1eace7efcSopenharmony_ci/*
2eace7efcSopenharmony_ci * Copyright (c) 2024 Huawei Device Co., Ltd.
3eace7efcSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License");
4eace7efcSopenharmony_ci * you may not use this file except in compliance with the License.
5eace7efcSopenharmony_ci * You may obtain a copy of the License at
6eace7efcSopenharmony_ci *
7eace7efcSopenharmony_ci *     http://www.apache.org/licenses/LICENSE-2.0
8eace7efcSopenharmony_ci *
9eace7efcSopenharmony_ci * Unless required by applicable law or agreed to in writing, software
10eace7efcSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS,
11eace7efcSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12eace7efcSopenharmony_ci * See the License for the specific language governing permissions and
13eace7efcSopenharmony_ci * limitations under the License.
14eace7efcSopenharmony_ci */
15eace7efcSopenharmony_ci#include "file_permission_manager.h"
16eace7efcSopenharmony_ci
17eace7efcSopenharmony_ci#include "accesstoken_kit.h"
18eace7efcSopenharmony_ci#include "file_uri.h"
19eace7efcSopenharmony_ci#include "hilog_tag_wrapper.h"
20eace7efcSopenharmony_ci#include "ipc_skeleton.h"
21eace7efcSopenharmony_ci#include "permission_constants.h"
22eace7efcSopenharmony_ci#include "permission_verification.h"
23eace7efcSopenharmony_ci#include "tokenid_kit.h"
24eace7efcSopenharmony_ci#include "uri.h"
25eace7efcSopenharmony_ci
26eace7efcSopenharmony_cinamespace OHOS {
27eace7efcSopenharmony_cinamespace AAFwk {
28eace7efcSopenharmony_ciconstexpr const uint32_t SANDBOX_MANAGER_OK = 0;
29eace7efcSopenharmony_ciconst std::string FILE_MANAGER_AUTHORITY = "docs";
30eace7efcSopenharmony_ciconst std::string DOWNLOAD_PATH = "/storage/Users/currentUser/Download";
31eace7efcSopenharmony_ciconst std::string DESKTOP_PATH = "/storage/Users/currentUser/Desktop";
32eace7efcSopenharmony_ciconst std::string DOCUMENTS_PATH = "/storage/Users/currentUser/Documents";
33eace7efcSopenharmony_ciconst std::string CURRENTUSER = "currentUser";
34eace7efcSopenharmony_ci
35eace7efcSopenharmony_cistatic bool CheckPermission(uint64_t tokenCaller, const std::string &permission)
36eace7efcSopenharmony_ci{
37eace7efcSopenharmony_ci    return PermissionVerification::GetInstance()->VerifyPermissionByTokenId(tokenCaller, permission);
38eace7efcSopenharmony_ci}
39eace7efcSopenharmony_ci
40eace7efcSopenharmony_cistatic bool CheckFileManagerUriPermission(uint64_t providerTokenId, std::string &path)
41eace7efcSopenharmony_ci{
42eace7efcSopenharmony_ci    if (path.find(DOWNLOAD_PATH) == 0) {
43eace7efcSopenharmony_ci        return CheckPermission(providerTokenId, PermissionConstants::PERMISSION_READ_WRITE_DOWNLOAD);
44eace7efcSopenharmony_ci    }
45eace7efcSopenharmony_ci    if (path.find(DESKTOP_PATH) == 0) {
46eace7efcSopenharmony_ci        return CheckPermission(providerTokenId, PermissionConstants::PERMISSION_READ_WRITE_DESKTON);
47eace7efcSopenharmony_ci    }
48eace7efcSopenharmony_ci    if (path.find(DOCUMENTS_PATH) == 0) {
49eace7efcSopenharmony_ci        return CheckPermission(providerTokenId, PermissionConstants::PERMISSION_READ_WRITE_DOCUMENTS);
50eace7efcSopenharmony_ci    }
51eace7efcSopenharmony_ci    return false;
52eace7efcSopenharmony_ci}
53eace7efcSopenharmony_ci
54eace7efcSopenharmony_ciPolicyInfo FilePermissionManager::GetPathPolicyInfoFromUri(Uri &uri, uint32_t flag, const std::string &bundleName)
