1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_CLIENT_H
17 #define OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_CLIENT_H
18 
19 #include <functional>
20 
21 #include "uri.h"
22 #include "uri_permission_manager_interface.h"
23 
24 namespace OHOS {
25 namespace AAFwk {
26 using ClearProxyCallback = std::function<void()>;
27 class UriPermissionManagerClient {
28 public:
29     static UriPermissionManagerClient& GetInstance();
30     ~UriPermissionManagerClient() = default;
31 
32     /**
33      * @brief Authorize the uri permission of to targetBundleName.
34      *
35      * @param uri The file uri.
36      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
37      * @param targetBundleName The user of uri.
38      */
39     int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int32_t appIndex = 0,
40         uint32_t initiatorTokenId = 0, int32_t abilityId = -1);
41 
42     /**
43      * @brief Authorize the uri permission of to targetBundleName.
44      *
45      * @param uriVec The file uri list.
46      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
47      * @param targetBundleName The user of uri.
48      */
49     int GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag, const std::string targetBundleName,
50         int32_t appIndex = 0, uint32_t initiatorTokenId = 0, int32_t abilityId = -1);
51 
52     /**
53      * @brief Authorize the uri permission to targetBundleName.
54      *
55      * @param uriVec The file urilist.
56      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
57      * @param targetBundleName The user of uri.
58      * @param appIndex The index of application in sandbox.
59      * @return Returns ERR_OK if the authorization is successful, otherwise returns error code.
60      */
61     int32_t GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag,
62         const std::string &targetBundleName, int32_t appIndex = 0, uint32_t initiatorTokenId = 0,
63         int32_t abilityId = -1);
64 
65     /**
66      * @brief Clear user's uri authorization record with auto remove flag.
67      *
68      * @param tokenId A tokenId of an application.
69      * @param abilityId The abilityId of an ability record.
70      */
71     void RevokeUriPermission(const uint32_t tokenId, int32_t abilityId = -1);
72 
73     /**
74      * @brief Clear user's all uri authorization record with auto remove flag.
75      *
76      * @param tokenId A tokenId of an application.
77      */
78     int RevokeAllUriPermissions(const uint32_t tokenId);
79 
80     /**
81      * @brief Clear user's uri authorization record.
82      *
83      * @param uri The file uri.
84      * @param BundleName A BundleName of an application.
85      * @param appIndex The index of application in sandbox.
86      */
87     int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName, int32_t appIndex = 0);
88 
89     /**
90      * @brief verify if tokenId have uri permission of flag, including temporary permission and persistable permission
91      *
92      * @param uri The file uri.
93      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
94      * @param tokenId A tokenId of an application.
95      */
96     bool VerifyUriPermission(const Uri& uri, uint32_t flag, uint32_t tokenId);
97 
98     /**
99      * @brief verify if tokenId have uri permission of flag.
100      *
101      * @param uri The file uri.
102      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
103      * @param tokenId A tokenId of an application.
104      */
105     std::vector<bool> CheckUriAuthorization(const std::vector<std::string> &uriVec, uint32_t flag, uint32_t tokenId);
106 
107     int32_t ClearPermissionTokenByMap(const uint32_t tokenId);
108 
109 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
110     int32_t Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result);
111 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
112 
113     void OnLoadSystemAbilitySuccess(const sptr<IRemoteObject> &remoteObject);
114     void OnLoadSystemAbilityFail();
115 private:
116     UriPermissionManagerClient() = default;
117     sptr<IUriPermissionManager> ConnectUriPermService();
118     void ClearProxy();
119     bool LoadUriPermService();
120     void SetUriPermMgr(const sptr<IRemoteObject> &remoteObject);
121     sptr<IUriPermissionManager> GetUriPermMgr();
122     DISALLOW_COPY_AND_MOVE(UriPermissionManagerClient);
123 
124     class UpmsDeathRecipient : public IRemoteObject::DeathRecipient {
125     public:
UpmsDeathRecipient(const ClearProxyCallback & proxy)126         explicit UpmsDeathRecipient(const ClearProxyCallback &proxy) : proxy_(proxy) {}
127         ~UpmsDeathRecipient() = default;
128         virtual void OnRemoteDied([[maybe_unused]] const wptr<IRemoteObject>& remote) override;
129 
130     private:
131         ClearProxyCallback proxy_;
132     };
133 
134 private:
135     std::mutex mutex_;
136     std::mutex saLoadMutex_;
137     std::condition_variable loadSaVariable_;
138     bool saLoadFinished_ = false;
139     sptr<IUriPermissionManager> uriPermMgr_ = nullptr;
140 };
141 }  // namespace AAFwk
142 }  // namespace OHOS
143 #endif  // OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_CLIENT_H
144