153c3577eSopenharmony_ci/*
253c3577eSopenharmony_ci * Copyright (c) 2021 Huawei Device Co., Ltd.
353c3577eSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License");
453c3577eSopenharmony_ci * you may not use this file except in compliance with the License.
553c3577eSopenharmony_ci * You may obtain a copy of the License at
653c3577eSopenharmony_ci *
753c3577eSopenharmony_ci *     http://www.apache.org/licenses/LICENSE-2.0
853c3577eSopenharmony_ci *
953c3577eSopenharmony_ci * Unless required by applicable law or agreed to in writing, software
1053c3577eSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS,
1153c3577eSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1253c3577eSopenharmony_ci * See the License for the specific language governing permissions and
1353c3577eSopenharmony_ci * limitations under the License.
1453c3577eSopenharmony_ci */
1553c3577eSopenharmony_ci
1653c3577eSopenharmony_ci#ifndef OHOS_SECURITY_H
1753c3577eSopenharmony_ci#define OHOS_SECURITY_H
1853c3577eSopenharmony_ci#include <concurrent_map.h>
1953c3577eSopenharmony_ci#include <string>
2053c3577eSopenharmony_ci
2153c3577eSopenharmony_ci#include "app_device_change_listener.h"
2253c3577eSopenharmony_ci#include "executor_pool.h"
2353c3577eSopenharmony_ci#include "iprocess_system_api_adapter.h"
2453c3577eSopenharmony_ci#include "kv_store_delegate_manager.h"
2553c3577eSopenharmony_ci#include "sensitive.h"
2653c3577eSopenharmony_ci#include "visibility.h"
2753c3577eSopenharmony_ci
2853c3577eSopenharmony_cinamespace OHOS::DistributedKv {
2953c3577eSopenharmony_ciclass Security
3053c3577eSopenharmony_ci    : public DistributedDB::IProcessSystemApiAdapter,
3153c3577eSopenharmony_ci      public AppDistributedKv::AppDeviceChangeListener {
3253c3577eSopenharmony_cipublic:
3353c3577eSopenharmony_ci    using DBStatus = DistributedDB::DBStatus;
3453c3577eSopenharmony_ci    using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent;
3553c3577eSopenharmony_ci    using SecurityOption = DistributedDB::SecurityOption;
3653c3577eSopenharmony_ci    Security();
3753c3577eSopenharmony_ci    explicit Security(std::shared_ptr<ExecutorPool> executors) : executors_(executors) {};
3853c3577eSopenharmony_ci    ~Security() override;
3953c3577eSopenharmony_ci    static bool IsSupportSecurity();
4053c3577eSopenharmony_ci
4153c3577eSopenharmony_ci    DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override;
4253c3577eSopenharmony_ci
4353c3577eSopenharmony_ci    // Check is the access of this device in locked state
4453c3577eSopenharmony_ci    bool IsAccessControlled() const override;
4553c3577eSopenharmony_ci
4653c3577eSopenharmony_ci    // Set the SecurityOption to the targe filepath.
4753c3577eSopenharmony_ci    // If the filePath is a directory, the function would not effective.
4853c3577eSopenharmony_ci    DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override;
4953c3577eSopenharmony_ci
5053c3577eSopenharmony_ci    // Get the SecurityOption of the targe filepath.
5153c3577eSopenharmony_ci    DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override;
5253c3577eSopenharmony_ci
5353c3577eSopenharmony_ci    // Check if the target device can save the data at the give sensitive class.
5453c3577eSopenharmony_ci    bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override;
5553c3577eSopenharmony_ci
5653c3577eSopenharmony_ci    void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info,
5753c3577eSopenharmony_ci                         const AppDistributedKv::DeviceChangeType &type) const override;
5853c3577eSopenharmony_ci
5953c3577eSopenharmony_ci    AppDistributedKv::ChangeLevelType GetChangeLevelType() const override;
6053c3577eSopenharmony_ci
6153c3577eSopenharmony_ci    void InitLocalSecurity();
6253c3577eSopenharmony_ci
6353c3577eSopenharmony_ciprivate:
6453c3577eSopenharmony_ci    enum {
6553c3577eSopenharmony_ci        NO_PWD = -1,
6653c3577eSopenharmony_ci        UNLOCK,
6753c3577eSopenharmony_ci        LOCKED,
6853c3577eSopenharmony_ci        UNINITIALIZED,
6953c3577eSopenharmony_ci    };
7053c3577eSopenharmony_ci    static const std::string LABEL_VALUES[DistributedDB::S4 + 1];
7153c3577eSopenharmony_ci    static const std::string Convert2Name(const SecurityOption &option);
7253c3577eSopenharmony_ci    static int Convert2Security(const std::string &name);
7353c3577eSopenharmony_ci    bool IsExits(const std::string &file) const;
7453c3577eSopenharmony_ci    Sensitive GetSensitiveByUuid(const std::string &uuid) const;
7553c3577eSopenharmony_ci    bool EraseSensitiveByUuid(const std::string &uuid) const;
7653c3577eSopenharmony_ci    bool IsXattrValueValid(const std::string& value) const;
7753c3577eSopenharmony_ci    int32_t GetCurrentUserStatus() const;
7853c3577eSopenharmony_ci    DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option);
7953c3577eSopenharmony_ci    DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option);
8053c3577eSopenharmony_ci    DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const;
8153c3577eSopenharmony_ci    DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const;
8253c3577eSopenharmony_ci
8353c3577eSopenharmony_ci    mutable ConcurrentMap<std::string, Sensitive> devicesUdid_;
8453c3577eSopenharmony_ci    std::shared_ptr<ExecutorPool> executors_;
8553c3577eSopenharmony_ci};
8653c3577eSopenharmony_ci} // namespace OHOS::DistributedKv
8753c3577eSopenharmony_ci
8853c3577eSopenharmony_ci#endif // OHOS_SECURITY_H
89