1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define MLOG_TAG "Extension"
16
17 #include "media_datashare_ext_ability.h"
18
19 #include <cstdlib>
20
21 #include "ability_info.h"
22 #include "app_mgr_client.h"
23 #include "cloud_media_asset_manager.h"
24 #include "cloud_sync_utils.h"
25 #include "dataobs_mgr_client.h"
26 #include "datashare_ext_ability_context.h"
27 #include "hilog_wrapper.h"
28 #include "ipc_skeleton.h"
29 #include "medialibrary_command.h"
30 #include "media_datashare_stub_impl.h"
31 #include "media_file_utils.h"
32 #include "media_log.h"
33 #include "media_scanner_manager.h"
34 #include "medialibrary_appstate_observer.h"
35 #include "medialibrary_data_manager.h"
36 #include "medialibrary_bundle_manager.h"
37 #include "dfx_manager.h"
38 #include "dfx_timer.h"
39 #include "dfx_const.h"
40 #include "dfx_reporter.h"
41 #include "medialibrary_errno.h"
42 #include "medialibrary_object_utils.h"
43 #include "medialibrary_subscriber.h"
44 #include "medialibrary_uripermission_operations.h"
45 #include "multistages_capture_manager.h"
46 #include "enhancement_manager.h"
47 #include "napi/native_api.h"
48 #include "napi/native_node_api.h"
49 #include "os_account_manager.h"
50 #include "permission_utils.h"
51 #include "photo_album_column.h"
52 #include "runtime.h"
53 #include "singleton.h"
54 #include "system_ability_definition.h"
55 #include "uri_permission_manager_client.h"
56 #include "userfilemgr_uri.h"
57 #include "want.h"
58 #ifdef MEDIALIBRARY_SECURITY_OPEN
59 #include "sec_comp_kit.h"
60 #endif
61 #include "userfilemgr_uri.h"
62 #include "parameters.h"
63 #include "media_tool_permission_handler.h"
64 #include "grant_permission_handler.h"
65 #include "read_write_permission_handler.h"
66 #include "db_permission_handler.h"
67 #include "mtp_manager.h"
68
69 using namespace std;
70 using namespace OHOS::AppExecFwk;
71 using namespace OHOS::NativeRdb;
72 using namespace OHOS::DistributedKv;
73 using namespace OHOS::Media;
74 using namespace OHOS::DataShare;
75 using namespace OHOS::Security::AccessToken;
76
77 namespace OHOS {
78 namespace AbilityRuntime {
79 using namespace OHOS::AppExecFwk;
80 using DataObsMgrClient = OHOS::AAFwk::DataObsMgrClient;
81 const std::string PERM_CLOUD_SYNC_MANAGER = "ohos.permission.CLOUDFILE_SYNC_MANAGER";
82 static const set<OperationObject> PHOTO_ACCESS_HELPER_OBJECTS = {
83 OperationObject::PAH_PHOTO,
84 OperationObject::PAH_ALBUM,
85 OperationObject::PAH_MAP,
86 OperationObject::PAH_FORM_MAP,
87 OperationObject::ANALYSIS_PHOTO_ALBUM,
88 OperationObject::ANALYSIS_PHOTO_MAP,
89 OperationObject::VISION_OCR,
90 OperationObject::VISION_AESTHETICS,
91 OperationObject::VISION_LABEL,
92 OperationObject::VISION_VIDEO_LABEL,
93 OperationObject::VISION_IMAGE_FACE,
94 OperationObject::VISION_VIDEO_FACE,
95 OperationObject::VISION_FACE_TAG,
96 OperationObject::VISION_OBJECT,
97 OperationObject::VISION_RECOMMENDATION,
98 OperationObject::VISION_SEGMENTATION,
99 OperationObject::VISION_COMPOSITION,
100 OperationObject::VISION_SALIENCY,
101 OperationObject::VISION_HEAD,
102 OperationObject::VISION_POSE,
103 OperationObject::VISION_TOTAL,
104 OperationObject::GEO_DICTIONARY,
105 OperationObject::GEO_KNOWLEDGE,
106 OperationObject::GEO_PHOTO,
107 OperationObject::PAH_MULTISTAGES_CAPTURE,
108 OperationObject::STORY_ALBUM,
109 OperationObject::STORY_COVER,
110 OperationObject::STORY_PLAY,
111 OperationObject::USER_PHOTOGRAPHY,
112 OperationObject::PAH_BATCH_THUMBNAIL_OPERATE,
113 OperationObject::INDEX_CONSTRUCTION_STATUS,
114 OperationObject::MEDIA_APP_URI_PERMISSION,
115 OperationObject::PAH_CLOUD_ENHANCEMENT_OPERATE,
116 OperationObject::ANALYSIS_ASSET_SD_MAP,
117 OperationObject::ANALYSIS_ALBUM_ASSET_MAP,
118 OperationObject::CLOUD_MEDIA_ASSET_OPERATE,
119 };
120
Create(const unique_ptr<Runtime> & runtime)121 MediaDataShareExtAbility* MediaDataShareExtAbility::Create(const unique_ptr<Runtime>& runtime)
