std::recursive_mutex stackLock_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_BASE_SERVICE_H
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DISTRIBUTED_UID_ALLOCATOR_H

3
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/monitor_manager.h
View File

@ -27,9 +27,7 @@
namespace OHOS {
namespace Security {
namespace Permission {
class MonitorManager {
public:
using OnPermissionChangedCallback = std::function<void(int uid, const std::string &packageName)>;
using OnDeviceOnlineCallback = std::function<void(const std::string &deviceId, const std::string &deviceNetworkId)>;
@ -115,7 +113,6 @@ private:
// mutex for device listener maps
std::mutex deviceMutex_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS

8
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/object_device_json.h → services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/object_device_json_object.h
View File

@ -13,13 +13,13 @@
* limitations under the License.
*/
#ifndef PERMISSION_OBJECT_DEVICE_JSON_H
#define PERMISSION_OBJECT_DEVICE_JSON_H
#ifndef PERMISSION_OBJECT_DEVICE_JSON_OBJECT_H
#define PERMISSION_OBJECT_DEVICE_JSON_OBJECT_H
#include <string>
namespace OHOS {
namespace Security {
namespace Permission {
struct ObjectDeviceJson {
struct ObjectDeviceJsonObject {
std::string deviceId_;
std::string uid_;
std::string grantedPermission_;
@ -29,4 +29,4 @@ struct ObjectDeviceJson {
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // FOUNDATION_REQ_PERMISSION_DETAIL_H
#endif // PERMISSION_OBJECT_DEVICE_JSON_OBJECT_H

395
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/object_device_permission_manager.h
View File

@ -1,200 +1,197 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OBJECT_DEVICE_PERMISSON_MANAGER_H
#define OBJECT_DEVICE_PERMISSON_MANAGER_H
#include <string>
#include <set>
#include <mutex>
#include <atomic>
#include <condition_variable>
#include "permission_log.h"
#include "distributed_data_validator.h"
#include "object_device_permission_repository.h"
#include "monitor_manager.h"
#include "data_validator.h"
#include "constant.h"
#include "external_deps.h"
#include "device_info_manager.h"
#include "device_info.h"
#include "permission_bms_manager.h"
#include "user_handle_manager.h"
#include "permission_log.h"
#include "base_remote_command.h"
#include "sync_uid_permission_command.h"
#include "remote_command_manager.h"
#include "delete_uid_permission_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
/**
* Object device permission manager.<br/>
* This class manage the subscription information between which device copied local uid's permission.
*/
class ObjectDevicePermissionManager {
public:
virtual ~ObjectDevicePermissionManager();
/**
* Get singleton instance.
*
* @return This singleton instance.
*/
static ObjectDevicePermissionManager &GetInstance();
/**
* If not successfully recovered, recover from file.
*/
void Init();
// clear object device's caches
void Clear();
/**
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
* for all deviceIds that has a relationship with given uid.
*
* @param uid The operation uid in local device.
* @return SUCCESS: 0; FAILURE: -1.
*/
int32_t NotifyPermissionChanged(const int32_t uid);
/**
* Operation function. Add a new uid to deviceId relationship, store in the repository.
* <p>
* Check input parameter first. If:
* <ol>
* <li>DeviceId or uid is invalid, will return <b>FAILURE</b>, and do not add.
* <li>Uid is the special ruid, which is defined by DuidTranslator are 0 or 1000, will return <b>SUCCESS</b>, and do
* not add.
* </ol>
* The survivor will be saved to repository.
*
* @param deviceId The operation device id, unique, for remote device.
* @param uid The operation uid, in local device.
* @return SUCCESS: 0; FAILURE: -1
*/
int32_t AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid);
/**
* Notify current device sync {@code uid}'s permissions to object device while distributed business is scheduling.
*
* @param deviceId The object device's deviceId, for remote device.
* @param uid The application uid in local device.
* @param packageName The package name.
* @return Result code indicates sync permission successfully, SUCCESS: 0, FAILURE: -1, INVALID_DEVICE_ID: -3.
*/
int32_t NotifySyncPermission(std::string &deviceId, int32_t uid, std::string &packageName);
/**
* verify device whether has been granted permission with the given name to access the remote device.
*
* @param permission permission name.
* @param deviceId Remote device id, not null.
* @param pid The Caller Pid
* @param uid The Caller Uid
* @return 0 Granted, -1 Denied.
*/
int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
/**
* Reset the sensitive permission that have been granted by object device
*
* @param deviceId Remote device id.
* @param uid local uid.
* @param permissions the sensitive permission that have been granted by object device
*/
void ResetGrantSensitivePermission(std::string &deviceId, int32_t uid, std::set<std::string> &permissions);
/**
* Delete all uid relationship with this deviceId.
*
* @param deviceId The operation deviceId, unique, for remote device.
*/
void RemoveObject(const std::string &deviceId);
/**
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
* deviceIds that has a relationship with given uid which has a relationship with given userId, remove them from
* repository anyway.
*
* @param userId The operation userId in local device.
* @return SUCCESS: 0; FAILURE: -1
*/
int32_t RemoveNotifyPermissionMonitorUserId(const int32_t userId);
private:
std::mutex mutex_;
std::atomic<bool> recovered_;
std::atomic<bool> registered_;
std::recursive_mutex remove_notify_permission_monitor_user_id_locl_;
sptr<Permission::IPermissionManager> iPermissionManager_;
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
/**
* Rom may forward a special uid which is -1, we will ignore this.
*/
static const int32_t SPECIAL_INVALID_UID = -1;
/**
* Max timeout limit when notify permission changed.
*/
static const int32_t MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT = 1000;
static const int32_t NOTIFY_PERMISSION_CHANGED_TIMEOUT = 200;
private:
ObjectDevicePermissionManager();
int32_t ProcessDeviceCommandImmediately(const int32_t uid, const std::set<std::string> &devicesToSync);
/**
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
* deviceIds that has a relationship with given uid, remove them from repository anyway.
*
* @param uid The operation uid in local device.
* @return SUCCESS: 0; FAILURE: -1
*/
int32_t RemoveNotifyPermissionMonitorUid(const int32_t uid);
int32_t VerifyPermissionFromRemoteInner(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
bool IsValidVerificationParams(const std::string &permission, const std::string &deviceId, const int32_t uid);
};
class CountDownLatch {
public:
CountDownLatch(uint32_t count) : count_(count)
{}
virtual ~CountDownLatch() = default;
uint32_t GetCount()
{
std::lock_guard<std::mutex> guard(mutex_);
return count_;
}
void CountDown() noexcept
{
std::lock_guard<std::mutex> guard(mutex_);
if (count_ == 0) {
return;
}
--count_;
if (count_ == 0) {
cv_.notify_all();
}
}
void Await(long time) noexcept
{
std::unique_lock<std::mutex> lock(mutex_);
cv_.wait_for(lock, std::chrono::milliseconds(time), [this] { return count_ == 0; });
}
private:
std::mutex mutex_;
std::condition_variable cv_;
uint32_t count_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OBJECT_DEVICE_PERMISSON_MANAGER_H
#define OBJECT_DEVICE_PERMISSON_MANAGER_H
#include <string>
#include <set>
#include <mutex>
#include <atomic>
#include <condition_variable>
#include "permission_log.h"
#include "distributed_data_validator.h"
#include "object_device_permission_repository.h"
#include "monitor_manager.h"
#include "data_validator.h"
#include "constant.h"
#include "device_info_manager.h"
#include "device_info.h"
#include "permission_bms_manager.h"
#include "user_handle_manager.h"
#include "permission_log.h"
#include "base_remote_command.h"
#include "sync_uid_permission_command.h"
#include "remote_command_manager.h"
#include "delete_uid_permission_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
/**
* Object device permission manager.<br/>
* This class manage the subscription information between which device copied local uid's permission.
*/
class ObjectDevicePermissionManager {
public:
virtual ~ObjectDevicePermissionManager();
/**
* Get singleton instance.
*
* @return This singleton instance.
*/
static ObjectDevicePermissionManager &GetInstance();
/**
* If not successfully recovered, recover from file.
*/
void Init();
// clear object device's caches
void Clear();
/**
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
* for all deviceIds that has a relationship with given uid.
*
* @param uid The operation uid in local device.
* @return SUCCESS: 0; FAILURE: -1.
*/
int32_t NotifyPermissionChanged(const int32_t uid);
/**
* Operation function. Add a new uid to deviceId relationship, store in the repository.
* <ol>
* <li>DeviceId or uid is invalid, will return <b>FAILURE</b>, and do not add.
* <li>Uid is the special ruid, which is defined by DuidTranslator are 0 or 1000, will return <b>SUCCESS</b>, and do
* not add.
* </ol>
* The survivor will be saved to repository.
*
* @param deviceId The operation device id, unique, for remote device.
* @param uid The operation uid, in local device.
* @return SUCCESS: 0; FAILURE: -1
*/
int32_t AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid);
/**
* Notify current device sync {@code uid}'s permissions to object device while distributed business is scheduling.
*
* @param deviceId The object device's deviceId, for remote device.
* @param uid The application uid in local device.
* @param packageName The package name.
* @return Result code indicates sync permission successfully, SUCCESS: 0, FAILURE: -1, INVALID_DEVICE_ID: -3.
*/
int32_t NotifySyncPermission(std::string &deviceId, int32_t uid, std::string &packageName);
/**
* verify device whether has been granted permission with the given name to access the remote device.
*
* @param permission permission name.
* @param deviceId Remote device id, not null.
* @param pid The Caller Pid
* @param uid The Caller Uid
* @return 0 Granted, -1 Denied.
*/
int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
/**
* Reset the sensitive permission that have been granted by object device
*
* @param deviceId Remote device id.
* @param uid local uid.
* @param permissions the sensitive permission that have been granted by object device
*/
void ResetGrantSensitivePermission(std::string &deviceId, int32_t uid, std::set<std::string> &permissions);
/**
* Delete all uid relationship with this deviceId.
*
* @param deviceId The operation deviceId, unique, for remote device.
*/
void RemoveObject(const std::string &deviceId);
/**
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
* deviceIds that has a relationship with given uid which has a relationship with given userId, remove them from
* repository anyway.
*
* @param userId The operation userId in local device.
* @return SUCCESS: 0; FAILURE: -1
*/
int32_t RemoveNotifyPermissionMonitorUserId(const int32_t userId);
private:
std::mutex mutex_;
std::atomic<bool> recovered_;
std::atomic<bool> registered_;
std::recursive_mutex remove_notify_permission_monitor_user_id_locl_;
sptr<Permission::IPermissionManager> iPermissionManager_;
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
/**
* Rom may forward a special uid which is -1, we will ignore this.
*/
static const int32_t SPECIAL_INVALID_UID = -1;
/**
* Max timeout limit when notify permission changed.
*/
static const int32_t MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT = 1000;
static const int32_t NOTIFY_PERMISSION_CHANGED_TIMEOUT = 200;
private:
ObjectDevicePermissionManager();
int32_t ProcessDeviceCommandImmediately(const int32_t uid, const std::set<std::string> &devicesToSync) const;
/**
* Operation function. Ask RemoteExecutorManager to asynchronous execute DeleteUidPermissionCommand for all
* deviceIds that has a relationship with given uid, remove them from repository anyway.
*
* @param uid The operation uid in local device.
* @return SUCCESS: 0; FAILURE: -1
*/
int32_t RemoveNotifyPermissionMonitorUid(const int32_t uid);
int32_t VerifyPermissionFromRemoteInner(const std::string &permission, const std::string &deviceId,
const int32_t pid, const int32_t uid);
bool IsValidVerificationParams(const std::string &permission, const std::string &deviceId, const int32_t uid) const;
};
class CountDownLatch {
public:
CountDownLatch(uint32_t count) : count_(count)
{}
virtual ~CountDownLatch() = default;
uint32_t GetCount()
{
std::lock_guard<std::mutex> guard(mutex_);
return count_;
}
void CountDown() noexcept
{
std::lock_guard<std::mutex> guard(mutex_);
if (count_ == 0) {
return;
}
--count_;
if (count_ == 0) {
cv_.notify_all();
}
}
void Await(long time) noexcept
{
std::unique_lock<std::mutex> lock(mutex_);
cv_.wait_for(lock, std::chrono::milliseconds(time), [this] { return count_ == 0; });
}
private:
std::mutex mutex_;
std::condition_variable cv_;
uint32_t count_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // OBJECT_DEVICE_PERMISSON_MANAGER_H

290
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/object_device_permission_repository.h
View File

@ -1,146 +1,146 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OBJECT_DEVICE_PERMISSION_REPOSITORY
#define OBJECT_DEVICE_PERMISSION_REPOSITORY
#include <string>
#include <memory>
#include <map>
#include <set>
#include <iostream>
#include <fstream>
#include <vector>
#include "nlohmann/json.hpp"
#include "constant.h"
#include "base_remote_command.h"
#include "object_device_json.h"
#include "permission_log.h"
#include "permission_log.h"
namespace OHOS {
namespace Security {
namespace Permission {
class ObjectUid {
public:
ObjectUid(int32_t uid) : uid_(uid)
{}
virtual ~ObjectUid() = default;
int32_t GetUid();
std::set<std::string> GetGrabtedPermission();
void ResetGrantSensitivePermission(std::set<std::string> permissions);
bool IsGrantPermission(std::string permission);
ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission);
private:
int32_t uid_;
std::set<std::string> grantedPermission_;
std::recursive_mutex object_uid_locl_;
}; // end of ObjectUid
class ObjectDevice {
public:
ObjectDevice(const std::string &deviceId) : deviceId_(deviceId)
{}
ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions);
virtual ~ObjectDevice() = default;
std::string GetDeviceId();
bool ContainUid(int32_t uid);
std::map<int32_t, std::shared_ptr<ObjectUid>> GetUidPermissions();
void AddObjectUid(int32_t uid);
void RemoveObjectUid(int32_t uid);
void ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions);
bool IsGrantPermission(int32_t uid, std::string permission);
private:
const std::string deviceId_;
std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions_;
std::recursive_mutex object_device_locl_;
}; // end of ObjectDevice
/**
* Repository level, store the relationship from deviceId to uid, and provide the operation function CRUD.
*
* @since 3
*/
class ObjectDevicePermissionRepository {
public:
virtual ~ObjectDevicePermissionRepository();
static ObjectDevicePermissionRepository &GetInstance();
/**
* Recover data from file.
*
* @return Recover result, Success: true; Fail: false.
*/
bool RecoverFromFile();
/**
* Persist and save data to file.
*/
void SaveToFile();
void PutDeviceIdUidPair(const std::string deviceId, const int32_t uid);
std::set<int32_t> ListAllUid();
std::set<std::string> ListDeviceId(const int32_t uid);
/**
* Operation function. Remove uid from all device to uid relationship. If none exist, then nothing happened.
*
* @param uid The operation uid.
*/
void RemoveUid(const int32_t uid);
/**
* Verify if one Uid have sensistive permission from deviceId
*
* @param permission the permission to check
* @param deviceId the deviceId who grant the permission to uid
* @param pid the pid of the caller
* @param uid the local uid
* @return 0: grant the permission, otherwise reject
*/
int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
std::shared_ptr<ObjectDevice> GetOrCreateObjectDevice(std::string &deviceId);
/**
* Operation function. Remove all uid for under this device id. If none exist, then nothing happened.
*
* @param deviceId The operation device id.
*/
void RemoveDeviceId(const std::string &deviceId);
/**
* Clear the map.
*/
void Clear();
protected:
private:
ObjectDevicePermissionRepository();
static ObjectDevicePermissionRepository instance_;
bool IsGrantPermission(int32_t uid, std::string permission);
std::vector<ObjectDeviceJson> GetDevicesJsonVector();
private:
std::map<std::string, std::shared_ptr<ObjectDevice>> objectDevices_;
std::recursive_mutex object_devices_locl_;
const std::string repository_file_path_ = "/data/distribute_permission_subscriber";
}; // end of ObjectDevicePermissionRepository
struct DevicesJsonVector {
std::vector<ObjectDeviceJson> devicesJson_;
};
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector);
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector);
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OBJECT_DEVICE_PERMISSION_REPOSITORY
#define OBJECT_DEVICE_PERMISSION_REPOSITORY
#include <string>
#include <memory>
#include <map>
#include <set>
#include <iostream>
#include <fstream>
#include <vector>
#include "nlohmann/json.hpp"
#include "constant.h"
#include "base_remote_command.h"
#include "object_device_json_object.h"
#include "permission_log.h"
#include "permission_log.h"
namespace OHOS {
namespace Security {
namespace Permission {
class ObjectUid {
public:
ObjectUid(int32_t uid) : uid_(uid)
{}
virtual ~ObjectUid() = default;
int32_t GetUid();
std::set<std::string> GetGrantedPermission() const;
void ResetGrantSensitivePermission(std::set<std::string> permissions);
bool IsGrantPermission(std::string permission) const;
ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission);
private:
int32_t uid_;
std::set<std::string> grantedPermission_;
std::recursive_mutex object_uid_locl_;
}; // end of ObjectUid
class ObjectDevice {
public:
ObjectDevice(const std::string &deviceId) : deviceId_(deviceId)
{}
ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions);
virtual ~ObjectDevice() = default;
std::string GetDeviceId() const;
bool ContainUid(int32_t uid) const;
std::map<int32_t, std::shared_ptr<ObjectUid>> GetUidPermissions();
void AddObjectUid(int32_t uid);
void RemoveObjectUid(int32_t uid);
void ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions);
bool IsGrantPermission(int32_t uid, std::string permission);
private:
const std::string deviceId_;
std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions_;
std::recursive_mutex object_device_locl_;
}; // end of ObjectDevice
/**
* Repository level, store the relationship from deviceId to uid, and provide the operation function CRUD.
*
* @since 3
*/
class ObjectDevicePermissionRepository {
public:
virtual ~ObjectDevicePermissionRepository();
static ObjectDevicePermissionRepository &GetInstance();
/**
* Recover data from file.
*
* @return Recover result, Success: true; Fail: false.
*/
bool RecoverFromFile();
/**
* Persist and save data to file.
*/
void SaveToFile();
void PutDeviceIdUidPair(const std::string deviceId, const int32_t uid);
std::set<int32_t> ListAllUid();
std::set<std::string> ListDeviceId(const int32_t uid);
/**
* Operation function. Remove uid from all device to uid relationship. If none exist, then nothing happened.
*
* @param uid The operation uid.
*/
void RemoveUid(const int32_t uid);
/**
* Verify if one Uid have sensistive permission from deviceId
*
* @param permission the permission to check
* @param deviceId the deviceId who grant the permission to uid
* @param pid the pid of the caller
* @param uid the local uid
* @return 0: grant the permission, otherwise reject
*/
int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
std::shared_ptr<ObjectDevice> GetOrCreateObjectDevice(std::string &deviceId);
/**
* Operation function. Remove all uid for under this device id. If none exist, then nothing happened.
*
* @param deviceId The operation device id.
*/
void RemoveDeviceId(const std::string &deviceId);
/**
* Clear the map.
*/
void Clear();
protected:
private:
ObjectDevicePermissionRepository();
static ObjectDevicePermissionRepository instance_;
bool IsGrantPermission(int32_t uid, std::string permission);
std::vector<ObjectDeviceJsonObject> GetDevicesJsonVector();
private:
std::map<std::string, std::shared_ptr<ObjectDevice>> objectDevices_;
std::recursive_mutex object_devices_locl_;
const std::string repository_file_path_ = "/data/distribute_permission_subscriber";
}; // end of ObjectDevicePermissionRepository
struct DevicesJsonVector {
std::vector<ObjectDeviceJsonObject> devicesJson_;
};
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector);
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector);
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // OBJECT_DEVICE_PERMISSON_MANAGER_H

