1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "uri_permission_manager_client.h"
17
18 #include "ability_manager_errors.h"
19 #include "hilog_tag_wrapper.h"
20 #include "if_system_ability_manager.h"
21 #include "iservice_registry.h"
22 #include "system_ability_definition.h"
23 #include "uri_permission_load_callback.h"
24
25 namespace OHOS {
26 namespace AAFwk {
27 namespace {
28 const int LOAD_SA_TIMEOUT_MS = 4 * 1000;
29 const int MAX_URI_COUNT = 500;
30 } // namespace
GetInstance()31 UriPermissionManagerClient& UriPermissionManagerClient::GetInstance()
32 {
33 static UriPermissionManagerClient instance;
34 return instance;
35 }
36
GrantUriPermission(const Uri & uri,unsigned int flag,const std::string targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t abilityId)37 int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag,
38 const std::string targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t abilityId)
39 {
40 TAG_LOGD(AAFwkTag::URIPERMMGR, "targetBundleName :%{public}s", targetBundleName.c_str());
41 auto uriPermMgr = ConnectUriPermService();
42 if (uriPermMgr) {
43 return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, appIndex, initiatorTokenId, abilityId);
44 }
45 return INNER_ERR;
46 }
47
GrantUriPermission(const std::vector<Uri> & uriVec,unsigned int flag,const std::string targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t abilityId)48 int UriPermissionManagerClient::GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag,
49 const std::string targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t abilityId)
50 {
51 TAG_LOGD(AAFwkTag::URIPERMMGR, "targetBundleName: %{public}s, uriVec size: %{public}zu", targetBundleName.c_str(),
52 uriVec.size());
53 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
54 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec is empty or exceed maximum size %{public}d.", MAX_URI_COUNT);
55 return ERR_URI_LIST_OUT_OF_RANGE;
56 }
57 auto uriPermMgr = ConnectUriPermService();
58 if (uriPermMgr) {
59 return uriPermMgr->GrantUriPermission(uriVec, flag, targetBundleName, appIndex, initiatorTokenId, abilityId);
60 }
61 return INNER_ERR;
62 }
63
GrantUriPermissionPrivileged(const std::vector<Uri> & uriVec,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t abilityId)64 int32_t UriPermissionManagerClient::GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag,
65 const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t abilityId)
66 {
67 TAG_LOGD(AAFwkTag::URIPERMMGR, "targetBundleName: %{public}s, uriVec size: %{public}zu",
68 targetBundleName.c_str(), uriVec.size());
69 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
70 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec is empty or exceed maximum size %{public}d.", MAX_URI_COUNT);
71 return ERR_URI_LIST_OUT_OF_RANGE;
72 }
73 auto uriPermMgr = ConnectUriPermService();
74 if (uriPermMgr) {
75 return uriPermMgr->GrantUriPermissionPrivileged(uriVec, flag, targetBundleName, appIndex,
76 initiatorTokenId, abilityId);
77 }
78 return INNER_ERR;
79 }
80
81
RevokeUriPermission(const uint32_t tokenId,int32_t abilityId)82 void UriPermissionManagerClient::RevokeUriPermission(const uint32_t tokenId, int32_t abilityId)
83 {
84 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
85 auto uriPermMgr = ConnectUriPermService();
86 if (uriPermMgr) {
87 return uriPermMgr->RevokeUriPermission(tokenId, abilityId);
88 }
89 }
90
RevokeAllUriPermissions(const uint32_t tokenId)91 int UriPermissionManagerClient::RevokeAllUriPermissions(const uint32_t tokenId)
92 {
93 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
94 auto uriPermMgr = ConnectUriPermService();
95 if (uriPermMgr) {
96 return uriPermMgr->RevokeAllUriPermissions(tokenId);
97 }
98 return INNER_ERR;
99 }
100
RevokeUriPermissionManually(const Uri & uri,const std::string bundleName,int32_t appIndex)101 int UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName,
102 int32_t appIndex)
103 {
104 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
105 auto uriPermMgr = ConnectUriPermService();
106 if (uriPermMgr) {
107 return uriPermMgr->RevokeUriPermissionManually(uri, bundleName, appIndex);
108 }
109 return INNER_ERR;
110 }
111
VerifyUriPermission(const Uri & uri,uint32_t flag,uint32_t tokenId)112 bool UriPermissionManagerClient::VerifyUriPermission(const Uri& uri, uint32_t flag, uint32_t tokenId)
113 {
114 auto uriPermMgr = ConnectUriPermService();
115 if (uriPermMgr) {
116 return uriPermMgr->VerifyUriPermission(uri, flag, tokenId);
117 }
118 return false;
119 }
120
CheckUriAuthorization(const std::vector<std::string> & uriVec,uint32_t flag,uint32_t tokenId)121 std::vector<bool> UriPermissionManagerClient::CheckUriAuthorization(const std::vector<std::string> &uriVec,
122 uint32_t flag, uint32_t tokenId)
123 {
124 uint32_t size = uriVec.size();
125 TAG_LOGD(AAFwkTag::URIPERMMGR, "flag: %{public}u, tokenId: %{public}u", flag, tokenId);
126 std::vector<bool> errorRes(size, false);
127 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
128 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec is empty or exceed maximum size %{public}d.", MAX_URI_COUNT);
