1/*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
17#define OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
18
19#include "ipc_skeleton.h"
20#include "singleton.h"
21#include "want.h"
22
23namespace OHOS {
24namespace AAFwk {
25class PermissionVerification : public DelayedSingleton<PermissionVerification> {
26public:
27struct VerificationInfo {
28    bool visible = false;
29    bool isBackgroundCall = true;
30    bool associatedWakeUp = false;
31    uint32_t accessTokenId = 0;
32    int32_t apiTargetVersion = 0;
33    bool withContinuousTask = false;
34    uint32_t specifyTokenId = 0;
35};
36
37    PermissionVerification() = default;
38    ~PermissionVerification() = default;
39
40    bool VerifyPermissionByTokenId(const int &tokenId, const std::string &permissionName) const;
41
42    bool VerifyCallingPermission(const std::string &permissionName, const uint32_t specifyTokenId = 0) const;
43
44    bool IsSACall() const;
45
46    bool IsSACallByTokenId(uint32_t callerTokenId) const;
47
48    bool IsShellCall() const;
49
50    bool IsShellCallByTokenId(uint32_t callerTokenId) const;
51
52    bool CheckSpecificSystemAbilityAccessPermission(const std::string &processName) const;
53
54    bool CheckObserverCallerPermission() const;
55
56    bool VerifyRunningInfoPerm() const;
57
58    bool VerifyControllerPerm() const;
59
60    bool VerifyDlpPermission(Want &want) const;
61
62    int VerifyAccountPermission() const;
63
64    bool VerifyMissionPermission() const;
65
66    int VerifyAppStateObserverPermission() const;
67
68    int32_t VerifyUpdateConfigurationPerm() const;
69
70    int32_t VerifyUpdateAPPConfigurationPerm() const;
71
72    bool VerifyInstallBundlePermission() const;
73
74    bool VerifyGetBundleInfoPrivilegedPermission() const;
75
76    bool VerifyStartRecentAbilityPermission() const;
77
78    int CheckCallDataAbilityPermission(const VerificationInfo &verificationInfo, bool isShell) const;
79
80    int CheckCallServiceAbilityPermission(const VerificationInfo &verificationInfo) const;
81
82    int CheckCallAbilityPermission(const VerificationInfo &verificationInfo, bool isCallByShortcut = false) const;
83
84    /**
85     * Check if Caller is allowed to start ServiceExtension(Stage) or DataShareExtension(Stage)
86     *
87     * @param verificationInfo, verificationInfo.
88     * @return Returns ERR_OK on check success, others on check failure.
89     */
90    int CheckCallServiceExtensionPermission(const VerificationInfo &verificationInfo) const;
91
92    int CheckStartByCallPermission(const VerificationInfo &verificationInfo) const;
93
94    bool JudgeCallerIsAllowedToUseSystemAPI() const;
95
96    bool IsSystemAppCall() const;
97
98    bool IsSystemAppCallByTokenId(uint32_t callerTokenId) const;
99
100    bool VerifyPrepareTerminatePermission() const;
101
102    bool VerifyPrepareTerminatePermission(const int &tokenId) const;
103
104    bool VerifyShellStartExtensionType(int32_t type) const;
105
106    bool VerifyPreloadApplicationPermission() const;
107
108    bool VerifyPreStartAtomicServicePermission() const;
109
110    bool VerifyKillProcessDependedOnWebPermission() const;
111
112    bool VerifyBackgroundCallPermission(const bool isBackgroundCall) const;
113
114    bool VerifyBlockAllAppStartPermission() const;
115
116    bool VerifyStartUIAbilityToHiddenPermission() const;
117
118    bool VerifySuperviseKiaServicePermission() const;
119
120private:
121    DISALLOW_COPY_AND_MOVE(PermissionVerification);
122
123    constexpr static int32_t API8 = 8;
124
125    unsigned int GetCallingTokenID() const;
126
127    bool JudgeStartInvisibleAbility(const uint32_t accessTokenId, const bool visible,
128        const uint32_t specifyTokenId = 0) const;
129
130    bool JudgeStartAbilityFromBackground(const bool isBackgroundCall, bool withContinuousTask = false) const;
131
132    bool JudgeAssociatedWakeUp(const uint32_t accessTokenId, const bool associatedWakeUp) const;
133
134    int JudgeInvisibleAndBackground(const VerificationInfo &verificationInfo, bool isCallByShortcut = false) const;
135
136    inline bool IsCallFromSameAccessToken(const uint32_t accessTokenId) const
137    {
138        return IPCSkeleton::GetCallingTokenID() == accessTokenId;
139    }
140};
141}  // namespace AAFwk
142}  // namespace OHOS
143#endif // OHOS_ABILITY_RUNTIME_PERMISSION_VERIFICATION_H
144