1
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/permission_bms_manager.h
View File

@ -20,7 +20,6 @@
#include <memory>
#include <functional>
#include "refbase.h"
#include "external_deps.h"
#include "app_info_fetcher.h"
#include "permission_fetcher.h"

1
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/permission_change_receiver.h
View File

@ -17,7 +17,6 @@
#include "common_event.h"
#include "common_event_manager.h"
#include "external_deps.h"
#include "permission_fetcher.h"
#include "permission_record_manager.h"

95
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/permission_definition.h
View File

@ -1,47 +1,48 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PERMISSION_DEF
#define PERMISSION_DEF
#include <string>
#include <set>
#include "external_deps.h"
#include "nocopyable.h"
#include "permission.h"
#include "permission_def.h"
#include "permission_log.h"
#include "distributed_data_validator.h"
namespace OHOS {
namespace Security {
namespace Permission {
struct PermissionDefinition {
public:
static PermissionDefinition &GetInstance();
~PermissionDefinition();
bool IsRestrictedPermission(const std::string &permissionName);
private:
PermissionDefinition();
DISALLOW_COPY_AND_MOVE(PermissionDefinition);
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_DEF
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PERMISSION_DEFINITION
#define PERMISSION_DEFINITION
#include <string>
#include <set>
#include "pms_adapter.h"
#include "nocopyable.h"
#include "permission.h"
#include "permission_def.h"
#include "permission_log.h"
#include "distributed_data_validator.h"
namespace OHOS {
namespace Security {
namespace Permission {
struct PermissionDefinition {
public:
static PermissionDefinition &GetInstance();
~PermissionDefinition();
bool IsRestrictedPermission(const std::string &permissionName);
private:
sptr<Permission::IPermissionManager> iPermissionManager_;
PermissionDefinition();
DISALLOW_COPY_AND_MOVE(PermissionDefinition);
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_DEFINITION

8
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/permission_listener.h
View File

@ -25,7 +25,7 @@ class PermissionListener final {
public:
static void Init();
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_LISTENER_H
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_LISTENER_H

113
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/permission_re_granter.h
View File

@ -1,58 +1,57 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PERMISSION_RE_GRANTER_H
#define PERMISSION_RE_GRANTER_H
#include "base_remote_command.h"
#include "permission_log.h"
#include "external_deps.h"
#include "permission_fetcher.h"
#include "base_remote_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
class PermissionReGranter final {
public:
static void ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo);
static bool IsGranted(const PermissionDto& permission);
static bool IsRemoteGranted(const PermissionDto& permission);
static void SetStatusGranted(const bool isGranted, PermissionDto& permission);
static void SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission);
private:
static void GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo);
static bool VerifySignatruePermission(const PermissionDefParcel& permInfo, const UidBundleBo& uidBundlePermInfo);
private:
static const int FLAG_PERMISSION_DEFINED_BY_SYSTEM = 1 << 0;
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED = 1 << 0;
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED = 1 << 1;
static const int FLAG_PERMISSION_STATUS_REMOTE_GRANTED = 1 << 3;
enum TypeOfGrantMode {
USER_GRANT = 0,
SYSTEM_GRANT = 1,
};
enum TypeOfAvailableScope {
AVAILABLE_SCOPE_ALL = 1 << 0,
AVAILABLE_SCOPE_SIGNATURE = 1 << 1,
AVAILABLE_SCOPE_RESTRICTED = 1 << 2
};
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PERMISSION_RE_GRANTER_H
#define PERMISSION_RE_GRANTER_H
#include "base_remote_command.h"
#include "permission_log.h"
#include "permission_fetcher.h"
#include "base_remote_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
class PermissionReGranter final {
public:
static void ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo);
static bool IsGranted(const PermissionDto& permission);
static bool IsRemoteGranted(const PermissionDto& permission);
static void SetStatusGranted(const bool isGranted, PermissionDto& permission);
static void SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission);
private:
static void GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo);
static bool VerifySignatruePermission(const PermissionDefParcel& permInfo, const UidBundleBo& uidBundlePermInfo);
private:
static const int FLAG_PERMISSION_DEFINED_BY_SYSTEM = 1 << 0;
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED = 1 << 0;
static const int FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED = 1 << 1;
static const int FLAG_PERMISSION_STATUS_REMOTE_GRANTED = 1 << 3;
enum TypeOfGrantMode {
USER_GRANT = 0,
SYSTEM_GRANT = 1,
};
enum TypeOfAvailableScope {
AVAILABLE_SCOPE_ALL = 1 << 0,
AVAILABLE_SCOPE_SIGNATURE = 1 << 1,
AVAILABLE_SCOPE_RESTRICTED = 1 << 2
};
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_RE_GRANTER_H

2
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/request_permissions_info.h
View File

@ -40,7 +40,7 @@ public:
*
* @return true: the process will stop. false: the process will continue
*/
bool NeedStopProcess();
bool NeedStopProcess() const;
/**
* prepare to process the request, and format the input parameters
*

7
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/request_remote_permission.h
View File

@ -32,7 +32,6 @@
#include "bundlemgr/bundle_mgr_interface.h"
#include "permission_log.h"
#include "refbase.h"
#include "external_deps.h"
namespace OHOS {
namespace Security {
@ -55,8 +54,8 @@ public:
* @param uid The Caller Uid
* @return true can request permission, false cannot request permission.
*/
bool CanRequestPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid);
bool CanRequestPermissionFromRemote(const std::string &permission, const std::string &deviceId, const int32_t pid,
const int32_t uid) const;
/**
* Dynamically applies for permissions from a specified device (the application result is returned asynchronously).
@ -123,7 +122,7 @@ private:
bool HaveSensitivePermissionToRequest(
const std::string deviceId, const int32_t pid, const int32_t uid, const std::vector<std::string> permissions);
bool CheckThirdAppMore(const std::string deviceId, const std::string permission);
bool CheckThirdAppMore(const std::string deviceId, const std::string permission) const;
private:
// static constexpr char *TAG = "RequestRemotePermission";

42
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/distributed/subject_device_permission_manager.h
View File

@ -77,16 +77,11 @@ public:
/**
* Operation function. Using duidTranslator to generate a duid. Then add relationship from deviceId to uid and add
* relationship from duid to permissionItemNames.
* <p>
* Check input parameter first. If:
* <ol>
* <li>DeviceId is invalid, will return <b>INVALID_DEVICE_ID</b>, and will not add.
* <li>ObjectUid is null, or permissionItems is null, will return <b>INVALID_UID_PERMISSION</b>, and will not
* add.
* </ol>
* Secondly, ask DuidTranslator to get a duid for deviceId and ruid pair. If the allocated duid is not a duid, then
* return <b>INVALID_DUID</b>.
* <p>
* Check input parameter first.
* If DeviceId is invalid, will return <b>INVALID_DEVICE_ID</b>, and will not add.
* If ObjectUid is null, or permissionItems is null, will return <b>INVALID_UID_PERMISSION</b>, and will not add.
* Secondly, ask DuidTranslator to get a duid for deviceId and ruid pair. If the allocated duid is not a duid,
* then return INVALID_DUID.
* Finally, save the deviceId to uid relationship, and save the duid to permissionItemNames relationship. New one
* will over the old ones.
*
@ -113,16 +108,11 @@ public:
/**
* Operation function. Remove one relationship from deviceId to ruids, and from duid to permissionItemNames.
* <p>
* Check input parameter first. If:
* <ol>
* <li>DeviceId is invalid, will return <b>INVALID_DEVICE_ID</b>, and will not remove anyone.
* <li>Ruid is invalid, will return <b>INVALID_RUID</b>, and will not remove anyone.
* </ol>
* Check input parameter first.
* If DeviceId is invalid, will return INVALID_DEVICE_ID, and will not remove anyone.
* If Ruid is invalid, will return INVALID_RUID, and will not remove anyone.
* Secondly, remove this relationship from deviceId to uid.
* <p>
* Thirdly, get the duid. Remove the relationship from duid to permissionItemNames, if duid exist.
* <p>
* Finally, notify duidTranslator to delete deviceId.
*
* @param deviceId The remote mapped deviceId.
@ -142,9 +132,9 @@ public:
/**
* Query function.Check if a duid has the specific permissionName.
* Check input parameter first. If:
* Duid is special, return PERMISSION_GRANTED.
* PermissionName or Duid is invalid, return PERMISSION_DENIED.
* Check input parameter first.
* If Duid is special, return PERMISSION_GRANTED.
* If PermissionName or Duid is invalid, return PERMISSION_DENIED.
* Check all permissionName for this duid, and if any match the input name, return PERMISSION_GRANTED,
* else return PERMISSION_DENIED.
*
@ -194,9 +184,9 @@ private:
std::recursive_mutex stackLock_;
void ReGrantDuidPermissionsLocked(UidBundleBo &uidBundlePermInfo);
void ReGrantDuidPermissionsLocked(UidBundleBo &uidBundlePermInfo) const;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // PERMISSION_BASE_SERVICE_H
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // SUBJECT_DEVICE_PERMISSION_MANAGER_H

3
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/record/bundle_permission_used_record.h
View File

@ -50,6 +50,9 @@ struct BundlePermissionUsedRecord : public Parcelable {
nlohmann::json to_json(const BundlePermissionUsedRecord &bundle) const;
void from_json(const nlohmann::json &jsonObj, BundlePermissionUsedRecord &bundle);
static int TranslationIntoBundlePermissionUsedRecord(
const GenericValues &inGenericValues, BundlePermissionUsedRecord &outBundleRecord);
};
} // namespace Permission
} // namespace Security

12
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/record/permission_record.h
View File

@ -17,7 +17,10 @@
#define PERMISSION_RECORD_H
#include <string>
#include "../common/time_util.h"
#include "constant.h"
#include "field_const.h"
#include "generic_values.h"
#include "time_util.h"
namespace OHOS {
namespace Security {
namespace Permission {
@ -31,9 +34,10 @@ struct PermissionRecord {
PermissionRecord() = default;
static bool SetPermissionRecord(const int64_t timestamp, const int32_t visitorId, const int32_t opCode,
const bool isForeground, const int32_t accessCount, const int32_t rejectCount,
PermissionRecord &permissionRecord);
static int TranslationIntoPermissionRecord(
const GenericValues &inGenericValues, PermissionRecord &outPermissionRecord);
static int TranslationIntoGenericValues(
const PermissionRecord &inPermissionRecord, GenericValues &outGenericValues);
};
} // namespace Permission
} // namespace Security

9
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/record/permission_used_record.h
View File

@ -20,6 +20,8 @@
#include <vector>
#include "constant.h"
#include "field_const.h"
#include "generic_values.h"
#include "nlohmann/json.hpp"
#include "parcel.h"
@ -62,9 +64,12 @@ struct PermissionUsedRecord : public Parcelable {
*/
void from_json(const nlohmann::json &jsonObj, PermissionUsedRecord &result);
void updateRecord(const PermissionUsedRecord &record);
void UpdateRecord(const PermissionUsedRecord &record);
void updateRecordWithTime(const PermissionUsedRecord &record);
void UpdateRecordWithTime(const PermissionUsedRecord &record);
static int TranslationIntoPermissionUsedRecord(
const GenericValues &inGenericValues, PermissionUsedRecord &outPermRecord);
};
} // namespace Permission
} // namespace Security

8
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/record/permission_visitor.h
View File

@ -17,6 +17,9 @@
#define PERMISSION_VISITOR_H
#include <string>
#include "constant.h"
#include "field_const.h"
#include "generic_values.h"
namespace OHOS {
namespace Security {
@ -34,6 +37,11 @@ struct PermissionVisitor {
static bool SetPermissionVisitor(const std::string &deviceId, const std::string &deviceName,
const int32_t bundleUserId, const std::string &bundleName, const std::string &bundleLabel,
PermissionVisitor &permissionVisitor);
static int TranslationIntoPermissionVisitor(
const GenericValues &inGenericValues, PermissionVisitor &outPermissionVisitor);
static int TranslationIntoGenericValues(
const PermissionVisitor &inPermissionVisitor, GenericValues &outGenericValues);
};
} // namespace Permission
} // namespace Security

5
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/record/query_permission_used_request.h
View File

@ -20,6 +20,8 @@
#include <vector>
#include "nlohmann/json.hpp"
#include "field_const.h"
#include "generic_values.h"
#include "parcel.h"
#include "query_permission_used_result.h"
@ -47,6 +49,9 @@ struct QueryPermissionUsedRequest : public Parcelable {
nlohmann::json to_json(const QueryPermissionUsedRequest &request) const;
void from_json(const nlohmann::json &jsonObj, QueryPermissionUsedRequest &request);
static int TranslationIntoGenericValues(const QueryPermissionUsedRequest &inQueryRequest,
GenericValues &outVisitorValues, GenericValues &outRecordAndValues, GenericValues &outRecordOrValues);
};
} // namespace Permission
} // namespace Security

159
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/remind/sensitive_permission_remind.h Normal file
View File

@ -0,0 +1,159 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SENSITIVE_PERMISSION_REMIND_H
#define SENSITIVE_PERMISSION_REMIND_H
#include <sys/types.h>
#include <unistd.h>
#include <set>
#include <cstring>
#include "app_id_info.h"
#include "bundle_mgr_interface.h"
#include "bms_adapter.h"
#include "constant.h"
#include "ipc_skeleton.h"
#include "notification_helper.h"
#include "on_using_permission_reminder.h"
#include "pms_adapter.h"
#include "permission_log.h"
#include "permission_record_manager.h"
#include "permission_reminder_info.h"
#include "resource_manager.h"
#include "remind_info.h"
#include "subject_device_permission_manager.h"
namespace OHOS {
namespace Security {
namespace Permission {
class SensitivePermissionRemind {
public:
SensitivePermissionRemind();
~SensitivePermissionRemind();
static SensitivePermissionRemind &GetInstance();
/**
* Register using permission reminder to dpms at ohos side.
*
* @param callback instance of {@link ohos.security.permission.OnUsingPermissionReminder}.
* @return result code indicates callback if register successfully.
*/
int32_t RegisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback);
/**
* unregister using permission reminder to dpms at ohos side.
*
* @param callback instance of {@link ohos.security.permission.OnUsingPermissionReminder} has been registered.
* @return result code indicates callback if unregister successfully.
*/
int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder> &callback);
/**
* Check permission and start permission using reminder if permission granted.
*
* @param permissionName permission name.
* @param pid the pid from pid json string indicates app information
* @param uid the uid from pid json string indicates app information
* @param deviceId thd deviceId from pid json string indicates app information
* @return Permission checked result, {@link #GRANTED} indicates permission granted, otherwise {@link #DENIED}.
*/
int32_t CheckPermissionAndStartUsing(const std::string &permissionName, const std::string &deviceId,
const int32_t &uid, const int32_t &pid);
/**
* Used to permission using remind when app start using permission continuously.
*
* @param permName the permission name which app start using.
* @param pid the pid from pid json string indicates app information
* @param uid the uid from pid json string indicates app information
* @param deviceId thd deviceId from pid json string indicates app information
*/
void StartUsingPermission(const std::string &permName, const std::string &deviceId, const int32_t &uid,
const int32_t &pid);
/**
* Used to permission using remind when app stop using permission continuously.
*
* @param permName the permission name which app stop using.
* @param pid the pid from pid json string indicates app information
* @param uid the uid from pid json string indicates app information
* @param deviceId thd deviceId from pid json string indicates app information
*/
void StopUsingPermission(const std::string &permName, const std::string &deviceId, const int32_t &uid,
const int32_t &pid);
private:
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
sptr<Permission::IPermissionManager> iPermissionManager_;
std::set<sptr<OnUsingPermissionReminder>> reminderSet_;
void GetPermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId,
PermissionReminderInfo &permReminderInfo);
void InsertPermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid,
const std::string &deviceId, PermissionReminderInfo &permReminderInfo) const;
void RemovePermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid,
const std::string &deviceId, PermissionReminderInfo &permReminderInfo) const;
void CreateNewPermissionReminderInfo(const std::string &permName, int32_t pid, int32_t uid,
const std::string &deviceId, PermissionReminderInfo &permReminderInfo) const;
bool CheckPermissionExist(const std::vector<PermissionRemindInfo>::iterator item,
const std::string permissionName) const;
void ErasePermission(std::vector<PermissionRemindInfo>::iterator &item, const std::string permissionName) const;
bool GetBundleInfo(AppExecFwk::BundleInfo &bundleInfo, int32_t uid);
void CreatAns() const;
void CloseAns() const;
const char *g_resFilePath = "/data/test/resources.index";
const std::string perm_using_remind_label_ = "系统";
const std::string perm_using_remind_setting1_ = "跳转应用详情";
const std::string perm_using_remind_setting2_ = "停止应用";
const std::vector<std::string> perm_using_remind_texts_ = {
"正在使用@",
"正在使用@",
"正在使用@和@",
"正在使用@和@和@",
"正在使用@和@和@和@",
"正在使用@和@和@和@和@",
"正在使用@和@和@和@和@和@",
"正在使用@和@和@和@和@和@和@",
"正在使用@和@和@和@和@和@和@和@",
"正在使用@和@和@和@和@和@和@和@和@",
};
const std::map<std::string, std::string> perm_using_names_ = {
{Constant::LOCATION, "位置"},
{Constant::LOCATION_IN_BACKGROUND, "位置"},
{Constant::CAMERA, "相机"},
{Constant::MICROPHONE, "麦克风"},
{Constant::READ_CALENDAR, "日历"},
{Constant::WRITE_CALENDAR, "日历"},
{Constant::ACTIVITY_MOTION, "健康运动"},
{Constant::READ_HEALTH_DATA, "健康"},
{Constant::DISTRIBUTED_DATASYNC, "分布式数据管理"},
{Constant::DISTRIBUTED_DATA, "分布式数据管理"},
{Constant::MEDIA_LOCATION, "媒体"},
{Constant::READ_MEDIA, "媒体"},
{Constant::WRITE_MEDIA, "媒体"},
};
enum {
DENIED = -1,
GRANTED = 0,
};
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // SENSITIVE_PERMISSION_REMIND_H

4
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/sensitive/resource_switch.h
View File

@ -57,7 +57,7 @@ public:
* @param permission Sensitive resource permission.
* @return 0 if permission invalid, not sensitive resource or switch off(denied). 1 switch on(allow).
*/
int GetLocalSensitiveResourceSwitch(std::string permission);
int GetLocalSensitiveResourceSwitch(std::string permission) const;
/**
* Get remote sensitive resource switch.
@ -66,7 +66,7 @@ public:
* @param permission Sensitive resource permission.
* @return 0 if permission invalid, not sensitive resource or switch off. 1 switch on.
*/
int GetRemoteSensitiveResourceSwitch(std::string deviceId, std::string permission);
int GetRemoteSensitiveResourceSwitch(std::string deviceId, std::string permission) const;
private:
ResourceSwitch()

4
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/sensitive/resource_switch_cache.h
View File

@ -26,9 +26,9 @@ class ResourceSwitchCache {
public:
static ResourceSwitchCache &GetInstance();
bool GetSwitchStatus(std::string sensitiveResource);
bool GetSwitchStatus(std::string sensitiveResource) const;
bool GetSwitchStatus(std::string deviceId, std::string sensitiveResource);
bool GetSwitchStatus(std::string deviceId, std::string sensitiveResource) const;
void SetSwitchStatus(std::string sensitiveResource, bool isSwitchAllow);

4
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/sensitive/resource_switch_local.h
View File