122 {
123 return new MediaDataShareExtAbility(static_cast<Runtime&>(*runtime));
124 }
125
MediaDataShareExtAbility(Runtime & runtime)126 MediaDataShareExtAbility::MediaDataShareExtAbility(Runtime& runtime) : DataShareExtAbility(), runtime_(runtime) {}
127
~MediaDataShareExtAbility()128 MediaDataShareExtAbility::~MediaDataShareExtAbility()
129 {
130 }
131
Init(const shared_ptr<AbilityLocalRecord> & record,const shared_ptr<OHOSApplication> & application,shared_ptr<AbilityHandler> & handler,const sptr<IRemoteObject> & token)132 void MediaDataShareExtAbility::Init(const shared_ptr<AbilityLocalRecord> &record,
133 const shared_ptr<OHOSApplication> &application, shared_ptr<AbilityHandler> &handler,
134 const sptr<IRemoteObject> &token)
135 {
136 if ((record == nullptr) || (application == nullptr) || (handler == nullptr) || (token == nullptr)) {
137 MEDIA_ERR_LOG("MediaDataShareExtAbility::init failed, some object is nullptr");
138 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
139 return;
140 }
141 DataShareExtAbility::Init(record, application, handler, token);
142 }
143
IsStartBeforeUserUnlock()144 static bool IsStartBeforeUserUnlock()
145 {
146 int32_t activeUserId = 0;
147 ErrCode ret = OHOS::AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(activeUserId);
148 if (ret != ERR_OK) {
149 MEDIA_ERR_LOG("GetForegroundOsAccountLocalId fail, ret code %{public}d, result is not credible", ret);
150 return false;
151 }
152 MEDIA_INFO_LOG("Current active account is %{public}d ", activeUserId);
153 bool isAccountVerified = true; // Assume verified to avoid unknown killing
154 ErrCode err = AccountSA::OsAccountManager::IsOsAccountVerified(activeUserId, isAccountVerified);
155 if (err != ERR_OK) {
156 MEDIA_ERR_LOG("Check activeUserId fail caused by %{public}d, check result is not credible", err);
157 return false;
158 }
159 MEDIA_INFO_LOG("Current user verification result: %{public}d", isAccountVerified);
160 return !isAccountVerified;
161 }
162
InitPermissionHandler()163 void MediaDataShareExtAbility::InitPermissionHandler()
164 {
165 MEDIA_DEBUG_LOG("InitPermissionHandler begin");
166 // 构造鉴权处理器责任链
167 auto mediaToolPermissionHandler = std::make_shared<MediaToolPermissionHandler>();
168 auto grantPermissionHandler = std::make_shared<GrantPermissionHandler>();
169 grantPermissionHandler->SetNextHandler(mediaToolPermissionHandler);
170 auto dbPermissionHandler = std::make_shared<DbPermissionHandler>();
171 dbPermissionHandler->SetNextHandler(grantPermissionHandler);
172 permissionHandler_ = std::make_shared<ReadWritePermissionHandler>();
173 permissionHandler_->SetNextHandler(dbPermissionHandler);
174 MEDIA_DEBUG_LOG("InitPermissionHandler end:permissionHandler_=%{public}d", permissionHandler_ != nullptr);
175 }
176
CheckUnlockScene(int64_t startTime)177 static bool CheckUnlockScene(int64_t startTime)
178 {
179 if (IsStartBeforeUserUnlock()) {
180 DfxReporter::ReportStartResult(DfxType::CHECK_USER_UNLOCK_FAIL, 0, startTime);
181 MEDIA_INFO_LOG("%{public}s Killing self caused by booting before unlocking", __func__);
182 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
183 return false;
184 }
185
186 bool isMediaPathExists = MediaFileUtils::IsDirectory(ROOT_MEDIA_DIR);
187 if (!isMediaPathExists) {
188 DfxReporter::ReportStartResult(DfxType::CHECK_MEDIA_PATH_UNLOCK_FAIL, 0, startTime);
189 MEDIA_INFO_LOG("%{public}s Killing self caused by media path unmounted", __func__);
190 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
191 return false;
192 }
193
194 return true;
195 }
196
OnStartSub(const AAFwk::Want & want)197 void MediaDataShareExtAbility::OnStartSub(const AAFwk::Want &want)
198 {
199 MultiStagesPhotoCaptureManager::GetInstance().Init();
200 MultiStagesVideoCaptureManager::GetInstance().Init();
201 MtpManager::GetInstance().Init();
202 EnhancementManager::GetInstance().InitAsync();