55eace7efcSopenharmony_ci{
56eace7efcSopenharmony_ci    AppFileService::ModuleFileUri::FileUri fileUri(uri.ToString());
57eace7efcSopenharmony_ci    std::string path = fileUri.GetRealPathBySA(bundleName);
58eace7efcSopenharmony_ci    PolicyInfo policyInfo;
59eace7efcSopenharmony_ci    policyInfo.path = path;
60eace7efcSopenharmony_ci    policyInfo.mode = (flag & (OperationMode::READ_MODE | OperationMode::WRITE_MODE));
61eace7efcSopenharmony_ci    return policyInfo;
62eace7efcSopenharmony_ci}
63eace7efcSopenharmony_ci
64eace7efcSopenharmony_cistd::vector<bool> FilePermissionManager::CheckUriPersistentPermission(std::vector<Uri> &uriVec,
65eace7efcSopenharmony_ci    uint32_t callerTokenId, uint32_t flag, std::vector<PolicyInfo> &pathPolicies)
66eace7efcSopenharmony_ci{
67eace7efcSopenharmony_ci    TAG_LOGI(AAFwkTag::URIPERMMGR,
68eace7efcSopenharmony_ci        "call, uri size:%{public}zu", uriVec.size());
69eace7efcSopenharmony_ci    std::vector<bool> resultCodes(uriVec.size(), false);
70eace7efcSopenharmony_ci    pathPolicies.clear();
71eace7efcSopenharmony_ci    if (CheckPermission(callerTokenId, PermissionConstants::PERMISSION_FILE_ACCESS_MANAGER)) {
72eace7efcSopenharmony_ci        for (size_t i = 0; i < uriVec.size(); i++) {
73eace7efcSopenharmony_ci            resultCodes[i] = true;
74eace7efcSopenharmony_ci            PolicyInfo policyInfo = GetPathPolicyInfoFromUri(uriVec[i], flag);
75eace7efcSopenharmony_ci            pathPolicies.emplace_back(policyInfo);
76eace7efcSopenharmony_ci        }
77eace7efcSopenharmony_ci        return resultCodes;
78eace7efcSopenharmony_ci    }
79eace7efcSopenharmony_ci    std::vector<int32_t> resultIndex;
80eace7efcSopenharmony_ci    std::vector<PolicyInfo> persistPolicys;
81eace7efcSopenharmony_ci    for (size_t i = 0; i < uriVec.size(); i++) {
82eace7efcSopenharmony_ci        PolicyInfo policyInfo = GetPathPolicyInfoFromUri(uriVec[i], flag);
83eace7efcSopenharmony_ci        pathPolicies.emplace_back(policyInfo);
84eace7efcSopenharmony_ci        if (uriVec[i].GetAuthority() == FILE_MANAGER_AUTHORITY &&
85eace7efcSopenharmony_ci            CheckFileManagerUriPermission(callerTokenId, policyInfo.path)) {
86eace7efcSopenharmony_ci            resultCodes[i] = true;
87eace7efcSopenharmony_ci            continue;
88eace7efcSopenharmony_ci        }
89eace7efcSopenharmony_ci        resultIndex.emplace_back(i);
90eace7efcSopenharmony_ci        persistPolicys.emplace_back(policyInfo);
91eace7efcSopenharmony_ci    }
92eace7efcSopenharmony_ci#ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
93eace7efcSopenharmony_ci    std::vector<bool> persistResultCodes;
94eace7efcSopenharmony_ci    int32_t ret = SandboxManagerKit::CheckPersistPolicy(callerTokenId, persistPolicys, persistResultCodes);
95eace7efcSopenharmony_ci    if (ret == SANDBOX_MANAGER_OK && persistResultCodes.size() == resultIndex.size()) {
96eace7efcSopenharmony_ci        for (size_t i = 0; i < persistResultCodes.size(); i++) {
97eace7efcSopenharmony_ci            auto index = resultIndex[i];
98eace7efcSopenharmony_ci            resultCodes[index] = persistResultCodes[i];
99eace7efcSopenharmony_ci        }
100eace7efcSopenharmony_ci    }
101eace7efcSopenharmony_ci#endif
102eace7efcSopenharmony_ci    return resultCodes;
103eace7efcSopenharmony_ci}
104eace7efcSopenharmony_ci}
105eace7efcSopenharmony_ci}
106