@ -39,7 +39,7 @@ public:
*
* @return Sensitive resource switch status containing allowed or denied information.
*/
std::shared_ptr<SensitiveResourceSwitchSetting> GetSwitchSetting();
std::shared_ptr<SensitiveResourceSwitchSetting> GetSwitchSetting() const;
/**
* Get single local sensitive resource switch status from settings.
@ -47,7 +47,7 @@ public:
* @param sensitiveResource The query sensitive resource.
* @return Allowed or denied information.
*/
bool GetSwitchStatus(std::string sensitiveResource);
bool GetSwitchStatus(std::string sensitiveResource) const;
private:
ResourceSwitchLocal() : hasRegistered_(false)

16
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/sensitive/resource_switch_remote.h
View File

@ -29,7 +29,7 @@ public:
/**
* Register remote switch change observer.
*/
void SubscribeRemoteChangeListener();
void SubscribeRemoteChangeListener() const;
/**
* Query all remote sensitive resource switch from remote side: device profile.
@ -38,30 +38,30 @@ public:
* @param isNetworkId Indicate that the device id is deviceNetworkId or UDID.
* @return Sensitive resource switch status containing switch allowed or denied information.
*/
std::shared_ptr<SensitiveResourceSwitchSetting> PullSwitchSetting(std::string deviceId, bool isNetworkId);
std::shared_ptr<SensitiveResourceSwitchSetting> PullSwitchSetting(std::string deviceId, bool isNetworkId) const;
/**
* Asynchronously sync all local sensitive resource switch to remote side: device profile.
*
* @param switchSetting Sensitive resource switch status containing allowed or denied information.
*/
void PushSwitchSetting(std::shared_ptr<SensitiveResourceSwitchSetting> switchSetting);
void PushSwitchSetting(std::shared_ptr<SensitiveResourceSwitchSetting> switchSetting) const;
/**
* Just notify device profile to sync all switch settings.
*/
void SyncSwitchSetting();
void SyncSwitchSetting() const;
private:
ResourceSwitchRemote() : hasRegistered_(false)
{}
std::shared_ptr<SensitiveResourceSwitchSetting> ConvertToSwitchSetting(
std::string deviceId, std::map<std::string, int32_t> profileMap);
std::shared_ptr<SensitiveResourceSwitchSetting> ConvertToSwitchSetting(std::string deviceId,
std::map<std::string, int32_t> profileMap) const;
std::string ConvertToSensitiveResourceIfPossible(std::pair<std::string, int32_t> mapEntry);
std::string ConvertToSensitiveResourceIfPossible(std::pair<std::string, int32_t> mapEntry) const;
bool IsPermittedFromProfile(std::pair<std::string, int32_t> mapEntry);
bool IsPermittedFromProfile(std::pair<std::string, int32_t> mapEntry) const;
private:
bool hasRegistered_;

85
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/service/distributed_permission_manager_service.h
View File

@ -20,6 +20,7 @@
#include <unistd.h>
#include <set>
#include <cstring>
#include "app_id_info.h"
#include "constant.h"
#include "distributed_permission_stub.h"
#include "event_handler.h"
@ -31,7 +32,6 @@
#include "string_ex.h"
#include "distributed_permission_event_handler.h"
#include "on_using_permission_reminder.h"
#include "external_deps.h"
#include "permission_fetcher.h"
#include "base_remote_command.h"
#include "permission_reminder_info.h"
@ -113,8 +113,7 @@ public:
* @param uid, The application uid of caller device.
* @return Permission checked result, 0: GRANTED, -1: DENIED.
*/
virtual int32_t CheckPermission(
const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid) override;
virtual int32_t CheckPermission(const std::string &permissionName, const std::string &appIdInfo) override;
/**
* Check self permission.
@ -164,8 +163,8 @@ public:
* @param appIdInfo The appliaction information to be verified, include ruid, nodeId, pid and bundlename.
* @return 0 Granted, -1 denied.
*/
virtual int32_t VerifyPermissionFromRemote(
const std::string &permission, const std::string &nodeId, int32_t pid, int32_t uid) override;
virtual int32_t VerifyPermissionFromRemote(const std::string &permission, const std::string &nodeId,
const std::string &appIdInfo) override;
/**
* Verify self whether has been granted permission with the given name to access the remote device.
@ -200,26 +199,23 @@ public:
virtual int32_t UnregisterUsingPermissionReminder(const sptr<OnUsingPermissionReminder>& callback) override;
virtual int32_t CheckPermissionAndStartUsing(
const std::string &permissionName, int32_t pid, int32_t uid, const std::string &deviceId) override;
virtual int32_t CheckPermissionAndStartUsing(const std::string &permissionName,
const std::string &appIdInfo) override;
virtual void StartUsingPermission(
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) override;
virtual void StartUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
virtual void StopUsingPermission(
const std::string &permName, int32_t pid, int32_t uid, const std::string &deviceId) override;
virtual void StopUsingPermission(const std::string &permName, const std::string &appIdInfo) override;
/**
* Add one permission used/access record.
*
* @param permissionName Permission name.
* @param deviceId Device id.
* @param uid The application uid of caller device.
* @param appIdInfo The appliaction information to be verified, include ruid, nodeId, pid and bundlename.
* @param sucCount Succeed count.
* @param failCount Failed count.
*/
virtual void AddPermissionsRecord(const std::string& permissionName, const std::string& deviceId, const int32_t uid,
const int32_t sucCount, const int32_t failCount) override;
virtual void AddPermissionsRecord(const std::string &permissionName, const std::string &appIdInfo,
int32_t sucCount, int32_t failCount) override;
/**
* Sychronized blocking requesting permission used records.
@ -230,8 +226,7 @@ public:
* @param resultStr Response ziped json string.
* @return 0 if succeeded; -1 if failed.
*/
virtual int32_t GetPermissionRecords(const std::string& queryGzipStr, unsigned long& codeLen, unsigned long& zipLen,
std::string& resultStr) override;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr, std::string &resultStr) override;
/**
* Sychronized blocking requesting permission used records.
@ -242,8 +237,8 @@ public:
* @param callback The callback function provided for caller to handle response data.
* @return 0 if succeeded; -1 if failed.
*/
virtual int32_t GetPermissionRecords(const std::string& queryGzipStr, unsigned long& codeLen, unsigned long& zipLen,
const sptr<OnPermissionUsedRecord>& callback) override;
virtual int32_t GetPermissionRecords(const std::string &queryGzipStr,
const sptr<OnPermissionUsedRecord> &callback) override;
virtual void RequestPermissionsFromRemote(const std::vector<std::string> permissions,
const sptr<OnRequestPermissionsResult>& callback, const std::string& nodeId, const std::string& bundleName,
@ -263,6 +258,7 @@ private:
std::recursive_mutex stackLock_;
std::shared_ptr<DistributedPermissionEventHandler> handler_;
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
sptr<Permission::IPermissionManager> iPermissionManager_;
sptr<Notification::IAnsManager> iAnsManager_;
const std::string APP_TYPE_OTHER = "other";
const std::string APP_TYPE_SYSTEM = "system";
@ -270,57 +266,12 @@ private:
DENIED = -1,
GRANTED = 0,
};
std::set<sptr<OnUsingPermissionReminder>> reminderSet_;
void GetPermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid, const std::string& deviceId,
PermissionReminderInfo& permReminderInfo);
void InsertPermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid,
const std::string& deviceId, PermissionReminderInfo& permReminderInfo);
void RemovePermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid,
const std::string& deviceId, PermissionReminderInfo& permReminderInfo);
int32_t CheckLocalPermission(int32_t uid, const std::string& permissionName);
void CreateNewPermissionReminderInfo(const std::string& permName, int32_t pid, int32_t uid,
const std::string& deviceId, PermissionReminderInfo& permReminderInfo);
bool CheckPermissionExist(const std::vector<PermissionRemindInfo>::iterator item, const std::string permissionName);
void ErasePermission(std::vector<PermissionRemindInfo>::iterator& item, const std::string permissionName);
bool GetBundleInfo(AppExecFwk::BundleInfo& bundleInfo, int32_t uid);
void CreatAns();
void CloseAns();
int32_t CheckLocalPermission(int32_t uid, const std::string &permissionName);
int32_t CheckPermission(const std::string &permissionName, const std::string &nodeId, int32_t pid, int32_t uid);
bool GetBundleInfo(AppExecFwk::BundleInfo &bundleInfo, int32_t uid);
int32_t convert(int32_t duid);
std::mutex mutex_;
const char* g_resFilePath = "/data/test/resources.index";
DISALLOW_COPY_AND_MOVE(DistributedPermissionManagerService);
const std::string perm_using_remind_label_ = "系统";
const std::string perm_using_remind_setting1_ = "跳转应用详情";
const std::string perm_using_remind_setting2_ = "停止应用";
const std::vector<std::string> perm_using_remind_texts_ = {
"正在使用@",
"正在使用@",
"正在使用@和@",
"正在使用@和@和@",
"正在使用@和@和@和@",
"正在使用@和@和@和@和@",
"正在使用@和@和@和@和@和@",
"正在使用@和@和@和@和@和@和@",
"正在使用@和@和@和@和@和@和@和@",
"正在使用@和@和@和@和@和@和@和@和@",
};
const std::map<std::string, std::string> perm_using_names_ = {
{Constant::LOCATION, "位置"},
{Constant::LOCATION_IN_BACKGROUND, "位置"},
{Constant::CAMERA, "相机"},
{Constant::MICROPHONE, "麦克风"},
{Constant::READ_CALENDAR, "日历"},
{Constant::WRITE_CALENDAR, "日历"},
{Constant::ACTIVITY_MOTION, "健康运动"},
{Constant::READ_HEALTH_DATA, "健康"},
{Constant::DISTRIBUTED_DATASYNC, "分布式数据管理"},
{Constant::DISTRIBUTED_DATA, "分布式数据管理"},
{Constant::MEDIA_LOCATION, "媒体"},
{Constant::READ_MEDIA, "媒体"},
{Constant::WRITE_MEDIA, "媒体"},
};
};
} // namespace Permission
} // namespace Security

2
interfaces/innerkits/permission_standard/distributedpermission/main/cpp/include/distributed_permission_stub.h → services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/service/distributed_permission_stub.h
View File

@ -16,7 +16,7 @@
#ifndef PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_STUB_H
#define PERMISSION_INNERKITS_INCLUDE_DISRIBUTED_PERMISSION_STUB_H
#include "idistributed_permission.h"
#include "i_distributed_permission.h"
#include "iremote_stub.h"
#include "nocopyable.h"

351
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/command/get_uid_permission_command.cpp
View File

@ -1,175 +1,178 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "base_remote_command.h"
#include "get_uid_permission_command.h"
#include "permission_log.h"
#include "subject_device_permission_manager.h"
#include "object_device_permission_manager.h"
#include "external_deps.h"
#include "ipc_skeleton.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "GetUidPermissionCommand"};
}
GetUidPermissionCommand::GetUidPermissionCommand(
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
: uid_(uid)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
GetUidPermissionCommand::GetUidPermissionCommand(const std::string &json)
{
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
uid_ = jsonObject.at("uid").get<int32_t>();
}
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
}
std::string GetUidPermissionCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
return j.dump();
}
void GetUidPermissionCommand::Prepare()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: end as: GetUidPermissionCommand", __func__);
}
void GetUidPermissionCommand::Execute()
{
PERMISSION_LOG_INFO(LABEL, "execute: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
return;
}
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
// Use this uid to get permission from PMS. Then save the publisher information, which is deviceId and uid.
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
return;
}
int32_t count = 0;
for (auto bundle : uidPermission_.bundles) {
count = bundle.permissions.size();
if (count != 0) {
break;
}
}
// Check limit.
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
return;
}
PERMISSION_LOG_DEBUG(LABEL,
"GetUidPermissionCommand: ObjectDevicePermissionManager Save the query deviceId and uid uid: %{public}d, "
"deviceId: %{public}s }",
uid_,
remoteProtocol_.srcDeviceId.c_str());
// Save the query deviceId and uid.
int32_t addResult =
ObjectDevicePermissionManager::GetInstance().AddNotifyPermissionMonitorUid(remoteProtocol_.srcDeviceId, uid_);
PERMISSION_LOG_DEBUG(LABEL,
"GetUidPermissionCommand: ObjectDevicePermissionManager AddNotifyPermissionMonitorUid result: %{public}d }",
addResult);
if (addResult == Constant::SUCCESS) {
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
} else {
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
}
PERMISSION_LOG_INFO(LABEL, "execute: end as: GetUidPermissionCommand");
}
void GetUidPermissionCommand::Finish()
{
PERMISSION_LOG_INFO(LABEL, "finish: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
if (remoteProtocol_.statusCode != Constant::SUCCESS) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to GetUidPermissionCommand finish.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
return;
}
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
return;
}
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
// Query PMS to filter uidPermissions and get the granted ones.
UidBundleBo rUidPermission;
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
return;
}
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
remoteProtocol_.responseDeviceId, rUidPermission);
PERMISSION_LOG_DEBUG(
LABEL, "finish: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
if (addResult == Constant::SUCCESS) {
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
} else {
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
}
PERMISSION_LOG_INFO(LABEL, "finish: end as: GetUidPermissionCommand");
}
} // namespace Permission
} // namespace Security
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "base_remote_command.h"
#include "permission_log.h"
#include "subject_device_permission_manager.h"
#include "object_device_permission_manager.h"
#include "ipc_skeleton.h"
#include "bms_adapter.h"
#include "pms_adapter.h"
#include "get_uid_permission_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "GetUidPermissionCommand"};
}
GetUidPermissionCommand::GetUidPermissionCommand(
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
: uid_(uid)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
GetUidPermissionCommand::GetUidPermissionCommand(const std::string &json)
{
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
uid_ = jsonObject.at("uid").get<int32_t>();
}
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
}
std::string GetUidPermissionCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
return j.dump();
}
void GetUidPermissionCommand::Prepare()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: end as: GetUidPermissionCommand", __func__);
}
void GetUidPermissionCommand::Execute()
{
PERMISSION_LOG_INFO(LABEL, "execute: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
return;
}
iBundleManager_ = bmsAdapter->GetBundleManager();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
// Use this uid to get permission from PMS. Then save the publisher information, which is deviceId and uid.
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
PERMISSION_LOG_DEBUG(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
return;
}
int32_t count = 0;
for (auto bundle : uidPermission_.bundles) {
count = bundle.permissions.size();
if (count != 0) {
break;
}
}
// Check limit.
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
return;
}
PERMISSION_LOG_DEBUG(LABEL,
"GetUidPermissionCommand: ObjectDevicePermissionManager Save the query deviceId and uid uid: %{public}d, "
"deviceId: %{public}s }",
uid_,
remoteProtocol_.srcDeviceId.c_str());
// Save the query deviceId and uid.
int32_t addResult =
ObjectDevicePermissionManager::GetInstance().AddNotifyPermissionMonitorUid(remoteProtocol_.srcDeviceId, uid_);
PERMISSION_LOG_DEBUG(LABEL,
"GetUidPermissionCommand: ObjectDevicePermissionManager AddNotifyPermissionMonitorUid result: %{public}d }",
addResult);
if (addResult == Constant::SUCCESS) {
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
} else {
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
}
PERMISSION_LOG_INFO(LABEL, "execute: end as: GetUidPermissionCommand");
}
void GetUidPermissionCommand::Finish()
{
PERMISSION_LOG_INFO(LABEL, "finish: start as: GetUidPermissionCommand{uid = %{public}d }", uid_);
if (remoteProtocol_.statusCode != Constant::SUCCESS) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to GetUidPermissionCommand finish.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
return;
}
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
return;
}
iBundleManager_ = bmsAdapter->GetBundleManager();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
// Query PMS to filter uidPermissions and get the granted ones.
UidBundleBo rUidPermission;
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
return;
}
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
remoteProtocol_.responseDeviceId, rUidPermission);
PERMISSION_LOG_DEBUG(
LABEL, "finish: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
if (addResult == Constant::SUCCESS) {
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
} else {
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
}
PERMISSION_LOG_INFO(LABEL, "finish: end as: GetUidPermissionCommand");
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

239
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/command/request_remote_permission_callback_command.cpp
View File

@ -1,121 +1,120 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "base_remote_command.h"
#include "request_remote_permission_callback_command.h"
#include "permission_log.h"
#include "subject_device_permission_manager.h"
#include "object_device_permission_manager.h"
#include "external_deps.h"
#include "request_remote_permission.h"
#include "ipc_skeleton.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCallbackCommand"};
}
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &srcDeviceId,
const std::string &dstDeviceId, const std::string &requestId, const int32_t uid, const std::string &bundleName)
: requestId_(requestId), bundleName_(bundleName), uid_(uid)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &json)
{
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand start");
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
jsonObject.at("uid").get_to<int32_t>(uid_);
}
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
jsonObject.at("requestId").get_to<std::string>(requestId_);
}
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
}
if (jsonObject.find("objectGrantedResult") != jsonObject.end() && jsonObject.at("objectGrantedResult") != nullptr) {
jsonObject.at("objectGrantedResult").get_to<std::set<std::string>>(objectGrantedResult_);
}
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand end");
}
std::string RequestRemotePermissionCallbackCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["requestId"] = requestId_;
j["bundleName"] = bundleName_;
nlohmann::json objectGrantedResultJson;
for (auto result : objectGrantedResult_) {
objectGrantedResultJson.emplace_back(result);
}
j["objectGrantedResult"] = objectGrantedResultJson;
return j.dump();
}
void RequestRemotePermissionCallbackCommand::Prepare()
{
PERMISSION_LOG_INFO(LABEL, "prepare: start as: RequestRemotePermissionCallbackCommand");
objectGrantedResult_ = SubjectDevicePermissionManager::GetInstance().GetGrantSensitivePermissionToRemoteApp(
remoteProtocol_.dstDeviceId, uid_);
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCallbackCommand");
}
void RequestRemotePermissionCallbackCommand::Finish()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_INFO(LABEL, "finish: RequestRemotePermissionCallbackCommand{uid=%{public}d }", uid_);
}
void RequestRemotePermissionCallbackCommand::Execute()
{
PERMISSION_LOG_DEBUG(LABEL,
"execute: start as: RequestRemotePermissionCallbackCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
PERMISSION_LOG_INFO(LABEL, "Start process RequestRemotePermissionCallbackCommand on server");
// use the last object data to refresh the data in subject device
ObjectDevicePermissionManager::GetInstance().ResetGrantSensitivePermission(
remoteProtocol_.srcDeviceId, uid_, objectGrantedResult_);
RequestRemotePermission::GetInstance().RequestResultForResult(requestId_);
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCallbackCommand");
}
} // namespace Permission
} // namespace Security
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "base_remote_command.h"
#include "permission_log.h"
#include "subject_device_permission_manager.h"
#include "object_device_permission_manager.h"
#include "request_remote_permission.h"
#include "ipc_skeleton.h"
#include "request_remote_permission_callback_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCallbackCommand"};
}
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &srcDeviceId,
const std::string &dstDeviceId, const std::string &requestId, const int32_t uid, const std::string &bundleName)
: requestId_(requestId), bundleName_(bundleName), uid_(uid)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
RequestRemotePermissionCallbackCommand::RequestRemotePermissionCallbackCommand(const std::string &json)
{
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand start");
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
jsonObject.at("uid").get_to<int32_t>(uid_);
}
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
jsonObject.at("requestId").get_to<std::string>(requestId_);
}
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
}
if (jsonObject.find("objectGrantedResult") != jsonObject.end() && jsonObject.at("objectGrantedResult") != nullptr) {
jsonObject.at("objectGrantedResult").get_to<std::set<std::string>>(objectGrantedResult_);
}
PERMISSION_LOG_INFO(LABEL, "Create RequestRemotePermissionCallbackCommand end");
}
std::string RequestRemotePermissionCallbackCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["requestId"] = requestId_;
j["bundleName"] = bundleName_;
nlohmann::json objectGrantedResultJson;
for (auto result : objectGrantedResult_) {
objectGrantedResultJson.emplace_back(result);
}
j["objectGrantedResult"] = objectGrantedResultJson;
return j.dump();
}
void RequestRemotePermissionCallbackCommand::Prepare()
{
PERMISSION_LOG_INFO(LABEL, "prepare: start as: RequestRemotePermissionCallbackCommand");
objectGrantedResult_ = SubjectDevicePermissionManager::GetInstance().GetGrantSensitivePermissionToRemoteApp(
remoteProtocol_.dstDeviceId, uid_);
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCallbackCommand");
}
void RequestRemotePermissionCallbackCommand::Finish()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_INFO(LABEL, "finish: RequestRemotePermissionCallbackCommand{uid=%{public}d }", uid_);
}
void RequestRemotePermissionCallbackCommand::Execute()
{
PERMISSION_LOG_DEBUG(LABEL,
"execute: start as: RequestRemotePermissionCallbackCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
PERMISSION_LOG_INFO(LABEL, "Start process RequestRemotePermissionCallbackCommand on server");
// use the last object data to refresh the data in subject device
ObjectDevicePermissionManager::GetInstance().ResetGrantSensitivePermission(
remoteProtocol_.srcDeviceId, uid_, objectGrantedResult_);
RequestRemotePermission::GetInstance().RequestResultForResult(requestId_);
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCallbackCommand");
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

