1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_INTERFACE_H
17 #define OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_INTERFACE_H
18 #include <vector>
19 #include "base/security/access_token/interfaces/innerkits/accesstoken/include/access_token.h"
20 #include "iremote_broker.h"
21 #include "uri.h"
22 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
23 #include "policy_info.h"
24 #else
25 #include "upms_policy_info.h"
26 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
27 
28 namespace OHOS {
29 namespace AAFwk {
30 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
31 using namespace AccessControl::SandboxManager;
32 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
33 class IUriPermissionManager : public IRemoteBroker {
34 public:
35     DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager");
36 
37     /**
38      * @brief Authorize the uri permission to targetBundleName.
39      *
40      * @param uri The file uri.
41      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
42      * @param targetBundleName The user of uri.
43      * @return Returns true if the authorization is successful, otherwise returns false.
44      */
45     virtual int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName,
46         int32_t appIndex = 0, uint32_t initiatorTokenId = 0, int32_t abilityId = -1) = 0;
47 
48     /**
49      * @brief Authorize the uri permission to targetBundleName.
50      *
51      * @param uriVec The file urilist.
52      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
53      * @param targetBundleName The user of uri.
54      * @return Returns true if the authorization is successful, otherwise returns false.
55      */
56     virtual int GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag,
57         const std::string targetBundleName, int32_t appIndex = 0, uint32_t initiatorTokenId = 0,
58         int32_t abilityId = -1) = 0;
59 
60     /**
61      * @brief Authorize the uri permission to targetBundleName.
62      *
63      * @param uriVec The file urilist.
64      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
65      * @param targetBundleName The user of uri.
66      * @param appIndex The index of application in sandbox.
67      * @return Returns ERR_OK if the authorization is successful, otherwise returns error code.
68      */
69     virtual int32_t GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag,
70         const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId,
71         int32_t abilityId) = 0;
72 
73     /**
74      * @brief Clear user's uri authorization record with autoremove flag.
75      *
76      * @param tokenId A tokenId of an application.
77      * @param abilityId The abilityId of an ability record.
78      * @return Returns true if the remove is successful, otherwise returns false.
79      */
80     virtual void RevokeUriPermission(const uint32_t tokenId, int32_t abilityId = -1) = 0;
81 
82     /**
83      * @brief Clear user's all uri authorization record with autoremove flag.
84      *
85      * @param tokenId A tokenId of an application.
86      * @return Returns true if the remove is successful, otherwise returns false.
87      */
88     virtual int RevokeAllUriPermissions(const uint32_t tokenId) = 0;
89 
90     /**
91      * @brief Clear user's uri authorization record.
92      *
93      * @param uri The file uri.
94      * @param bundleName bundleName of an application.
95      * @param appIndex The index of application in sandbox.
96      * @return Returns true if the remove is successful, otherwise returns false.
97      */
98     virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName,
99         int32_t appIndex = 0) = 0;
100 
101     /**
102      * @brief verify if tokenId have uri permission of flag.
103      *
104      * @param uri The file uri.
105      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
106      * @param tokenId A tokenId of an application.
107      */
108     virtual bool VerifyUriPermission(const Uri& uri, uint32_t flag, uint32_t tokenId) = 0;
109 
110     /**
111      * @brief verify if tokenId have uri permission of flag.
112      *
113      * @param uri The file uri.
114      * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION.
115      * @param tokenId A tokenId of an application.
116      */
117     virtual std::vector<bool> CheckUriAuthorization(const std::vector<std::string> &uriVec,
118         uint32_t flag, uint32_t tokenId) = 0;
119 
120     virtual int32_t ClearPermissionTokenByMap(uint32_t tokenId) = 0;
121 
122 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
123     virtual int32_t Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result) = 0;
124 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
125 
126     enum UriPermMgrCmd {
127         // ipc id for GrantUriPermission
128         ON_GRANT_URI_PERMISSION = 0,
129 
130         // ipc id for RevokeUriPermission
131         ON_REVOKE_URI_PERMISSION,
132 
133         // ipc id for RevokeAllUriPermission
134         ON_REVOKE_ALL_URI_PERMISSION,
135 
136         ON_REVOKE_URI_PERMISSION_MANUALLY,
137 
138         // ipc id for VerifyUriPermission
139         ON_VERIFY_URI_PERMISSION,
140 
141         // ipc id for BatchGrantUriPermission
142         ON_BATCH_GRANT_URI_PERMISSION,
143 
144         //ipc id for GrantUriPermissionPrivileged
145         ON_GRANT_URI_PERMISSION_PRIVILEGED,
146 
147         //ipc id for GrantUriPermissionPrivileged
148         ON_CHECK_URI_AUTHORIZATION,
149 
150         //ipc id for ClearPermissionTokenByMap
151         ON_CLEAR_PERMISSION_TOKEN_BY_MAP,
152 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
153         //ipc id for Active
154         ON_ACTIVE,
155 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
156     };
157 };
158 }  // namespace AAFwk
159 }  // namespace OHOS
160 #endif  // OHOS_ABILITY_RUNTIME_URI_PERMISSION_MANAGER_INTERFACE_H
161