129 return errorRes;
130 }
131 auto uriPermMgr = ConnectUriPermService();
132 if (uriPermMgr) {
133 return uriPermMgr->CheckUriAuthorization(uriVec, flag, tokenId);
134 }
135 return errorRes;
136 }
137
ConnectUriPermService()138 sptr<IUriPermissionManager> UriPermissionManagerClient::ConnectUriPermService()
139 {
140 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
141 auto uriPermMgr = GetUriPermMgr();
142 if (uriPermMgr == nullptr) {
143 if (!LoadUriPermService()) {
144 TAG_LOGE(AAFwkTag::URIPERMMGR, "Load uri permission manager service failed.");
145 return nullptr;
146 }
147 uriPermMgr = GetUriPermMgr();
148 if (uriPermMgr == nullptr || uriPermMgr->AsObject() == nullptr) {
149 TAG_LOGE(AAFwkTag::URIPERMMGR, "Failed to get uri permission manager.");
150 return nullptr;
151 }
152 const auto& onClearProxyCallback = [] {
153 UriPermissionManagerClient::GetInstance().ClearProxy();
154 };
155 sptr<UpmsDeathRecipient> recipient(new UpmsDeathRecipient(onClearProxyCallback));
156 uriPermMgr->AsObject()->AddDeathRecipient(recipient);
157 }
158 TAG_LOGD(AAFwkTag::URIPERMMGR, "End UriPermissionManagerClient::ConnectUriPermService.");
159 return uriPermMgr;
160 }
161
LoadUriPermService()162 bool UriPermissionManagerClient::LoadUriPermService()
163 {
164 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
165 auto systemAbilityMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
166 if (systemAbilityMgr == nullptr) {
167 TAG_LOGE(AAFwkTag::URIPERMMGR, "Failed to get SystemAbilityManager.");
168 return false;
169 }
170
171 sptr<UriPermissionLoadCallback> loadCallback = new (std::nothrow) UriPermissionLoadCallback();
172 if (loadCallback == nullptr) {
173 TAG_LOGE(AAFwkTag::URIPERMMGR, "Create load callback failed.");
174 return false;
175 }
176
177 auto ret = systemAbilityMgr->LoadSystemAbility(URI_PERMISSION_MGR_SERVICE_ID, loadCallback);
178 if (ret != 0) {
179 TAG_LOGE(AAFwkTag::URIPERMMGR, "Load system ability %{public}d failed with %{public}d.",
180 URI_PERMISSION_MGR_SERVICE_ID, ret);
181 return false;
182 }
183
184 {
185 std::unique_lock<std::mutex> lock(saLoadMutex_);
186 auto waitStatus = loadSaVariable_.wait_for(lock, std::chrono::milliseconds(LOAD_SA_TIMEOUT_MS),
187 [this]() {
188 return saLoadFinished_;
189 });
190 if (!waitStatus) {
191 TAG_LOGE(AAFwkTag::URIPERMMGR, "Wait for load sa timeout.");
192 return false;
193 }
194 }
195 return true;
196 }
197
GetUriPermMgr()198 sptr<IUriPermissionManager> UriPermissionManagerClient::GetUriPermMgr()
199 {
200 std::lock_guard<std::mutex> lock(mutex_);
201 return uriPermMgr_;
202 }
203
SetUriPermMgr(const sptr<IRemoteObject> & remoteObject)204 void UriPermissionManagerClient::SetUriPermMgr(const sptr<IRemoteObject> &remoteObject)
205 {
206 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
207 std::lock_guard<std::mutex> lock(mutex_);
208 uriPermMgr_ = iface_cast<IUriPermissionManager>(remoteObject);
209 }
210
OnLoadSystemAbilitySuccess(const sptr<IRemoteObject> & remoteObject)211 void UriPermissionManagerClient::OnLoadSystemAbilitySuccess(const sptr<IRemoteObject> &remoteObject)
212 {
213 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
214 SetUriPermMgr(remoteObject);
215 std::unique_lock<std::mutex> lock(saLoadMutex_);
216 saLoadFinished_ = true;
217 loadSaVariable_.notify_one();
218 }
219
OnLoadSystemAbilityFail()220 void UriPermissionManagerClient::OnLoadSystemAbilityFail()
221 {
222 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
223 SetUriPermMgr(nullptr);
224 std::unique_lock<std::mutex> lock(saLoadMutex_);
225 saLoadFinished_ = true;
226 loadSaVariable_.notify_one();
227 }
228
ClearProxy()229 void UriPermissionManagerClient::ClearProxy()
230 {
231 TAG_LOGD(AAFwkTag::URIPERMMGR, "called");
232 {
233 std::lock_guard<std::mutex> lock(mutex_);
234 uriPermMgr_ = nullptr;
235 }
236 std::unique_lock<std::mutex> lock(saLoadMutex_);
237 saLoadFinished_ = false;
238 }
239
240 void UriPermissionManagerClient::UpmsDeathRecipient::OnRemoteDied([[maybe_unused]] const wptr<IRemoteObject>& remote)
241 {
242 TAG_LOGE(AAFwkTag::URIPERMMGR, "upms stub died.");
243 proxy_();
244 }
245
ClearPermissionTokenByMap(const uint32_t tokenId)246 int32_t UriPermissionManagerClient::ClearPermissionTokenByMap(const uint32_t tokenId)
247 {
248 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
249 auto uriPermMgr = ConnectUriPermService();
250 if (uriPermMgr) {
251 return uriPermMgr->ClearPermissionTokenByMap(tokenId);
252 }
253 return INNER_ERR;
254 }
255
256 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
Active(const std::vector<PolicyInfo> & policy,std::vector<uint32_t> & result)257 int32_t UriPermissionManagerClient::Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result)
258 {
259 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
260 auto uriPermMgr = ConnectUriPermService();
261 if (uriPermMgr) {
262 return uriPermMgr->Active(policy, result);
263 }
264 return INNER_ERR;
265 }
266 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
267 } // namespace AAFwk
268 } // namespace OHOS
269