464
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/command/request_remote_permission_command.cpp
View File

@ -1,233 +1,233 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <iostream>
#include <string>
#include <chrono>
#include <thread>
#include "base_remote_command.h"
#include "remote_command_factory.h"
#include "remote_command_manager.h"
#include "permission_log.h"
#include "permission_fetcher.h"
#include "subject_device_permission_manager.h"
#include "external_deps.h"
#include "ipc_skeleton.h"
#include "distributed_permission_manager_service.h"
#include "request_remote_permission_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCommand"};
}
RequestRemotePermissionCommand::RequestRemotePermissionCommand(
const std::string &srcDeviceId, const std::string &dstDeviceId, const std::string &requestId)
: requestId_(requestId)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + requestId;
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
RequestRemotePermissionCommand::RequestRemotePermissionCommand(const std::string &json)
{
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
uid_ = jsonObject.at("uid").get<int32_t>();
}
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
jsonObject.at("requestId").get_to<std::string>(requestId_);
}
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
}
if (jsonObject.find("reason") != jsonObject.end() && jsonObject.at("reason").is_string()) {
jsonObject.at("reason").get_to<std::string>(reason_);
}
jsonObject.at("permissions").get_to<std::vector<std::string>>(permissions_);
}
std::string RequestRemotePermissionCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["requestId"] = requestId_;
j["bundleName"] = bundleName_;
j["reason"] = reason_;
nlohmann::json permissionsJson;
for (auto permission : permissions_) {
permissionsJson.emplace_back(permission);
}
j["permissions"] = permissionsJson;
return j.dump();
}
/**
* Set the more request message when the command is new
*
* @param uid the request uid
* @param permissions the request permissions
* @param bundleName the request package name
* @param reason the request reason string
*/
void RequestRemotePermissionCommand::SetRequestPermissionInfo(
int32_t uid, const std::vector<std::string> &permissions, const std::string &bundleName, const std::string &reason)
{
uid_ = uid;
permissions_ = permissions;
bundleName_ = bundleName;
reason_ = reason;
}
/**
* Current the UI is not design, So use the property item to mock the activity operation<br>
* if "request." + permission is true, DPMS will grant the sensitive permission
*
* @param permissions the permissions that will grant to remote
*/
void RequestRemotePermissionCommand::StartActivityForRequestPermission(std::vector<std::string> &permissions)
{
if (permissions.empty()) {
return;
}
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
return;
}
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
for (auto permission : permissions) {
if (iBundleManager_->CheckPermission(bundleName_, permission) == 0) {
PERMISSION_LOG_DEBUG(LABEL,
"mock Activity DO GRANT permission{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
SubjectDevicePermissionManager::GetInstance().GrantSensitivePermissionToRemoteApp(
permission, remoteProtocol_.srcDeviceId, uid_);
} else {
PERMISSION_LOG_DEBUG(LABEL,
"mock Activity DO NOT GRANT permission{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
}
}
}
/**
* Format the permissions to get the permissions that need to use UI to request the permission
*
* @param permissions the input permission from subject
* @param deviceId the deviceId of the subject device
* @param ruid the uid of the subject
* @return the permission that need to request by UI
*/
std::vector<std::string> RequestRemotePermissionCommand::FormatRequestPermissions(
std::vector<std::string> &permissions, const std::string &deviceId, int32_t ruid)
{
int32_t duid = SubjectDevicePermissionManager::GetInstance().GetDistributedUid(deviceId, ruid);
std::vector<std::string> needRequestPermissions;
for (auto permission : permissions) {
if (permission.empty()) {
continue;
}
PERMISSION_LOG_DEBUG(LABEL, "get sensitive permission = %{public}s from subject request ", permission.c_str());
if (SubjectDevicePermissionManager::GetInstance().CheckDistributedPermission(duid, permission) ==
Constant::PERMISSION_GRANTED) {
PERMISSION_LOG_DEBUG(LABEL,
"sensitive permission = %{public}s from subject request have been granted before ",
permission.c_str());
continue;
}
needRequestPermissions.push_back(permission);
}
return needRequestPermissions;
}
void RequestRemotePermissionCommand::Prepare()
{
PERMISSION_LOG_INFO(LABEL,
"prepare: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCommand.");
}
void RequestRemotePermissionCommand::Finish()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_INFO(LABEL,
"finish: end as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
}
void RequestRemotePermissionCommand::Execute()
{
PERMISSION_LOG_INFO(LABEL,
"execute: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
std::vector<std::string> needRequestPermissions =
FormatRequestPermissions(permissions_, remoteProtocol_.srcDeviceId, uid_);
if (needRequestPermissions.size() > 0) {
PERMISSION_LOG_INFO(LABEL, "start startActivityForRequestPermission");
// start active and the the result of the active
StartActivityForRequestPermission(needRequestPermissions);
PERMISSION_LOG_INFO(LABEL, "end startActivityForRequestPermission");
}
std::shared_ptr<DistributedPermissionEventHandler> handler =
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
if (handler == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
} else {
std::string taskName("RequestRemotePermissionCallbackCommand");
// auto task = [this, &remoteProtocol_, uid_, requestId_, &bundleName_]() {
auto task = [this]() {
// new a command to notice subject the request permission result
std::shared_ptr<RequestRemotePermissionCallbackCommand> callbackCommand_ =
RemoteCommandFactory::GetInstance().NewRequestRemotePermissionCallbackCommand(
remoteProtocol_.responseDeviceId, remoteProtocol_.srcDeviceId, requestId_, uid_, bundleName_);
RemoteCommandManager::GetInstance().AddCommand(remoteProtocol_.srcDeviceId, callbackCommand_);
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(remoteProtocol_.srcDeviceId);
};
handler->PostTask(task, taskName);
}
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCommand");
}
} // namespace Permission
} // namespace Security
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <iostream>
#include <string>
#include <chrono>
#include <thread>
#include "base_remote_command.h"
#include "remote_command_factory.h"
#include "remote_command_manager.h"
#include "permission_log.h"
#include "permission_fetcher.h"
#include "subject_device_permission_manager.h"
#include "ipc_skeleton.h"
#include "distributed_permission_manager_service.h"
#include "bms_adapter.h"
#include "request_remote_permission_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "RequestRemotePermissionCommand"};
}
RequestRemotePermissionCommand::RequestRemotePermissionCommand(
const std::string &srcDeviceId, const std::string &dstDeviceId, const std::string &requestId)
: requestId_(requestId)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + requestId;
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
RequestRemotePermissionCommand::RequestRemotePermissionCommand(const std::string &json)
{
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
uid_ = jsonObject.at("uid").get<int32_t>();
}
if (jsonObject.find("requestId") != jsonObject.end() && jsonObject.at("requestId").is_string()) {
jsonObject.at("requestId").get_to<std::string>(requestId_);
}
if (jsonObject.find("bundleName") != jsonObject.end() && jsonObject.at("bundleName").is_string()) {
jsonObject.at("bundleName").get_to<std::string>(bundleName_);
}
if (jsonObject.find("reason") != jsonObject.end() && jsonObject.at("reason").is_string()) {
jsonObject.at("reason").get_to<std::string>(reason_);
}
jsonObject.at("permissions").get_to<std::vector<std::string>>(permissions_);
}
std::string RequestRemotePermissionCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["requestId"] = requestId_;
j["bundleName"] = bundleName_;
j["reason"] = reason_;
nlohmann::json permissionsJson;
for (auto permission : permissions_) {
permissionsJson.emplace_back(permission);
}
j["permissions"] = permissionsJson;
return j.dump();
}
/**
* Set the more request message when the command is new
*
* @param uid the request uid
* @param permissions the request permissions
* @param bundleName the request package name
* @param reason the request reason string
*/
void RequestRemotePermissionCommand::SetRequestPermissionInfo(
int32_t uid, const std::vector<std::string> &permissions, const std::string &bundleName, const std::string &reason)
{
uid_ = uid;
permissions_ = permissions;
bundleName_ = bundleName;
reason_ = reason;
}
/**
* Current the UI is not design, So use the property item to mock the activity operation<br>
* if "request." + permission is true, DPMS will grant the sensitive permission
*
* @param permissions the permissions that will grant to remote
*/
void RequestRemotePermissionCommand::StartActivityForRequestPermission(std::vector<std::string> &permissions)
{
if (permissions.empty()) {
return;
}
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
if (bmsAdapter == nullptr) {
return;
}
iBundleManager_ = bmsAdapter->GetBundleManager();
for (auto permission : permissions) {
if (iBundleManager_->CheckPermission(bundleName_, permission) == 0) {
PERMISSION_LOG_DEBUG(LABEL,
"mock Activity DO GRANT permission{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
SubjectDevicePermissionManager::GetInstance().GrantSensitivePermissionToRemoteApp(
permission, remoteProtocol_.srcDeviceId, uid_);
} else {
PERMISSION_LOG_DEBUG(LABEL,
"mock Activity DO NOT GRANT permission{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
}
}
}
/**
* Format the permissions to get the permissions that need to use UI to request the permission
*
* @param permissions the input permission from subject
* @param deviceId the deviceId of the subject device
* @param ruid the uid of the subject
* @return the permission that need to request by UI
*/
std::vector<std::string> RequestRemotePermissionCommand::FormatRequestPermissions(
std::vector<std::string> &permissions, const std::string &deviceId, int32_t ruid)
{
int32_t duid = SubjectDevicePermissionManager::GetInstance().GetDistributedUid(deviceId, ruid);
std::vector<std::string> needRequestPermissions;
for (auto permission : permissions) {
if (permission.empty()) {
continue;
}
PERMISSION_LOG_DEBUG(LABEL, "get sensitive permission = %{public}s from subject request ", permission.c_str());
if (SubjectDevicePermissionManager::GetInstance().CheckDistributedPermission(duid, permission) ==
Constant::PERMISSION_GRANTED) {
PERMISSION_LOG_DEBUG(LABEL,
"sensitive permission = %{public}s from subject request have been granted before ",
permission.c_str());
continue;
}
needRequestPermissions.push_back(permission);
}
return needRequestPermissions;
}
void RequestRemotePermissionCommand::Prepare()
{
PERMISSION_LOG_INFO(LABEL,
"prepare: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_INFO(LABEL, "prepare: end as: RequestRemotePermissionCommand.");
}
void RequestRemotePermissionCommand::Finish()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_INFO(LABEL,
"finish: end as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
}
void RequestRemotePermissionCommand::Execute()
{
PERMISSION_LOG_INFO(LABEL,
"execute: start as: RequestRemotePermissionCommand{uid = %{public}d, requestId = %{public}s }",
uid_,
requestId_.c_str());
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
std::vector<std::string> needRequestPermissions =
FormatRequestPermissions(permissions_, remoteProtocol_.srcDeviceId, uid_);
if (needRequestPermissions.size() > 0) {
PERMISSION_LOG_INFO(LABEL, "start startActivityForRequestPermission");
// start active and the the result of the active
StartActivityForRequestPermission(needRequestPermissions);
PERMISSION_LOG_INFO(LABEL, "end startActivityForRequestPermission");
}
std::shared_ptr<DistributedPermissionEventHandler> handler =
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
if (handler == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
} else {
std::string taskName("RequestRemotePermissionCallbackCommand");
// auto task = [this, &remoteProtocol_, uid_, requestId_, &bundleName_]() {
auto task = [this]() {
// new a command to notice subject the request permission result
std::shared_ptr<RequestRemotePermissionCallbackCommand> callbackCommand_ =
RemoteCommandFactory::GetInstance().NewRequestRemotePermissionCallbackCommand(
remoteProtocol_.responseDeviceId, remoteProtocol_.srcDeviceId, requestId_, uid_, bundleName_);
RemoteCommandManager::GetInstance().AddCommand(remoteProtocol_.srcDeviceId, callbackCommand_);
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(remoteProtocol_.srcDeviceId);
};
handler->PostTask(task, taskName);
}
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_DEBUG(LABEL, "execute: end as: RequestRemotePermissionCommand");
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

301
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/command/sync_uid_permission_command.cpp
View File

@ -1,149 +1,152 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "base_remote_command.h"
#include "sync_uid_permission_command.h"
#include "permission_log.h"
#include "subject_device_permission_manager.h"
#include "external_deps.h"
#include "ipc_skeleton.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "SyncUidPermissionCommand"};
}
SyncUidPermissionCommand::SyncUidPermissionCommand(
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
: uid_(uid)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
SyncUidPermissionCommand::SyncUidPermissionCommand(const std::string &json)
{
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
uid_ = jsonObject.at("uid").get<int32_t>();
}
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
}
std::string SyncUidPermissionCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
return j.dump();
}
void SyncUidPermissionCommand::Prepare()
{
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
return;
}
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
PERMISSION_LOG_INFO(LABEL, "prepare: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
// Query PMS to get all permissions and read to send.
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
return;
}
// Check limit.
int32_t count = 0;
for (auto bundle : uidPermission_.bundles) {
count = bundle.permissions.size();
if (count != 0) {
break;
}
}
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
return;
}
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_INFO(LABEL, "prepare: end as: SyncUidPermissionCommand");
}
void SyncUidPermissionCommand::Execute()
{
PERMISSION_LOG_INFO(LABEL, "execute: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
return;
}
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
// Re-granted the permissions
UidBundleBo rUidPermission;
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
return;
}
// Save the result.
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
remoteProtocol_.srcDeviceId, rUidPermission);
PERMISSION_LOG_INFO(
LABEL, "execute: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
if (addResult == Constant::SUCCESS) {
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
} else {
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
}
PERMISSION_LOG_INFO(LABEL, "execute: end as: SyncUidPermissionCommand");
}
void SyncUidPermissionCommand::Finish()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_INFO(LABEL, "clientProcessResult: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "base_remote_command.h"
#include "permission_log.h"
#include "subject_device_permission_manager.h"
#include "ipc_skeleton.h"
#include "bms_adapter.h"
#include "pms_adapter.h"
#include "sync_uid_permission_command.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "SyncUidPermissionCommand"};
}
SyncUidPermissionCommand::SyncUidPermissionCommand(
int32_t uid, const std::string &srcDeviceId, const std::string &dstDeviceId)
: uid_(uid)
{
remoteProtocol_.commandName = COMMAND_NAME;
remoteProtocol_.uniqueId = COMMAND_NAME + "-" + std::to_string(uid);
remoteProtocol_.srcDeviceId = srcDeviceId;
remoteProtocol_.dstDeviceId = dstDeviceId;
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
remoteProtocol_.requestVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
}
SyncUidPermissionCommand::SyncUidPermissionCommand(const std::string &json)
{
nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false);
BaseRemoteCommand::FromRemoteProtocolJson(jsonObject);
if (jsonObject.find("uid") != jsonObject.end() && jsonObject.at("uid").is_number()) {
uid_ = jsonObject.at("uid").get<int32_t>();
}
nlohmann::json bundlePermissionsJson = jsonObject.at("uidPermission").get<nlohmann::json>();
BaseRemoteCommand::FromUidBundlePermissionsJson(bundlePermissionsJson, uidPermission_);
}
std::string SyncUidPermissionCommand::ToJsonPayload()
{
nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson();
j["uid"] = uid_;
j["uidPermission"] = BaseRemoteCommand::ToUidBundlePermissionsJson(uidPermission_);
return j.dump();
}
void SyncUidPermissionCommand::Prepare()
{
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
return;
}
iBundleManager_ = bmsAdapter->GetBundleManager();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
PERMISSION_LOG_INFO(LABEL, "prepare: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
// Query PMS to get all permissions and read to send.
if (permissionFetcher_->GetPermissions(uid_, uidPermission_) < 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: resultWrapper code is not SUCCESS.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_PERMISSIONS_FAILED;
return;
}
// Check limit.
int32_t count = 0;
for (auto bundle : uidPermission_.bundles) {
count = bundle.permissions.size();
if (count != 0) {
break;
}
}
if (count > Constant::MAX_UID_PERMISSIONS_COUNT) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: permissions exceed MAX_UID_PERMISSIONS_COUNT", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_PERMISSIONS_COUNT_FAILED;
return;
}
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
PERMISSION_LOG_INFO(LABEL, "prepare: end as: SyncUidPermissionCommand");
}
void SyncUidPermissionCommand::Execute()
{
PERMISSION_LOG_INFO(LABEL, "execute: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
return;
}
iBundleManager_ = bmsAdapter->GetBundleManager();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
remoteProtocol_.responseDeviceId = Constant::GetLocalDeviceId();
remoteProtocol_.responseVersion = Constant::DISTRIBUTED_PERMISSION_SERVICE_VERSION;
// Re-granted the permissions
UidBundleBo rUidPermission;
if (permissionFetcher_->GetRegrantedPermissions(uidPermission_, rUidPermission) < 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: failed to get regranted permissions.", __func__);
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_GET_REGRANTED_PERMISSIONS_FAILED;
return;
}
// Save the result.
int32_t addResult = SubjectDevicePermissionManager::GetInstance().AddDistributedPermission(
remoteProtocol_.srcDeviceId, rUidPermission);
PERMISSION_LOG_INFO(
LABEL, "execute: SubjectDevicePermissionManager addSubjectPermission result: %{public}d }", addResult);
if (addResult == Constant::SUCCESS) {
remoteProtocol_.statusCode = Constant::SUCCESS;
remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS;
} else {
remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY;
remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED;
}
PERMISSION_LOG_INFO(LABEL, "execute: end as: SyncUidPermissionCommand");
}
void SyncUidPermissionCommand::Finish()
{
remoteProtocol_.statusCode = Constant::SUCCESS;
PERMISSION_LOG_INFO(LABEL, "clientProcessResult: start as: SyncUidPermissionCommand{uid = %{public}d }", uid_);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

37
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/common/constant.cpp
View File

@ -77,9 +77,10 @@ const std::map<std::string, int32_t> Constant::NAME_TO_OP_CODE_MAP = {
bool Constant::PermissionNameToOrFromOpCode(std::string &permissionName, int32_t &opCode)
{
if (permissionName.empty()) {
auto ite = std::find_if(NAME_TO_OP_CODE_MAP.begin(),
NAME_TO_OP_CODE_MAP.end(),
[opCode](const std::map<std::string, int32_t>::value_type &pair) { return opCode == pair.second; });
auto ite = std::find_if(NAME_TO_OP_CODE_MAP.begin(), NAME_TO_OP_CODE_MAP.end(),
[opCode](const std::map<std::string, int32_t>::value_type &pair) {
return opCode == pair.second;
});
if (ite != NAME_TO_OP_CODE_MAP.end()) {
permissionName = ite->first;
return true;
@ -101,9 +102,10 @@ const std::vector<std::string> Constant::USE_BY_LOCAL_APP_LIST = {
bool Constant::UseByLocalApp(std::string &permissionName)
{
auto it = std::find_if(USE_BY_LOCAL_APP_LIST.begin(),
USE_BY_LOCAL_APP_LIST.end(),
[&permissionName](const auto &useByLocalApp) { return permissionName == useByLocalApp; });
auto it = std::find_if(USE_BY_LOCAL_APP_LIST.begin(), USE_BY_LOCAL_APP_LIST.end(),
[&permissionName](const auto &useByLocalApp) {
return permissionName == useByLocalApp;
});
if (it != USE_BY_LOCAL_APP_LIST.end()) {
return true;
}
@ -137,19 +139,10 @@ const int32_t Constant::RESOURCE_SWITCH_STATUS_DENIED = 0;
const int32_t Constant::RESOURCE_SWITCH_STATUS_ALLOWED = 1;
const std::vector<std::string> Constant::PERMISSION_RECORDS_GETTING_LIST = {"ohos.permission.READ_CONTACTS",
"ohos.permission.GET_TELEPHONY_STATE",
"ohos.permission.LOCATION",
"ohos.permission.MICROPHONE",
"ohos.permission.CAMERA",
"ohos.permission.WRITE_CALENDAR",
"ohos.permission.READ_CALENDAR",
"ohos.permission.MEDIA_LOCATION",
"ohos.permission.READ_MEDIA",
"ohos.permission.WRITE_MEDIA",
"ohos.permission.ACTIVITY_MOTION",
"ohos.permission.READ_HEALTH_DATA",
"ohos.permission.DISTRIBUTED_DATA"};
} // namespace Permission
} // namespace Security
} // namespace OHOS
"ohos.permission.GET_TELEPHONY_STATE", "ohos.permission.LOCATION", "ohos.permission.MICROPHONE",
"ohos.permission.CAMERA", "ohos.permission.WRITE_CALENDAR", "ohos.permission.READ_CALENDAR",
"ohos.permission.MEDIA_LOCATION", "ohos.permission.READ_MEDIA", "ohos.permission.WRITE_MEDIA",
"ohos.permission.ACTIVITY_MOTION", "ohos.permission.READ_HEALTH_DATA", "ohos.permission.DISTRIBUTED_DATA"};
} // namespace Permission
} // namespace Security
} // namespace OHOS

189
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/common/zip_util.cpp
View File

@ -1,68 +1,123 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_log.h"
#include "zip_util.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ZipUtil"};
}
bool ZipUtil::ZipCompress(const std::string &input, const unsigned long tlen, unsigned char *output, unsigned long &len)
{
PERMISSION_LOG_INFO(LABEL, "%{public}s called, input: %{public}s", __func__, input.c_str());
if (output == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
return false;
}
if (compress(output, &len, (unsigned char *)input.c_str(), tlen) != Z_OK) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress failed!", __func__);
return false;
}
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output);
return true;
}
bool ZipUtil::ZipUnCompress(
const unsigned char *input, const unsigned long tlen, std::string &output, unsigned long len)
{
PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
if (len <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return false;
}
unsigned char *buf = (unsigned char *)malloc(len + 1);
if (buf == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
return false;
}
if (uncompress(buf, &len, input, tlen) != Z_OK) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress failed!", __func__);
free(buf);
return false;
}
buf[len] = '\0';
output = (char *)buf;
free(buf);
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output.c_str());
return true;
}
} // namespace Permission
} // namespace Security
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_log.h"
#include "zip_util.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ZipUtil"};
}
bool ZipUtil::ZipCompress(const std::string &input, const unsigned long tlen, unsigned char *output, unsigned long &len)
{
PERMISSION_LOG_INFO(LABEL, "%{public}s called, input: %{public}s", __func__, input.c_str());
if (output == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
return false;
}
if (compress(output, &len, (unsigned char *)input.c_str(), tlen) != Z_OK) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress failed!", __func__);
return false;
}
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output);
return true;
}
bool ZipUtil::ZipUnCompress(
const unsigned char *input, const unsigned long tlen, std::string &output, unsigned long len)
{
PERMISSION_LOG_INFO(LABEL, "%{public}s called", __func__);
if (len <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return false;
}
unsigned char *buf = (unsigned char *)malloc(len + 1);
if (buf == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: no enough memory!", __func__);
return false;
}
if (uncompress(buf, &len, input, tlen) != Z_OK) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress failed!", __func__);
free(buf);
return false;
}
buf[len] = '\0';
output = (char *)buf;
free(buf);
PERMISSION_LOG_INFO(LABEL, "%{public}s done, output: %{public}s", __func__, output.c_str());
return true;
}
bool ZipUtil::CompressCode(const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output)
{
if (codeLen <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return false;
}
unsigned char *buf = (unsigned char *)malloc(codeLen + 1);
if (buf == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
return false;
}
if (!ZipUtil::ZipCompress(input, zipLen, buf, codeLen)) {
if (buf != NULL) {
free(buf);
buf = NULL;
}
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress fail!", __func__);
return false;
}
Base64Util::Encode(buf, codeLen, output);
if (buf != NULL) {
free(buf);
buf = NULL;
}
return true;
}
bool ZipUtil::UnCompressDeCode(
const std::string &input, unsigned long &codeLen, unsigned long &zipLen, std::string &output)
{
if (codeLen <= 0) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: compress length less than 0!", __func__);
return false;
}
unsigned char *pOut = (unsigned char *)malloc(codeLen + 1);
if (pOut == NULL) {
PERMISSION_LOG_ERROR(LABEL, "%{public}s: malloc fail!", __func__);
return false;
}
Base64Util::Decode(input, pOut, codeLen);
if (!ZipUtil::ZipUnCompress(pOut, codeLen, output, zipLen)) {
if (pOut != NULL) {
free(pOut);
pOut = NULL;
}
PERMISSION_LOG_ERROR(LABEL, "%{public}s: uncompress fail!", __func__);
return false;
}
if (pOut != NULL) {
free(pOut);
pOut = NULL;
}
return true;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

153
services/permission_standard/distributedpermissionmanagerservice/main/cpp/include/device/device_info_repository.h → services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/device/device_info_repository.h
View File

@ -1,76 +1,77 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_INFO_REPOSITORY_H
#define DEVICE_INFO_REPOSITORY_H
#include <map>
#include <string>
#include <vector>
#include <mutex>
#include "constant.h"
#include "device_info.h"
namespace OHOS {
namespace Security {
namespace Permission {
class DeviceInfoRepository {
public:
static DeviceInfoRepository &GetInstance();
std::vector<DeviceInfo> ListDeviceInfo();
bool FindDeviceInfo(const std::string &nodeId, DeviceIdType type, DeviceInfo &deviceInfo);
void DeleteAllDeviceInfoExceptOne(const DeviceInfo deviceInfo);
void SaveDeviceInfo(const DeviceInfo deviceInfo);
void SaveDeviceInfo(const DeviceId deviceId, const std::string &deviceName, const std::string &deviceType);
void SaveDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
void DeleteDeviceInfo(const std::string &nodeId, const DeviceIdType type);
void Clear();
private:
bool FindDeviceIdByNodeIdLocked(const std::string &nodeId, const DeviceIdType type, DeviceId &deviceId) const;
bool FindDeviceInfoByDeviceIdLocked(const DeviceId deviceId, DeviceInfo &deviceInfo) const;
bool FindDeviceIdByNetworkIdLocked(const std::string &networkId, DeviceId &deviceId) const;
bool FindDeviceIdByUniversallyUniqueIdLocked(const std::string &universallyUniqueId, DeviceId &deviceId) const;
bool FindDeviceIdByUniqueDisabilityIdLocked(const std::string &uniqueDisabilityId, DeviceId &deviceId) const;
void DeleteDeviceInfoByDeviceIdLocked(const DeviceId deviceId);
std::map<std::string, DeviceId> deviceIdMapByNetworkId_;
std::map<std::string, DeviceId> deviceIdMapByUniversallyUniqueId_;
std::map<std::string, DeviceId> deviceIdMapByUniqueDisabilityId_;
std::map<std::string, DeviceInfo> deviceInfoMap_;
std::recursive_mutex stackLock_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DEVICE_INFO_REPOSITORY_H
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef DEVICE_INFO_REPOSITORY_H
#define DEVICE_INFO_REPOSITORY_H
#include <map>
#include <string>
#include <vector>
#include <mutex>
#include "constant.h"
#include "device_info.h"
namespace OHOS {
namespace Security {
namespace Permission {
class DeviceInfoRepository {
public:
static DeviceInfoRepository &GetInstance();
std::vector<DeviceInfo> ListDeviceInfo();
bool FindDeviceInfo(const std::string &nodeId, DeviceIdType type, DeviceInfo &deviceInfo);
void DeleteAllDeviceInfoExceptOne(const DeviceInfo deviceInfo);
void SaveDeviceInfo(const DeviceInfo deviceInfo);
void SaveDeviceInfo(const DeviceId deviceId, const std::string &deviceName, const std::string &deviceType);
void SaveDeviceInfo(const std::string &networkId, const std::string &universallyUniqueId,
const std::string &uniqueDisabilityId, const std::string &deviceName, const std::string &deviceType);
void DeleteDeviceInfo(const std::string &nodeId, const DeviceIdType type);
void Clear();
private:
bool FindDeviceIdByNodeIdLocked(const std::string &nodeId, const DeviceIdType type, DeviceId &deviceId) const;
bool FindDeviceInfoByDeviceIdLocked(const DeviceId deviceId, DeviceInfo &deviceInfo) const;
bool FindDeviceIdByNetworkIdLocked(const std::string &networkId, DeviceId &deviceId) const;
bool FindDeviceIdByUniversallyUniqueIdLocked(const std::string &universallyUniqueId, DeviceId &deviceId) const;
bool FindDeviceIdByUniqueDisabilityIdLocked(const std::string &uniqueDisabilityId, DeviceId &deviceId) const;
void DeleteDeviceInfoByDeviceIdLocked(const DeviceId deviceId);
std::map<std::string, DeviceId> deviceIdMapByNetworkId_;
std::map<std::string, DeviceId> deviceIdMapByUniversallyUniqueId_;
std::map<std::string, DeviceId> deviceIdMapByUniqueDisabilityId_;
std::map<std::string, DeviceInfo> deviceInfoMap_;
std::recursive_mutex stackLock_;
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
#endif // DEVICE_INFO_REPOSITORY_H

6
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/object_device_json.cpp → services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/object_device_json_object.cpp
View File

@ -30,7 +30,7 @@
#include "nlohmann/json.hpp"
#include "app_log_wrapper.h"
#include "object_device_json.h"
#include "object_device_json_object.h"
namespace OHOS {
namespace Security {
@ -41,7 +41,7 @@ const std::string DEVICE_INFO_UID = "uid_";
const std::string DEVICE_INFO_GRABTED_PERMISSION = "grantedPermission_";
} // namespace
std::string &ObjectDeviceJson::ToJsonString(std::string &jsonString) const
std::string &ObjectDeviceJsonObject::ToJsonString(std::string &jsonString) const
{
nlohmann::json jsonObject;
jsonObject[DEVICE_INFO_DEVICE_ID] = deviceId_;
@ -50,7 +50,7 @@ std::string &ObjectDeviceJson::ToJsonString(std::string &jsonString) const
jsonString = jsonObject.dump();
return jsonString;
}
bool ObjectDeviceJson::FromJsonString(const std::string &jsonString)
bool ObjectDeviceJsonObject::FromJsonString(const std::string &jsonString)
{
nlohmann::json jsonObject = nlohmann::json::parse(jsonString);
if (jsonObject.is_discarded()) {

692
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/object_device_permission_manager.cpp
View File

@ -1,346 +1,346 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "object_device_permission_manager.h"
#include "distributed_permission_manager_service.h"
#include "permission_kit.h"
#include "permission_callback.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionManager"};
}
ObjectDevicePermissionManager::ObjectDevicePermissionManager() : recovered_(false), registered_(false)
{}
ObjectDevicePermissionManager::~ObjectDevicePermissionManager()
{}
ObjectDevicePermissionManager &ObjectDevicePermissionManager::GetInstance()
{
static ObjectDevicePermissionManager instance;
return instance;
}
/**
* If not successfully recovered, recover from file.
*/
void ObjectDevicePermissionManager::Init()
{
if (!recovered_.load()) {
bool recoverResult = ObjectDevicePermissionRepository::GetInstance().RecoverFromFile();
PERMISSION_LOG_INFO(LABEL, "init: recoverResult:%{public}s", recoverResult ? "true" : "false");
recovered_.store(recoverResult);
}
bool falseFlag = false;
if (registered_.compare_exchange_strong(falseFlag, true)) {
PERMISSION_LOG_INFO(LABEL, "Register uid permission and state changed callback.");
MonitorManager::GetInstance().AddOnPermissionChangedListener("ObjectDevicePermissionManager",
std::make_shared<std::function<void(int32_t uid, const std::string &packageName)>>(
[&](int32_t uid, const std::string &packageName) { this->NotifyPermissionChanged(uid); }));
}
}
/**
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
* for all deviceIds that has a relationship with given uid.
*
* @param uid The operation uid in local device.
* @return SUCCESS: 0; FAILURE: -1.
*/
int32_t ObjectDevicePermissionManager::NotifyPermissionChanged(const int32_t uid)
{
PERMISSION_LOG_INFO(LABEL, "notifyPermissionChanged: operation start with uid:%{public}d", uid);
// Check uid is negative, do remove operation instead.
if (uid == SPECIAL_INVALID_UID) {
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid: -1 is SPECIAL_INVALID_UID, return SUCCESS");
return Constant::SUCCESS;
}
if (uid < 0) {
PERMISSION_LOG_INFO(
LABEL, "notifyPermissionChanged: uid: %{public}d is negative, call removeNotifyPermissionMonitorUid", uid);
return RemoveNotifyPermissionMonitorUid(-uid);
}
// For special uid, do not need to notify.
if (DistributedDataValidator::IsSpecRuid(uid)) {
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid is special, return success");
return Constant::SUCCESS;
}
// Find all deviceIds and build command, push to RemoteExecutorManager.
const std::set<std::string> toSyncDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
for (const std::string &deviceId : toSyncDevices) {
const std::shared_ptr<SyncUidPermissionCommand> command =
RemoteCommandFactory::GetInstance().NewSyncUidPermissionCommand(
uid, Constant::GetLocalDeviceId(), deviceId);
const int32_t resultCode = RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
if (resultCode != Constant::SUCCESS) {
PERMISSION_LOG_WARN(LABEL,
"notifyPermissionChanged: SyncUidPermissionCommand resultCode is not SUCCESS: %{public}d",
resultCode);
}
}
if (toSyncDevices.empty()) {
PERMISSION_LOG_DEBUG(
LABEL, "notifyPermissionChanged: devicesToSync is empty, no need to notify, return success");
return Constant::SUCCESS;
}
// Start a new thread to wait 1000 milliseconds, and return the result.
return ProcessDeviceCommandImmediately(uid, toSyncDevices);
}
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUid(const int32_t uid)
{
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: operation start with uid: %{public}d", uid);
// For special uid, do not need to notify.
if (DistributedDataValidator::IsSpecRuid(uid)) {
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: uid is special, return success");
return Constant::SUCCESS;
}
// Find all deviceIds and build command.
const std::set<std::string> toDeleteDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
for (const std::string &deviceId : toDeleteDevices) {
const std::shared_ptr<DeleteUidPermissionCommand> command =
RemoteCommandFactory::GetInstance().NewDeleteUidPermissionCommand(
uid, Constant::GetLocalDeviceId(), deviceId);
RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
}
// Remove uid to deviceId relationship anyway.
ObjectDevicePermissionRepository::GetInstance().RemoveUid(uid);
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
// Ask RemoteExecutorManager to process command
return RemoteCommandManager::GetInstance().Loop();
}
int32_t ObjectDevicePermissionManager::ProcessDeviceCommandImmediately(
const int32_t uid, const std::set<std::string> &devicesToSync)
{
const std::shared_ptr<CountDownLatch> latch = std::make_shared<CountDownLatch>(1);
std::string taskName("ProcessDeviceCommandImmediately");
auto task = [devicesToSync, uid, latch]() {
for (std::string deviceId : devicesToSync) {
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(deviceId);
}
PERMISSION_LOG_INFO(LABEL,
"processDeviceCommandImmediately: all thread for NotifyPermissionChanged finish "
"for uid: %{public}d finished",
uid);
latch->CountDown();
};
std::thread thread(task);
thread.detach();
latch->Await(MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT);
if (latch->GetCount() != 0L) {
PERMISSION_LOG_ERROR(
LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged time out, return FAILURE");
return Constant::FAILURE;
}
PERMISSION_LOG_INFO(LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged succeed, return SUCCESS");
return Constant::SUCCESS;
}
int32_t ObjectDevicePermissionManager::AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid)
{
PERMISSION_LOG_INFO(LABEL,
"addNotifyPermissionMonitorUid: operation start with deviceId: %{public}s",
Constant::EncryptDevId(deviceId).c_str());
if (!DistributedDataValidator::IsDeviceIdValid(deviceId) || !DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL,
"addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: deviceId or uid "
"is invalid, return FAILURE");
return Constant::FAILURE;
}
if (DistributedDataValidator::IsSpecRuid(uid)) {
PERMISSION_LOG_INFO(
LABEL, "addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: uid is special, return SUCCESS");
return Constant::SUCCESS;
}
ObjectDevicePermissionRepository::GetInstance().PutDeviceIdUidPair(deviceId, uid);
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
return Constant::SUCCESS;
}
int32_t ObjectDevicePermissionManager::NotifySyncPermission(
std::string &deviceId, int32_t uid, std::string &packageName)
{
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
PERMISSION_LOG_ERROR(
LABEL, "notifySyncPermission: invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
return Constant::INVALID_DEVICE_ID;
}
if (!DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
return Constant::FAILURE;
}
if (packageName.empty()) {
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid pkgName:%{public}s", packageName.c_str());
return Constant::FAILURE;
}
std::shared_ptr<DistributedPermissionEventHandler> handler =
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
if (handler == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
} else {
std::string taskName("RequestPermissionsFromRemoteTimeout");
auto task = [&deviceId, &uid, this]() {
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
std::shared_ptr<SyncUidPermissionCommand> syncUidPermissionCommand =
std::make_shared<SyncUidPermissionCommand>(uid, Constant::GetLocalDeviceId(), deviceId);
int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand(deviceId, syncUidPermissionCommand);
if (resultCode == Constant::SUCCESS) {
AddNotifyPermissionMonitorUid(deviceId, uid);
}
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: get resultCode:%{public}d", resultCode);
};
handler->PostTask(task, taskName);
}
return Constant::SUCCESS;
}
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
{
PERMISSION_LOG_DEBUG(LABEL,
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
"%{public}d ,uid = %{public}d ",
permission.c_str(),
Constant::EncryptDevId(deviceId).c_str(),
pid,
uid);
int32_t result = VerifyPermissionFromRemoteInner(permission, deviceId, pid, uid);
PERMISSION_LOG_DEBUG(LABEL,
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
"%{public}d ,uid = %{public}d ",
permission.c_str(),
Constant::EncryptDevId(deviceId).c_str(),
pid,
uid);
return result;
}
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemoteInner(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
{
PERMISSION_LOG_DEBUG(LABEL, "VerifyPermissionFromRemoteInner: start");
if (!IsValidVerificationParams(permission, deviceId, uid)) {
PERMISSION_LOG_ERROR(LABEL, "VerifyPermissionFromRemoteInner: with invalid param");
return Constant::PERMISSION_DENIED;
}
if (!DeviceInfoManager::GetInstance().ExistDeviceInfo(deviceId, DeviceIdType::UNIQUE_DISABILITY_ID)) {
PERMISSION_LOG_ERROR(LABEL,
"VerifyPermissionFromRemoteInner:device is ot online: %{public}s",
Constant::EncryptDevId(deviceId).c_str());
return Constant::PERMISSION_DENIED;
}
if (UserHandleManager::IsRootOrSystemUid(uid)) {
return Constant::PERMISSION_GRANTED;
}
if (PermissionBmsManager::GetInstance().IsSystemSignatureUid(uid)) {
// For system program,check if self have the permissin ,the permission will sync to object
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
std::vector<std::string> bundleNames;
iBundleManager_->GetBundlesForUid(uid, bundleNames);
bool allPermissionFlag = true;
for (auto bundleName : bundleNames) {
if (Permission::PermissionKit::VerifyPermission(bundleName, permission, Constant::DEFAULT_USERID) !=
Constant::PERMISSION_GRANTED) {
allPermissionFlag = false;
break;
}
}
if (allPermissionFlag && bundleNames.size() > 0) {
return Constant::PERMISSION_GRANTED;
}
}
return ObjectDevicePermissionRepository::GetInstance().VerifyPermissionFromRemote(permission, deviceId, pid, uid);
}
bool ObjectDevicePermissionManager::IsValidVerificationParams(
const std::string &permission, const std::string &deviceId, const int32_t uid)
{
if (!DistributedDataValidator::IsPermissionNameValid(permission)) {
PERMISSION_LOG_ERROR(LABEL, "invalid permission: %{public}s", permission.c_str());
return false;
}
if (!BaseRemoteCommand::IsSensitiveResource(permission)) {
PERMISSION_LOG_ERROR(LABEL, " permission is not sensitive permission: %{public}s", permission.c_str());
return false;
}
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
return false;
}
if (!DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL, "uid is invalid: %{public}d", uid);
return false;
}
return true;
}
void ObjectDevicePermissionManager::ResetGrantSensitivePermission(
std::string &deviceId, int32_t uid, std::set<std::string> &permissions)
{
ObjectDevicePermissionRepository::GetInstance().GetOrCreateObjectDevice(deviceId)->ResetGrantSensitivePermission(
uid, permissions);
}
void ObjectDevicePermissionManager::RemoveObject(const std::string &deviceId)
{
PERMISSION_LOG_INFO(
LABEL, "removeObject: operation start with deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
ObjectDevicePermissionRepository::GetInstance().RemoveDeviceId(deviceId);
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
};
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUserId(const int32_t userId)
{
std::lock_guard<std::recursive_mutex> guard(remove_notify_permission_monitor_user_id_locl_);
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUserId: operation start with uid: %{public}d", userId);
std::set<int32_t> uidList = ObjectDevicePermissionRepository::GetInstance().ListAllUid();
std::set<int32_t>::iterator iter;
int32_t resultCode = Constant::FAILURE;
for (iter = uidList.begin(); iter != uidList.end(); iter++) {
if (userId == (*iter / UserHandleManager::PER_USER_RANGE)) {
int32_t result = RemoveNotifyPermissionMonitorUid(*iter);
if (result == Constant::SUCCESS) {
resultCode = Constant::SUCCESS;
}
}
}
return resultCode;
};
void ObjectDevicePermissionManager::Clear()
{
PERMISSION_LOG_INFO(LABEL, "clear: remove caches related to all object devices");
ObjectDevicePermissionRepository::GetInstance().Clear();
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
};
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "object_device_permission_manager.h"
#include "distributed_permission_manager_service.h"
#include "permission_kit.h"
#include "permission_callback.h"
#include "bms_adapter.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionManager"};
}
ObjectDevicePermissionManager::ObjectDevicePermissionManager() : recovered_(false), registered_(false)
{}
ObjectDevicePermissionManager::~ObjectDevicePermissionManager()
{}
ObjectDevicePermissionManager &ObjectDevicePermissionManager::GetInstance()
{
static ObjectDevicePermissionManager instance;
return instance;
}
/**
* If not successfully recovered, recover from file.
*/
void ObjectDevicePermissionManager::Init()
{
if (!recovered_.load()) {
bool recoverResult = ObjectDevicePermissionRepository::GetInstance().RecoverFromFile();
PERMISSION_LOG_INFO(LABEL, "init: recoverResult:%{public}s", recoverResult ? "true" : "false");
recovered_.store(recoverResult);
}
bool falseFlag = false;
if (registered_.compare_exchange_strong(falseFlag, true)) {
PERMISSION_LOG_INFO(LABEL, "Register uid permission and state changed callback.");
MonitorManager::GetInstance().AddOnPermissionChangedListener("ObjectDevicePermissionManager",
std::make_shared<std::function<void(int32_t uid, const std::string &packageName)>>(
[&](int32_t uid, const std::string &packageName) { this->NotifyPermissionChanged(uid); }));
}
}
/**
* Operation function. Ask RemoteExecutorManager to execute SyncUidPermissionCommand or DeleteUidPermissionCommand
* for all deviceIds that has a relationship with given uid.
*
* @param uid The operation uid in local device.
* @return SUCCESS: 0; FAILURE: -1.
*/
int32_t ObjectDevicePermissionManager::NotifyPermissionChanged(const int32_t uid)
{
PERMISSION_LOG_INFO(LABEL, "notifyPermissionChanged: operation start with uid:%{public}d", uid);
// Check uid is negative, do remove operation instead.
if (uid == SPECIAL_INVALID_UID) {
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid: -1 is SPECIAL_INVALID_UID, return SUCCESS");
return Constant::SUCCESS;
}
if (uid < 0) {
PERMISSION_LOG_INFO(
LABEL, "notifyPermissionChanged: uid: %{public}d is negative, call removeNotifyPermissionMonitorUid", uid);
return RemoveNotifyPermissionMonitorUid(-uid);
}
// For special uid, do not need to notify.
if (DistributedDataValidator::IsSpecRuid(uid)) {
PERMISSION_LOG_DEBUG(LABEL, "notifyPermissionChanged: uid is special, return success");
return Constant::SUCCESS;
}
// Find all deviceIds and build command, push to RemoteExecutorManager.
const std::set<std::string> toSyncDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
for (const std::string &deviceId : toSyncDevices) {
const std::shared_ptr<SyncUidPermissionCommand> command =
RemoteCommandFactory::GetInstance().NewSyncUidPermissionCommand(
uid, Constant::GetLocalDeviceId(), deviceId);
const int32_t resultCode = RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
if (resultCode != Constant::SUCCESS) {
PERMISSION_LOG_WARN(LABEL,
"notifyPermissionChanged: SyncUidPermissionCommand resultCode is not SUCCESS: %{public}d",
resultCode);
}
}
if (toSyncDevices.empty()) {
PERMISSION_LOG_DEBUG(
LABEL, "notifyPermissionChanged: devicesToSync is empty, no need to notify, return success");
return Constant::SUCCESS;
}
// Start a new thread to wait 1000 milliseconds, and return the result.
return ProcessDeviceCommandImmediately(uid, toSyncDevices);
}
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUid(const int32_t uid)
{
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: operation start with uid: %{public}d", uid);
// For special uid, do not need to notify.
if (DistributedDataValidator::IsSpecRuid(uid)) {
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUid: uid is special, return success");
return Constant::SUCCESS;
}
// Find all deviceIds and build command.
const std::set<std::string> toDeleteDevices = ObjectDevicePermissionRepository::GetInstance().ListDeviceId(uid);
for (const std::string &deviceId : toDeleteDevices) {
const std::shared_ptr<DeleteUidPermissionCommand> command =
RemoteCommandFactory::GetInstance().NewDeleteUidPermissionCommand(
uid, Constant::GetLocalDeviceId(), deviceId);
RemoteCommandManager::GetInstance().AddCommand(deviceId, command);
}
// Remove uid to deviceId relationship anyway.
ObjectDevicePermissionRepository::GetInstance().RemoveUid(uid);
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
// Ask RemoteExecutorManager to process command
return RemoteCommandManager::GetInstance().Loop();
}
int32_t ObjectDevicePermissionManager::ProcessDeviceCommandImmediately(const int32_t uid,
const std::set<std::string> &devicesToSync) const
{
const std::shared_ptr<CountDownLatch> latch = std::make_shared<CountDownLatch>(1);
std::string taskName("ProcessDeviceCommandImmediately");
auto task = [devicesToSync, uid, latch]() {
for (std::string deviceId : devicesToSync) {
RemoteCommandManager::GetInstance().ProcessDeviceCommandImmediately(deviceId);
}
PERMISSION_LOG_INFO(LABEL,
"processDeviceCommandImmediately: all thread for NotifyPermissionChanged finish "
"for uid: %{public}d finished",
uid);
latch->CountDown();
};
std::thread thread(task);
thread.detach();
latch->Await(MAX_NOTIFY_PERMISSION_CHANGED_TIMEOUT);
if (latch->GetCount() != 0L) {
PERMISSION_LOG_ERROR(
LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged time out, return FAILURE");
return Constant::FAILURE;
}
PERMISSION_LOG_INFO(LABEL, "processDeviceCommandImmediately: NotifyPermissionChanged succeed, return SUCCESS");
return Constant::SUCCESS;
}
int32_t ObjectDevicePermissionManager::AddNotifyPermissionMonitorUid(const std::string &deviceId, const int32_t uid)
{
PERMISSION_LOG_INFO(LABEL,
"addNotifyPermissionMonitorUid: operation start with deviceId: %{public}s",
Constant::EncryptDevId(deviceId).c_str());
if (!DistributedDataValidator::IsDeviceIdValid(deviceId) || !DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL,
"addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: deviceId or uid "
"is invalid, return FAILURE");
return Constant::FAILURE;
}
if (DistributedDataValidator::IsSpecRuid(uid)) {
PERMISSION_LOG_INFO(
LABEL, "addNotifyPermissionMonitorUid: addNotifyPermissionMonitorUid: uid is special, return SUCCESS");
return Constant::SUCCESS;
}
ObjectDevicePermissionRepository::GetInstance().PutDeviceIdUidPair(deviceId, uid);
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
return Constant::SUCCESS;
}
int32_t ObjectDevicePermissionManager::NotifySyncPermission(
std::string &deviceId, int32_t uid, std::string &packageName)
{
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
PERMISSION_LOG_ERROR(
LABEL, "notifySyncPermission: invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
return Constant::INVALID_DEVICE_ID;
}
if (!DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
return Constant::FAILURE;
}
if (packageName.empty()) {
PERMISSION_LOG_ERROR(LABEL, "notifySyncPermission: invalid pkgName:%{public}s", packageName.c_str());
return Constant::FAILURE;
}
std::shared_ptr<DistributedPermissionEventHandler> handler =
DelayedSingleton<DistributedPermissionManagerService>::GetInstance()->GetEventHandler();
if (handler == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "fail to get EventHandler");
} else {
std::string taskName("RequestPermissionsFromRemoteTimeout");
auto task = [&deviceId, &uid, this]() {
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: invalid uid:%{public}d", uid);
std::shared_ptr<SyncUidPermissionCommand> syncUidPermissionCommand =
std::make_shared<SyncUidPermissionCommand>(uid, Constant::GetLocalDeviceId(), deviceId);
int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand(deviceId, syncUidPermissionCommand);
if (resultCode == Constant::SUCCESS) {
AddNotifyPermissionMonitorUid(deviceId, uid);
}
PERMISSION_LOG_INFO(LABEL, "notifySyncPermission: get resultCode:%{public}d", resultCode);
};
handler->PostTask(task, taskName);
}
return Constant::SUCCESS;
}
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
{
PERMISSION_LOG_DEBUG(LABEL,
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
"%{public}d ,uid = %{public}d ",
permission.c_str(),
Constant::EncryptDevId(deviceId).c_str(),
pid,
uid);
int32_t result = VerifyPermissionFromRemoteInner(permission, deviceId, pid, uid);
PERMISSION_LOG_DEBUG(LABEL,
"verifyPermissionFromRemote: permission: = %{public}s, deviceId = %{public}s, pid = "
"%{public}d ,uid = %{public}d ",
permission.c_str(),
Constant::EncryptDevId(deviceId).c_str(),
pid,
uid);
return result;
}
int32_t ObjectDevicePermissionManager::VerifyPermissionFromRemoteInner(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
{
PERMISSION_LOG_DEBUG(LABEL, "VerifyPermissionFromRemoteInner: start");
if (!IsValidVerificationParams(permission, deviceId, uid)) {
PERMISSION_LOG_ERROR(LABEL, "VerifyPermissionFromRemoteInner: with invalid param");
return Constant::PERMISSION_DENIED;
}
if (!DeviceInfoManager::GetInstance().ExistDeviceInfo(deviceId, DeviceIdType::UNIQUE_DISABILITY_ID)) {
PERMISSION_LOG_ERROR(LABEL,
"VerifyPermissionFromRemoteInner:device is ot online: %{public}s",
Constant::EncryptDevId(deviceId).c_str());
return Constant::PERMISSION_DENIED;
}
if (UserHandleManager::IsRootOrSystemUid(uid)) {
return Constant::PERMISSION_GRANTED;
}
if (PermissionBmsManager::GetInstance().IsSystemSignatureUid(uid)) {
// For system program,check if self have the permissin ,the permission will sync to object
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
iBundleManager_ = bmsAdapter->GetBundleManager();
std::vector<std::string> bundleNames;
iBundleManager_->GetBundlesForUid(uid, bundleNames);
bool allPermissionFlag = true;
for (auto bundleName : bundleNames) {
if (Permission::PermissionKit::VerifyPermission(bundleName, permission, Constant::DEFAULT_USERID) !=
Constant::PERMISSION_GRANTED) {
allPermissionFlag = false;
break;
}
}
if (allPermissionFlag && bundleNames.size() > 0) {
return Constant::PERMISSION_GRANTED;
}
}
return ObjectDevicePermissionRepository::GetInstance().VerifyPermissionFromRemote(permission, deviceId, pid, uid);
}
bool ObjectDevicePermissionManager::IsValidVerificationParams(const std::string &permission,
const std::string &deviceId, const int32_t uid) const
{
if (!DistributedDataValidator::IsPermissionNameValid(permission)) {
PERMISSION_LOG_ERROR(LABEL, "invalid permission: %{public}s", permission.c_str());
return false;
}
if (!BaseRemoteCommand::IsSensitiveResource(permission)) {
PERMISSION_LOG_ERROR(LABEL, " permission is not sensitive permission: %{public}s", permission.c_str());
return false;
}
if (!DistributedDataValidator::IsDeviceIdValid(deviceId)) {
PERMISSION_LOG_ERROR(LABEL, "invalid deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
return false;
}
if (!DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL, "uid is invalid: %{public}d", uid);
return false;
}
return true;
}
void ObjectDevicePermissionManager::ResetGrantSensitivePermission(
std::string &deviceId, int32_t uid, std::set<std::string> &permissions)
{
ObjectDevicePermissionRepository::GetInstance().GetOrCreateObjectDevice(deviceId)->ResetGrantSensitivePermission(
uid, permissions);
}
void ObjectDevicePermissionManager::RemoveObject(const std::string &deviceId)
{
PERMISSION_LOG_INFO(
LABEL, "removeObject: operation start with deviceId: %{public}s", Constant::EncryptDevId(deviceId).c_str());
ObjectDevicePermissionRepository::GetInstance().RemoveDeviceId(deviceId);
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
};
int32_t ObjectDevicePermissionManager::RemoveNotifyPermissionMonitorUserId(const int32_t userId)
{
std::lock_guard<std::recursive_mutex> guard(remove_notify_permission_monitor_user_id_locl_);
PERMISSION_LOG_INFO(LABEL, "removeNotifyPermissionMonitorUserId: operation start with uid: %{public}d", userId);
std::set<int32_t> uidList = ObjectDevicePermissionRepository::GetInstance().ListAllUid();
std::set<int32_t>::iterator iter;
int32_t resultCode = Constant::FAILURE;
for (iter = uidList.begin(); iter != uidList.end(); iter++) {
if (userId == (*iter / UserHandleManager::PER_USER_RANGE)) {
int32_t result = RemoveNotifyPermissionMonitorUid(*iter);
if (result == Constant::SUCCESS) {
resultCode = Constant::SUCCESS;
}
}
}
return resultCode;
};
void ObjectDevicePermissionManager::Clear()
{
PERMISSION_LOG_INFO(LABEL, "clear: remove caches related to all object devices");
ObjectDevicePermissionRepository::GetInstance().Clear();
ObjectDevicePermissionRepository::GetInstance().SaveToFile();
};
} // namespace Permission
} // namespace Security
} // namespace OHOS

674
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/object_device_permission_repository.cpp
View File

@ -1,337 +1,337 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "object_device_permission_repository.h"
// #include "req_object_device.h"
// #include "req_object_device object_uid.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionRepository"};
}
namespace {
const std::string JSON_KEY_DEVICE_JSON = "devicesJson_";
} // namespace
ObjectDevicePermissionRepository::ObjectDevicePermissionRepository()
{}
ObjectDevicePermissionRepository::~ObjectDevicePermissionRepository()
{}
ObjectDevicePermissionRepository &ObjectDevicePermissionRepository::GetInstance()
{
static ObjectDevicePermissionRepository instance;
return instance;
}
int32_t ObjectDevicePermissionRepository::VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
auto iter = objectDevices_.find(deviceId);
if (iter == objectDevices_.end()) {
PERMISSION_LOG_ERROR(
LABEL, "VerifyPermissionFromRemote:the deviceUids is null and it has not been initialized");
return Constant::PERMISSION_DENIED;
}
if (objectDevices_.at(deviceId)->IsGrantPermission(uid, permission)) {
return Constant::PERMISSION_GRANTED;
}
return Constant::PERMISSION_DENIED;
}
std::shared_ptr<ObjectDevice> ObjectDevicePermissionRepository::GetOrCreateObjectDevice(std::string &deviceId)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
auto iter = objectDevices_.find(deviceId);
if (iter != objectDevices_.end()) {
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
if (device == nullptr) {
device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
}
return device;
}
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
return device;
}
void ObjectDevicePermissionRepository::PutDeviceIdUidPair(const std::string deviceId, const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
auto iter = objectDevices_.find(deviceId);
if (iter != objectDevices_.end()) {
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
if (device == nullptr) {
device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
}
device->AddObjectUid(uid);
return;
}
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
device->AddObjectUid(uid);
}
std::vector<ObjectDeviceJson> ObjectDevicePermissionRepository::GetDevicesJsonVector()
{
std::vector<ObjectDeviceJson> objectDeviceJson;
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
std::string deviceId = iter->first;
if (iter->second == nullptr) {
continue;
}
std::map<int32_t, std::shared_ptr<ObjectUid>> objectUids = iter->second->GetUidPermissions();
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator iterU;
for (iterU = objectUids.begin(); iterU != objectUids.end(); iterU++) {
std::string uid = std::to_string(iterU->second->GetUid());
std::set<std::string> grabtedPermissions = iterU->second->GetGrabtedPermission();
if (grabtedPermissions.size() == 0) {
std::string noGrabtedPermission("");
ObjectDeviceJson odj = {deviceId, uid, noGrabtedPermission};
objectDeviceJson.push_back(odj);
}
std::set<std::string>::iterator iterSet;
for (iterSet = grabtedPermissions.begin(); iterSet != grabtedPermissions.end(); iterSet++) {
std::string grabtedPermission = *iterSet;
ObjectDeviceJson odj = {deviceId, uid, grabtedPermission};
objectDeviceJson.push_back(odj);
}
}
}
return objectDeviceJson;
}
void ObjectDevicePermissionRepository::SaveToFile()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::vector<ObjectDeviceJson> objectDeviceVector = GetDevicesJsonVector();
DevicesJsonVector devicesJsonVector = {objectDeviceVector};
nlohmann::json j = devicesJsonVector;
std::string devicesJsonVectorStr = j.dump();
std::ofstream out(repository_file_path_);
out << devicesJsonVectorStr << std::endl;
out.close();
}
bool ObjectDevicePermissionRepository::RecoverFromFile()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::ifstream jsonStream(repository_file_path_);
if (!jsonStream.good()) {
return false;
}
nlohmann::json jsonResult;
jsonStream >> jsonResult;
DevicesJsonVector devicesJsonVector = jsonResult.get<DevicesJsonVector>();
std::vector<ObjectDeviceJson> devicesJson = devicesJsonVector.devicesJson_;
std::string lastTimeDeviceId("");
std::string lastTimeUid("");
std::set<std::string> lastPermissionSet;
std::map<int32_t, std::shared_ptr<ObjectUid>> lastUniPermissions;
for (std::vector<ObjectDeviceJson>::iterator it = devicesJson.begin(); it != devicesJson.end(); it++) {
std::string deviceId = it->deviceId_;
std::string uid = it->uid_;
std::string grabtedPermission = it->grantedPermission_;
if ((lastTimeDeviceId != deviceId || lastTimeUid != uid) && !lastTimeUid.empty()) {
std::shared_ptr<ObjectUid> uidResult =
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
lastUniPermissions.insert(
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
lastPermissionSet.clear();
}
if (lastTimeDeviceId != deviceId) {
if (!lastTimeDeviceId.empty()) {
std::shared_ptr<ObjectDevice> objectDeviceResult =
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
objectDevices_.insert(
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
lastUniPermissions.clear();
}
}
if (!grabtedPermission.empty()) {
lastPermissionSet.insert(grabtedPermission);
}
lastTimeDeviceId = deviceId;
lastTimeUid = uid;
}
if (devicesJson.size() > 0) {
std::shared_ptr<ObjectUid> uidResult =
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
lastUniPermissions.insert(
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
std::shared_ptr<ObjectDevice> objectDeviceResult =
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
objectDevices_.insert(
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
}
return true;
}
std::set<std::string> ObjectDevicePermissionRepository::ListDeviceId(const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::set<std::string> set;
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
if (iter->second->ContainUid(uid)) {
set.insert(iter->second->GetDeviceId());
}
}
return set;
}
void ObjectDevicePermissionRepository::RemoveUid(const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
iter->second->RemoveObjectUid(uid);
}
}
void ObjectDevicePermissionRepository::RemoveDeviceId(const std::string &deviceId)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
objectDevices_.erase(deviceId);
}
std::set<int32_t> ObjectDevicePermissionRepository::ListAllUid()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::set<int32_t> s;
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
std::map<int32_t, std::shared_ptr<ObjectUid>> m = iter->second->GetUidPermissions();
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator it;
for (it = m.begin(); it != m.end(); it++) {
s.insert(it->second->GetUid());
}
}
return s;
}
void ObjectDevicePermissionRepository::Clear()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
objectDevices_.clear();
}
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector)
{
std::vector<std::string> deviceStrings;
for (const ObjectDeviceJson &objectDeviceJson : devicesJsonVector.devicesJson_) {
std::string deviceStr;
objectDeviceJson.ToJsonString(deviceStr);
deviceStrings.emplace_back(deviceStr);
}
jsonObject[JSON_KEY_DEVICE_JSON] = deviceStrings;
}
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector)
{
if (jsonObject.find(JSON_KEY_DEVICE_JSON) != jsonObject.end()) {
std::vector<std::string> deviceStrings = jsonObject.at(JSON_KEY_DEVICE_JSON).get<std::vector<std::string>>();
for (std::string &deviceStr : deviceStrings) {
ObjectDeviceJson objectDeviceJson;
objectDeviceJson.FromJsonString(deviceStr);
devicesJsonVector.devicesJson_.emplace_back(objectDeviceJson);
}
}
}
ObjectDevice::ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions)
: deviceId_(deviceId)
{
for (auto it = uniPermissions.begin(); it != uniPermissions.end(); it++) {
uniPermissions_.insert(*it);
}
}
std::string ObjectDevice::GetDeviceId()
{
return deviceId_;
}
bool ObjectDevice::ContainUid(int32_t uid)
{
return uniPermissions_.find(uid) != uniPermissions_.end();
}
std::map<int32_t, std::shared_ptr<ObjectUid>> ObjectDevice::GetUidPermissions()
{
return uniPermissions_;
}
void ObjectDevice::AddObjectUid(int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
uniPermissions_.insert(std::pair<int32_t, std::shared_ptr<ObjectUid>>(uid, std::make_shared<ObjectUid>(uid)));
}
void ObjectDevice::RemoveObjectUid(int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
uniPermissions_.erase(uid);
}
void ObjectDevice::ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions)
{
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
if (ContainUid(uid)) {
auto iter = uniPermissions_.find(uid);
if (iter != uniPermissions_.end()) {
uniPermissions_.at(uid)->ResetGrantSensitivePermission(permissions);
}
}
}
bool ObjectDevice::IsGrantPermission(int32_t uid, std::string permission)
{
if (ContainUid(uid)) {
auto iter = uniPermissions_.find(uid);
if (iter != uniPermissions_.end()) {
return uniPermissions_.at(uid)->IsGrantPermission(permission);
}
}
return false;
}
int32_t ObjectUid::GetUid()
{
return uid_;
}
std::set<std::string> ObjectUid::GetGrabtedPermission()
{
return grantedPermission_;
}
void ObjectUid::ResetGrantSensitivePermission(std::set<std::string> permissions)
{
std::lock_guard<std::recursive_mutex> guard(object_uid_locl_);
if (permissions.size() == 0) {
return;
}
grantedPermission_.clear();
std::set<std::string>::iterator iter;
for (iter = permissions.begin(); iter != permissions.end(); iter++) {
if (BaseRemoteCommand::IsSensitiveResource(*iter)) {
grantedPermission_.insert(*iter);
}
}
}
bool ObjectUid::IsGrantPermission(std::string permission)
{
return grantedPermission_.count(permission) > 0;
}
ObjectUid::ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission) : uid_(uid)
{
std::set<std::string>::iterator it;
for (auto it = grabtedPermission.begin(); it != grabtedPermission.end(); it++) {
grantedPermission_.insert(*it);
}
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "object_device_permission_repository.h"
// #include "req_object_device.h"
// #include "req_object_device object_uid.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
LOG_CORE, SECURITY_DOMAIN_PERMISSION, "ObjectDevicePermissionRepository"};
}
namespace {
const std::string JSON_KEY_DEVICE_JSON = "devicesJson_";
} // namespace
ObjectDevicePermissionRepository::ObjectDevicePermissionRepository()
{}
ObjectDevicePermissionRepository::~ObjectDevicePermissionRepository()
{}
ObjectDevicePermissionRepository &ObjectDevicePermissionRepository::GetInstance()
{
static ObjectDevicePermissionRepository instance;
return instance;
}
int32_t ObjectDevicePermissionRepository::VerifyPermissionFromRemote(
const std::string &permission, const std::string &deviceId, const int32_t pid, const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
auto iter = objectDevices_.find(deviceId);
if (iter == objectDevices_.end()) {
PERMISSION_LOG_ERROR(
LABEL, "VerifyPermissionFromRemote:the deviceUids is null and it has not been initialized");
return Constant::PERMISSION_DENIED;
}
if (objectDevices_.at(deviceId)->IsGrantPermission(uid, permission)) {
return Constant::PERMISSION_GRANTED;
}
return Constant::PERMISSION_DENIED;
}
std::shared_ptr<ObjectDevice> ObjectDevicePermissionRepository::GetOrCreateObjectDevice(std::string &deviceId)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
auto iter = objectDevices_.find(deviceId);
if (iter != objectDevices_.end()) {
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
if (device == nullptr) {
device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
}
return device;
}
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
return device;
}
void ObjectDevicePermissionRepository::PutDeviceIdUidPair(const std::string deviceId, const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
auto iter = objectDevices_.find(deviceId);
if (iter != objectDevices_.end()) {
std::shared_ptr<ObjectDevice> device = objectDevices_.at(deviceId);
if (device == nullptr) {
device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
}
device->AddObjectUid(uid);
return;
}
std::shared_ptr<ObjectDevice> device = std::make_shared<ObjectDevice>(deviceId);
objectDevices_.insert(std::pair<std::string, std::shared_ptr<ObjectDevice>>(deviceId, device));
device->AddObjectUid(uid);
}
std::vector<ObjectDeviceJsonObject> ObjectDevicePermissionRepository::GetDevicesJsonVector()
{
std::vector<ObjectDeviceJsonObject> objectDeviceJsonObject;
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
std::string deviceId = iter->first;
if (iter->second == nullptr) {
continue;
}
std::map<int32_t, std::shared_ptr<ObjectUid>> objectUids = iter->second->GetUidPermissions();
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator iterU;
for (iterU = objectUids.begin(); iterU != objectUids.end(); iterU++) {
std::string uid = std::to_string(iterU->second->GetUid());
std::set<std::string> grabtedPermissions = iterU->second->GetGrantedPermission();
if (grabtedPermissions.size() == 0) {
std::string noGrabtedPermission("");
ObjectDeviceJsonObject odj = {deviceId, uid, noGrabtedPermission};
objectDeviceJsonObject.push_back(odj);
}
std::set<std::string>::iterator iterSet;
for (iterSet = grabtedPermissions.begin(); iterSet != grabtedPermissions.end(); iterSet++) {
std::string grabtedPermission = *iterSet;
ObjectDeviceJsonObject odj = {deviceId, uid, grabtedPermission};
objectDeviceJsonObject.push_back(odj);
}
}
}
return objectDeviceJsonObject;
}
void ObjectDevicePermissionRepository::SaveToFile()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::vector<ObjectDeviceJsonObject> objectDeviceVector = GetDevicesJsonVector();
DevicesJsonVector devicesJsonVector = {objectDeviceVector};
nlohmann::json j = devicesJsonVector;
std::string devicesJsonVectorStr = j.dump();
std::ofstream out(repository_file_path_);
out << devicesJsonVectorStr << std::endl;
out.close();
}
bool ObjectDevicePermissionRepository::RecoverFromFile()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::ifstream jsonStream(repository_file_path_);
if (!jsonStream.good()) {
return false;
}
nlohmann::json jsonResult;
jsonStream >> jsonResult;
DevicesJsonVector devicesJsonVector = jsonResult.get<DevicesJsonVector>();
std::vector<ObjectDeviceJsonObject> devicesJson = devicesJsonVector.devicesJson_;
std::string lastTimeDeviceId("");
std::string lastTimeUid("");
std::set<std::string> lastPermissionSet;
std::map<int32_t, std::shared_ptr<ObjectUid>> lastUniPermissions;
for (std::vector<ObjectDeviceJsonObject>::iterator it = devicesJson.begin(); it != devicesJson.end(); it++) {
std::string deviceId = it->deviceId_;
std::string uid = it->uid_;
std::string grabtedPermission = it->grantedPermission_;
if ((lastTimeDeviceId != deviceId || lastTimeUid != uid) && !lastTimeUid.empty()) {
std::shared_ptr<ObjectUid> uidResult =
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
lastUniPermissions.insert(
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
lastPermissionSet.clear();
}
if (lastTimeDeviceId != deviceId) {
if (!lastTimeDeviceId.empty()) {
std::shared_ptr<ObjectDevice> objectDeviceResult =
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
objectDevices_.insert(
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
lastUniPermissions.clear();
}
}
if (!grabtedPermission.empty()) {
lastPermissionSet.insert(grabtedPermission);
}
lastTimeDeviceId = deviceId;
lastTimeUid = uid;
}
if (devicesJson.size() > 0) {
std::shared_ptr<ObjectUid> uidResult =
std::make_shared<ObjectUid>(std::atoi(lastTimeUid.c_str()), lastPermissionSet);
lastUniPermissions.insert(
std::pair<int32_t, std::shared_ptr<ObjectUid>>(std::atoi(lastTimeUid.c_str()), uidResult));
std::shared_ptr<ObjectDevice> objectDeviceResult =
std::make_shared<ObjectDevice>(lastTimeDeviceId, lastUniPermissions);
objectDevices_.insert(
std::pair<std::string, std::shared_ptr<ObjectDevice>>(lastTimeDeviceId, objectDeviceResult));
}
return true;
}
std::set<std::string> ObjectDevicePermissionRepository::ListDeviceId(const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::set<std::string> set;
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
if (iter->second->ContainUid(uid)) {
set.insert(iter->second->GetDeviceId());
}
}
return set;
}
void ObjectDevicePermissionRepository::RemoveUid(const int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
iter->second->RemoveObjectUid(uid);
}
}
void ObjectDevicePermissionRepository::RemoveDeviceId(const std::string &deviceId)
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
objectDevices_.erase(deviceId);
}
std::set<int32_t> ObjectDevicePermissionRepository::ListAllUid()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
std::set<int32_t> s;
std::map<std::string, std::shared_ptr<ObjectDevice>>::iterator iter;
for (iter = objectDevices_.begin(); iter != objectDevices_.end(); iter++) {
std::map<int32_t, std::shared_ptr<ObjectUid>> m = iter->second->GetUidPermissions();
std::map<int32_t, std::shared_ptr<ObjectUid>>::iterator it;
for (it = m.begin(); it != m.end(); it++) {
s.insert(it->second->GetUid());
}
}
return s;
}
void ObjectDevicePermissionRepository::Clear()
{
std::lock_guard<std::recursive_mutex> guard(object_devices_locl_);
objectDevices_.clear();
}
void to_json(nlohmann::json &jsonObject, const DevicesJsonVector &devicesJsonVector)
{
std::vector<std::string> deviceStrings;
for (const ObjectDeviceJsonObject &objectDeviceJsonObject : devicesJsonVector.devicesJson_) {
std::string deviceStr;
objectDeviceJsonObject.ToJsonString(deviceStr);
deviceStrings.emplace_back(deviceStr);
}
jsonObject[JSON_KEY_DEVICE_JSON] = deviceStrings;
}
void from_json(const nlohmann::json &jsonObject, DevicesJsonVector &devicesJsonVector)
{
if (jsonObject.find(JSON_KEY_DEVICE_JSON) != jsonObject.end()) {
std::vector<std::string> deviceStrings = jsonObject.at(JSON_KEY_DEVICE_JSON).get<std::vector<std::string>>();
for (std::string &deviceStr : deviceStrings) {
ObjectDeviceJsonObject objectDeviceJsonObject;
objectDeviceJsonObject.FromJsonString(deviceStr);
devicesJsonVector.devicesJson_.emplace_back(objectDeviceJsonObject);
}
}
}
ObjectDevice::ObjectDevice(const std::string &deviceId, std::map<int32_t, std::shared_ptr<ObjectUid>> uniPermissions)
: deviceId_(deviceId)
{
for (auto it = uniPermissions.begin(); it != uniPermissions.end(); it++) {
uniPermissions_.insert(*it);
}
}
std::string ObjectDevice::GetDeviceId() const
{
return deviceId_;
}
bool ObjectDevice::ContainUid(int32_t uid) const
{
return uniPermissions_.find(uid) != uniPermissions_.end();
}
std::map<int32_t, std::shared_ptr<ObjectUid>> ObjectDevice::GetUidPermissions()
{
return uniPermissions_;
}
void ObjectDevice::AddObjectUid(int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
uniPermissions_.insert(std::pair<int32_t, std::shared_ptr<ObjectUid>>(uid, std::make_shared<ObjectUid>(uid)));
}
void ObjectDevice::RemoveObjectUid(int32_t uid)
{
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
uniPermissions_.erase(uid);
}
void ObjectDevice::ResetGrantSensitivePermission(int32_t uid, std::set<std::string> permissions)
{
std::lock_guard<std::recursive_mutex> guard(object_device_locl_);
if (ContainUid(uid)) {
auto iter = uniPermissions_.find(uid);
if (iter != uniPermissions_.end()) {
uniPermissions_.at(uid)->ResetGrantSensitivePermission(permissions);
}
}
}
bool ObjectDevice::IsGrantPermission(int32_t uid, std::string permission)
{
if (ContainUid(uid)) {
auto iter = uniPermissions_.find(uid);
if (iter != uniPermissions_.end()) {
return uniPermissions_.at(uid)->IsGrantPermission(permission);
}
}
return false;
}
int32_t ObjectUid::GetUid()
{
return uid_;
}
std::set<std::string> ObjectUid::GetGrantedPermission() const
{
return grantedPermission_;
}
void ObjectUid::ResetGrantSensitivePermission(std::set<std::string> permissions)
{
std::lock_guard<std::recursive_mutex> guard(object_uid_locl_);
if (permissions.size() == 0) {
return;
}
grantedPermission_.clear();
std::set<std::string>::iterator iter;
for (iter = permissions.begin(); iter != permissions.end(); iter++) {
if (BaseRemoteCommand::IsSensitiveResource(*iter)) {
grantedPermission_.insert(*iter);
}
}
}
bool ObjectUid::IsGrantPermission(std::string permission) const
{
return grantedPermission_.count(permission) > 0;
}
ObjectUid::ObjectUid(const int32_t uid, const std::set<std::string> &grabtedPermission) : uid_(uid)
{
std::set<std::string>::iterator it;
for (auto it = grabtedPermission.begin(); it != grabtedPermission.end(); it++) {
grantedPermission_.insert(*it);
}
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

335
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/permission_bms_manager.cpp
View File

@ -1,166 +1,169 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_bms_manager.h"
#include "monitor_manager.h"
#include "distributed_data_validator.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionBmsManager"};
}
namespace {
static const std::string TAG = "PERMISSION_BMS_MANAGER";
}
PermissionBmsManager::PermissionBmsManager()
: iBundleManager_(nullptr), iPermissionManager_(nullptr), permissionFetcher_(nullptr), appInfoFetcher_(nullptr)
{
PERMISSION_LOG_DEBUG(LABEL, "PermissionBmsManager()");
}
PermissionBmsManager::~PermissionBmsManager()
{
PERMISSION_LOG_DEBUG(LABEL, "~PermissionBmsManager()");
}
PermissionBmsManager &PermissionBmsManager::GetInstance()
{
static PermissionBmsManager instance;
return instance;
}
int PermissionBmsManager::Init()
{
PERMISSION_LOG_DEBUG(LABEL, "Init begin");
appInfoFetcher_ = std::make_shared<AppInfoFetcher>();
if (appInfoFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "construct AppInfoFetcher failed.");
return Constant::FAILURE;
}
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "construct ExternalDeps failed.");
return Constant::FAILURE;
}
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "construct PermissionFetcher failed.");
return Constant::FAILURE;
}
PermissionListener::Init();
std::function<void(int uid, const std::string &packageName)> callback =
std::bind(&AppInfoFetcher::RemoveAttributeBuffer, appInfoFetcher_, std::placeholders::_1);
auto callbackPtr = std::make_shared<MonitorManager::OnPermissionChangedCallback>(callback);
MonitorManager::GetInstance().AddOnPermissionChangedListener(TAG, callbackPtr);
PERMISSION_LOG_DEBUG(LABEL, "Init end");
return Constant::SUCCESS;
}
int32_t PermissionBmsManager::GetPermissions(int32_t uid, UidBundleBo &info)
{
if (!DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL, "parameter invalid. uid: %{public}d", uid);
return Constant::FAILURE;
}
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
return Constant::FAILURE;
}
return permissionFetcher_->GetPermissions(uid, info);
}
int32_t PermissionBmsManager::GetRegrantedPermissions(UidBundleBo &pInfo, UidBundleBo &rInfo)
{
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
return Constant::FAILURE;
}
return permissionFetcher_->GetRegrantedPermissions(pInfo, rInfo);
}
bool PermissionBmsManager::IsSystemSignatureUid(const int32_t &uid)
{
if (uid < 0) {
return false;
}
if (uid % Constant::PER_USER_RANGE < Constant::FIRST_APPLICATION_UID) {
return true;
}
std::shared_ptr<ExternalDeps> externalDeps = std::make_shared<ExternalDeps>();
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
std::vector<std::string> bundleNames;
if (!iBundleManager_->GetBundlesForUid(uid, bundleNames)) {
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get bundleName. uid: %{public}d", uid);
return false;
}
for (auto bundleName : bundleNames) {
AppExecFwk::BundleInfo bundleInfo;
if (iBundleManager_->GetBundleInfo(bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo)) {
PERMISSION_LOG_ERROR(
LABEL, "getPermissions cannot get BundleInfo. bundleName: %{public}s", bundleName.c_str());
return false;
}
int32_t attribute = AppInfoFetcher::GetInstance().GetAppAttribute(uid, bundleInfo);
if (attribute < 0) {
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get appAttribute. uid: %{public}d", uid);
return false;
}
int32_t key = static_cast<int32_t>(AppAttribute::APP_ATTRIBUTE_SIGNED_WITH_PLATFORM_KEY);
if (((uint32_t)attribute & (uint32_t)key) != 0) {
return false;
}
}
return true;
}
int PermissionBmsManager::InitSystemDefinedPermissions()
{
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
return Constant::FAILURE;
}
PERMISSION_LOG_DEBUG(LABEL, "InitSystemDefinedPermissions should not used.");
return Constant::SUCCESS;
}
void PermissionBmsManager::ReGrantDuidPermissions(UidBundleBo &uidBundlePermInfo)
{
if (uidBundlePermInfo.remoteSensitivePermission.size() == 0) {
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:invalid params.");
return;
}
PermissionReGranter::ReGrantDuidPermissions(uidBundlePermInfo);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_bms_manager.h"
#include "monitor_manager.h"
#include "distributed_data_validator.h"
#include "bms_adapter.h"
#include "pms_adapter.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionBmsManager"};
}
namespace {
static const std::string TAG = "PERMISSION_BMS_MANAGER";
}
PermissionBmsManager::PermissionBmsManager()
: iBundleManager_(nullptr), iPermissionManager_(nullptr), permissionFetcher_(nullptr), appInfoFetcher_(nullptr)
{
PERMISSION_LOG_DEBUG(LABEL, "PermissionBmsManager()");
}
PermissionBmsManager::~PermissionBmsManager()
{
PERMISSION_LOG_DEBUG(LABEL, "~PermissionBmsManager()");
}
PermissionBmsManager &PermissionBmsManager::GetInstance()
{
static PermissionBmsManager instance;
return instance;
}
int PermissionBmsManager::Init()
{
PERMISSION_LOG_DEBUG(LABEL, "Init begin");
appInfoFetcher_ = std::make_shared<AppInfoFetcher>();
if (appInfoFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "construct AppInfoFetcher failed.");
return Constant::FAILURE;
}
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
if (bmsAdapter == nullptr || pmsAdapter == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "construct bmsAdapter or pmsAdapter failed.");
return Constant::FAILURE;
}
iBundleManager_ = bmsAdapter->GetBundleManager();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
permissionFetcher_ = std::make_shared<PermissionFetcher>(iBundleManager_, iPermissionManager_);
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "construct PermissionFetcher failed.");
return Constant::FAILURE;
}
PermissionListener::Init();
std::function<void(int uid, const std::string &packageName)> callback =
std::bind(&AppInfoFetcher::RemoveAttributeBuffer, appInfoFetcher_, std::placeholders::_1);
auto callbackPtr = std::make_shared<MonitorManager::OnPermissionChangedCallback>(callback);
MonitorManager::GetInstance().AddOnPermissionChangedListener(TAG, callbackPtr);
PERMISSION_LOG_DEBUG(LABEL, "Init end");
return Constant::SUCCESS;
}
int32_t PermissionBmsManager::GetPermissions(int32_t uid, UidBundleBo &info)
{
if (!DistributedDataValidator::IsUidValid(uid)) {
PERMISSION_LOG_ERROR(LABEL, "parameter invalid. uid: %{public}d", uid);
return Constant::FAILURE;
}
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
return Constant::FAILURE;
}
return permissionFetcher_->GetPermissions(uid, info);
}
int32_t PermissionBmsManager::GetRegrantedPermissions(UidBundleBo &pInfo, UidBundleBo &rInfo)
{
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
return Constant::FAILURE;
}
return permissionFetcher_->GetRegrantedPermissions(pInfo, rInfo);
}
bool PermissionBmsManager::IsSystemSignatureUid(const int32_t &uid)
{
if (uid < 0) {
return false;
}
if (uid % Constant::PER_USER_RANGE < Constant::FIRST_APPLICATION_UID) {
return true;
}
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
iBundleManager_ = bmsAdapter->GetBundleManager();
std::vector<std::string> bundleNames;
if (!iBundleManager_->GetBundlesForUid(uid, bundleNames)) {
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get bundleName. uid: %{public}d", uid);
return false;
}
for (auto bundleName : bundleNames) {
AppExecFwk::BundleInfo bundleInfo;
if (iBundleManager_->GetBundleInfo(bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo)) {
PERMISSION_LOG_ERROR(
LABEL, "getPermissions cannot get BundleInfo. bundleName: %{public}s", bundleName.c_str());
return false;
}
int32_t attribute = AppInfoFetcher::GetInstance().GetAppAttribute(uid, bundleInfo);
if (attribute < 0) {
PERMISSION_LOG_ERROR(LABEL, "getPermissions cannot get appAttribute. uid: %{public}d", uid);
return false;
}
int32_t key = static_cast<int32_t>(AppAttribute::APP_ATTRIBUTE_SIGNED_WITH_PLATFORM_KEY);
if (((uint32_t)attribute & (uint32_t)key) != 0) {
return false;
}
}
return true;
}
int PermissionBmsManager::InitSystemDefinedPermissions()
{
if (permissionFetcher_ == nullptr) {
PERMISSION_LOG_ERROR(LABEL, "PermissionFetcher is not inited.");
return Constant::FAILURE;
}
PERMISSION_LOG_DEBUG(LABEL, "InitSystemDefinedPermissions should not used.");
return Constant::SUCCESS;
}
void PermissionBmsManager::ReGrantDuidPermissions(UidBundleBo &uidBundlePermInfo)
{
if (uidBundlePermInfo.remoteSensitivePermission.size() == 0) {
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:invalid params.");
return;
}
PermissionReGranter::ReGrantDuidPermissions(uidBundlePermInfo);
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

108
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/permission_definition.cpp
View File

@ -1,54 +1,54 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_definition.h"
#include "permission_kit.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionDefinition"};
}
PermissionDefinition &PermissionDefinition::GetInstance()
{
static PermissionDefinition instance;
return instance;
}
PermissionDefinition::PermissionDefinition()
{}
PermissionDefinition::~PermissionDefinition()
{}
bool PermissionDefinition::IsRestrictedPermission(const std::string &permissionName)
{
if (!DistributedDataValidator::IsPermissionNameValid(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "PermissionName data invalid");
return false;
}
PermissionDefParcel permissionDefParcel;
PermissionDef permissionDefResult = permissionDefParcel.permissionDef;
int ret = Permission::PermissionKit::GetDefPermission(permissionName, permissionDefResult);
if (ret != 0) {
PERMISSION_LOG_ERROR(LABEL, "get permission def failed");
return false;
}
if (permissionDefResult.availableScope == Permission::AvailableScope::AVAILABLE_SCOPE_RESTRICTED) {
return true;
}
return false;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_definition.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionDefinition"};
}
PermissionDefinition &PermissionDefinition::GetInstance()
{
static PermissionDefinition instance;
return instance;
}
PermissionDefinition::PermissionDefinition()
{}
PermissionDefinition::~PermissionDefinition()
{}
bool PermissionDefinition::IsRestrictedPermission(const std::string &permissionName)
{
if (!DistributedDataValidator::IsPermissionNameValid(permissionName)) {
PERMISSION_LOG_ERROR(LABEL, "PermissionName data invalid");
return false;
}
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
iPermissionManager_ = pmsAdapter->GetPermissionManager();
PermissionDefParcel permissionDefResult;
int ret = iPermissionManager_->GetDefPermission(permissionName, permissionDefResult);
if (ret != 0) {
PERMISSION_LOG_ERROR(LABEL, "get permission def failed");
return false;
}
if (permissionDefResult.permissionDef.availableScope == Permission::AvailableScope::AVAILABLE_SCOPE_RESTRICTED) {
return true;
}
return false;
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

296
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/permission_re_granter.cpp
View File

@ -1,148 +1,150 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_re_granter.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionReGranter"};
}
void PermissionReGranter::ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo)
{
if (BaseRemoteCommand::IsValid(uidBundlePermInfo)) {
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:No remoteSensitivePermission need to reGrand");
return;
}
PERMISSION_LOG_DEBUG(LABEL, "begin");
for (auto item = uidBundlePermInfo.bundles.at(0).permissions.begin();
item != uidBundlePermInfo.bundles.at(0).permissions.end();
item++) {
PERMISSION_LOG_DEBUG(LABEL, "loop, status: %{public}d, grant mode: %{public}d", item->status, item->grantMode);
PermissionDefParcel permInfo;
GetPermissionInfoNoThrow(item->name, permInfo);
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
SetStatusGranted(true, *item);
PERMISSION_LOG_ERROR(
LABEL, "ReGrantDuidPermissions: remote permission granted due to normal protect level");
continue;
}
if (item->grantMode == USER_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
SetStatusGranted(IsRemoteGranted(*item), *item);
PERMISSION_LOG_ERROR(
LABEL, "ReGrantDuidPermissions: remote permission set granted due to remote granted status");
continue;
}
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope == AVAILABLE_SCOPE_RESTRICTED) {
bool isSignaturePermissionGranted = VerifySignatruePermission(permInfo, uidBundlePermInfo);
SetStatusGranted(isSignaturePermissionGranted, *item);
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions: remote permission set granted");
continue;
}
SetStatusGranted(false, *item);
PERMISSION_LOG_ERROR(
LABEL, "ReGrantDuidPermissions: remote permission set no granted due to unknown availableScope");
}
PERMISSION_LOG_DEBUG(LABEL, "end");
}
void PermissionReGranter::GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo)
{
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
if (externalDeps == nullptr) {
PERMISSION_LOG_INFO(LABEL, "getPermissionInfoNoThrow::externalDeps is nullptr.");
return;
}
sptr<Permission::IPermissionManager> iPermissionManager_;
iPermissionManager_ = externalDeps->GetPermissionManager(iPermissionManager_);
iPermissionManager_->GetDefPermission(permission, permInfo);
}
bool PermissionReGranter::VerifySignatruePermission(
const PermissionDefParcel &permInfo, const UidBundleBo &uidBundlePermInfo)
{
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
std::unique_ptr<ExternalDeps> externalDeps = std::make_unique<ExternalDeps>();
iBundleManager_ = externalDeps->GetBundleManager(iBundleManager_);
AppExecFwk::BundleInfo bundleInfo;
int result = iBundleManager_->GetBundleInfo(
permInfo.permissionDef.bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo);
if (!result) {
PERMISSION_LOG_INFO(LABEL,
"%{public}s cannot get bundleInfo by bundleName %{public}s",
__func__,
permInfo.permissionDef.bundleName.c_str());
return false;
}
if (bundleInfo.defPermissions.size() != uidBundlePermInfo.remoteSensitivePermission.size()) {
return false;
}
std::set<std::string>::iterator permName = uidBundlePermInfo.remoteSensitivePermission.begin();
while (permName != uidBundlePermInfo.remoteSensitivePermission.end()) {
if (find(bundleInfo.defPermissions.begin(), bundleInfo.defPermissions.end(), *permName) ==
bundleInfo.defPermissions.end()) {
return false;
}
}
return true;
}
bool PermissionReGranter::IsGranted(const PermissionDto& permission)
{
return (permission.status & FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) != 0;
}
bool PermissionReGranter::IsRemoteGranted(const PermissionDto& permission)
{
return (permission.status & FLAG_PERMISSION_STATUS_REMOTE_GRANTED) != 0;
}
void PermissionReGranter::SetStatusGranted(const bool isGranted, PermissionDto& permission)
{
PERMISSION_LOG_DEBUG(LABEL, "begin, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
if (isGranted) {
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) &
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED);
} else {
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED) &
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED);
}
PERMISSION_LOG_DEBUG(LABEL, "end, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
}
void PermissionReGranter::SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission)
{
if (isRemoteGranted) {
permission.status |= FLAG_PERMISSION_STATUS_REMOTE_GRANTED;
} else {
permission.status &= (~FLAG_PERMISSION_STATUS_REMOTE_GRANTED);
}
}
} // namespace Permission
} // namespace Security
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "permission_re_granter.h"
#include "bms_adapter.h"
#include "pms_adapter.h"
namespace OHOS {
namespace Security {
namespace Permission {
namespace {
static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PERMISSION, "PermissionReGranter"};
}
void PermissionReGranter::ReGrantDuidPermissions(UidBundleBo& uidBundlePermInfo)
{
if (BaseRemoteCommand::IsValid(uidBundlePermInfo)) {
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions:No remoteSensitivePermission need to reGrand");
return;
}
PERMISSION_LOG_DEBUG(LABEL, "begin");
for (auto item = uidBundlePermInfo.bundles.at(0).permissions.begin();
item != uidBundlePermInfo.bundles.at(0).permissions.end();
item++) {
PERMISSION_LOG_DEBUG(LABEL, "loop, status: %{public}d, grant mode: %{public}d", item->status, item->grantMode);
PermissionDefParcel permInfo;
GetPermissionInfoNoThrow(item->name, permInfo);
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
SetStatusGranted(true, *item);
PERMISSION_LOG_ERROR(
LABEL, "ReGrantDuidPermissions: remote permission granted due to normal protect level");
continue;
}
if (item->grantMode == USER_GRANT && permInfo.permissionDef.availableScope != AVAILABLE_SCOPE_RESTRICTED) {
SetStatusGranted(IsRemoteGranted(*item), *item);
PERMISSION_LOG_ERROR(
LABEL, "ReGrantDuidPermissions: remote permission set granted due to remote granted status");
continue;
}
if (item->grantMode == SYSTEM_GRANT && permInfo.permissionDef.availableScope == AVAILABLE_SCOPE_RESTRICTED) {
bool isSignaturePermissionGranted = VerifySignatruePermission(permInfo, uidBundlePermInfo);
SetStatusGranted(isSignaturePermissionGranted, *item);
PERMISSION_LOG_ERROR(LABEL, "ReGrantDuidPermissions: remote permission set granted");
continue;
}
SetStatusGranted(false, *item);
PERMISSION_LOG_ERROR(
LABEL, "ReGrantDuidPermissions: remote permission set no granted due to unknown availableScope");
}
PERMISSION_LOG_DEBUG(LABEL, "end");
}
void PermissionReGranter::GetPermissionInfoNoThrow(const std::string& permission, PermissionDefParcel& permInfo)
{
std::unique_ptr<PmsAdapter> pmsAdapter = std::make_unique<PmsAdapter>();
if (pmsAdapter == nullptr) {
PERMISSION_LOG_INFO(LABEL, "getPermissionInfoNoThrow::pmsAdapter is nullptr.");
return;
}
sptr<Permission::IPermissionManager> iPermissionManager_;
iPermissionManager_ = pmsAdapter->GetPermissionManager();
iPermissionManager_->GetDefPermission(permission, permInfo);
}
bool PermissionReGranter::VerifySignatruePermission(
const PermissionDefParcel &permInfo, const UidBundleBo &uidBundlePermInfo)
{
sptr<AppExecFwk::IBundleMgr> iBundleManager_;
std::unique_ptr<BmsAdapter> bmsAdapter = std::make_unique<BmsAdapter>();
iBundleManager_ = bmsAdapter->GetBundleManager();
AppExecFwk::BundleInfo bundleInfo;
int result = iBundleManager_->GetBundleInfo(
permInfo.permissionDef.bundleName, AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, bundleInfo);
if (!result) {
PERMISSION_LOG_INFO(LABEL,
"%{public}s cannot get bundleInfo by bundleName %{public}s",
__func__,
permInfo.permissionDef.bundleName.c_str());
return false;
}
if (bundleInfo.defPermissions.size() != uidBundlePermInfo.remoteSensitivePermission.size()) {
return false;
}
std::set<std::string>::iterator permName = uidBundlePermInfo.remoteSensitivePermission.begin();
while (permName != uidBundlePermInfo.remoteSensitivePermission.end()) {
if (find(bundleInfo.defPermissions.begin(), bundleInfo.defPermissions.end(), *permName) ==
bundleInfo.defPermissions.end()) {
return false;
}
}
return true;
}
bool PermissionReGranter::IsGranted(const PermissionDto& permission)
{
return (permission.status & FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) != 0;
}
bool PermissionReGranter::IsRemoteGranted(const PermissionDto& permission)
{
return (permission.status & FLAG_PERMISSION_STATUS_REMOTE_GRANTED) != 0;
}
void PermissionReGranter::SetStatusGranted(const bool isGranted, PermissionDto& permission)
{
PERMISSION_LOG_DEBUG(LABEL, "begin, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
if (isGranted) {
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED) &
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED);
} else {
permission.status = (permission.status | FLAG_PERMISSION_STATUS_DISTRIBUTED_DENIED) &
(~FLAG_PERMISSION_STATUS_DISTRIBUTED_GRANTED);
}
PERMISSION_LOG_DEBUG(LABEL, "end, isGranted: %{public}d, status: %{public}d", isGranted, permission.status);
}
void PermissionReGranter::SetFlagRemoteGranted(const bool isRemoteGranted, PermissionDto& permission)
{
if (isRemoteGranted) {
permission.status |= FLAG_PERMISSION_STATUS_REMOTE_GRANTED;
} else {
permission.status &= (~FLAG_PERMISSION_STATUS_REMOTE_GRANTED);
}
}
} // namespace Permission
} // namespace Security
} // namespace OHOS

2
services/permission_standard/distributedpermissionmanagerservice/main/cpp/src/distributed/request_permissions_info.cpp
View File

@ -41,7 +41,7 @@ RequestPermissionsInfo::RequestPermissionsInfo(const std::vector<std::string> pe
timeStringStream << std::put_time(std::localtime(&time), "%H%M%S");
requestId_ = deviceId + timeStringStream.str();
}
bool RequestPermissionsInfo::NeedStopProcess()
bool RequestPermissionsInfo::NeedStopProcess() const
{
if (permissions_.empty()) {
PERMISSION_LOG_ERROR(LABEL, "requestPermissionsFromRemote permissions is null");

Some files were not shown because too many files have changed in this diff Show More