203 }
204
RestartCloudMediaAssetDownload()205 static void RestartCloudMediaAssetDownload()
206 {
207 std::thread([&] {
208 MEDIA_INFO_LOG("enter RestartCloudMediaAssetDownload.");
209 if (!CloudSyncUtils::IsCloudSyncSwitchOn()) {
210 MEDIA_INFO_LOG("Cloud sync switch off");
211 return;
212 }
213 if (!CloudSyncUtils::IsCloudDataAgingPolicyOn()) {
214 CloudMediaAssetManager::GetInstance().CancelDownloadCloudAsset();
215 return;
216 }
217 CloudMediaAssetManager::GetInstance().StartDownloadCloudAsset(CloudMediaDownloadType::DOWNLOAD_GENTLE);
218 }).detach();
219 }
220
OnStart(const AAFwk::Want & want)221 void MediaDataShareExtAbility::OnStart(const AAFwk::Want &want)
222 {
223 int64_t startTime = MediaFileUtils::UTCTimeMilliSeconds();
224 MEDIA_INFO_LOG("%{public}s begin.", __func__);
225 Extension::OnStart(want);
226 auto context = AbilityRuntime::Context::GetApplicationContext();
227 if (context == nullptr) {
228 DfxReporter::ReportStartResult(DfxType::START_CONTEXT_FAIL, 0, startTime);
229 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
230 return;
231 }
232 MEDIA_INFO_LOG("%{public}s runtime language %{public}d", __func__, runtime_.GetLanguage());
233 InitPermissionHandler();
234 auto dataManager = MediaLibraryDataManager::GetInstance();
235 if (dataManager == nullptr) {
236 DfxReporter::ReportStartResult(DfxType::START_DATAMANAGER_FAIL, 0, startTime);
237 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
238 return;
239 }
240 if (!CheckUnlockScene(startTime)) {
241 return;
242 }
243 auto extensionContext = GetContext();
244 int32_t sceneCode = DfxType::START_SUCCESS;
245 int32_t ret = dataManager->InitMediaLibraryMgr(context, extensionContext, sceneCode);
246 if (ret != E_OK) {
247 MEDIA_ERR_LOG("Failed to init MediaLibraryMgr");
248 if (sceneCode == DfxType::START_RDB_STORE_FAIL) {
249 DfxReporter::ReportStartResult(sceneCode, ret, startTime);
250 }
251 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
252 return;
253 }
254 dataManager->SetOwner(static_pointer_cast<MediaDataShareExtAbility>(shared_from_this()));
255
256 DfxManager::GetInstance();
257 auto scannerManager = MediaScannerManager::GetInstance();
258 if (scannerManager == nullptr) {
259 DfxReporter::ReportStartResult(DfxType::START_SCANNER_FAIL, 0, startTime);
260 DelayedSingleton<AppExecFwk::AppMgrClient>::GetInstance()->KillApplicationSelf();
261 return;
262 }
263 OnStartSub(want);
264 Media::MedialibrarySubscriber::Subscribe();
265 dataManager->SetStartupParameter();
266 RestartCloudMediaAssetDownload();
267 DfxReporter::ReportStartResult(DfxType::START_SUCCESS, 0, startTime);
268 }
269
OnStop()270 void MediaDataShareExtAbility::OnStop()
271 {
272 MEDIA_INFO_LOG("%{public}s begin.", __func__);
273 auto scannerManager = MediaScannerManager::GetInstance();
274 if (scannerManager != nullptr) {
275 scannerManager->Stop();
276 }
277 MediaLibraryDataManager::GetInstance()->ClearMediaLibraryMgr();
278 MedialibraryAppStateObserverManager::GetInstance().UnSubscribeAppState();
279 MEDIA_INFO_LOG("%{public}s end.", __func__);
280 }
281
OnConnect(const AAFwk::Want & want)282 sptr<IRemoteObject> MediaDataShareExtAbility::OnConnect(const AAFwk::Want &want)
283 {
284 MEDIA_INFO_LOG("%{public}s begin. ", __func__);
285 Extension::OnConnect(want);
286 sptr<MediaDataShareStubImpl> remoteObject = new (nothrow) MediaDataShareStubImpl(
287 static_pointer_cast<MediaDataShareExtAbility>(shared_from_this()),
288 nullptr);
289 if (remoteObject == nullptr) {
290 MEDIA_ERR_LOG("%{public}s No memory allocated for DataShareStubImpl", __func__);
291 return nullptr;
292 }
293 MEDIA_INFO_LOG("%{public}s end.", __func__);
294 return remoteObject->AsObject();
295 }
296
GetFileTypes(const Uri & uri,const string & mimeTypeFilter)297 vector<string> MediaDataShareExtAbility::GetFileTypes(const Uri &uri, const string &mimeTypeFilter)
298 {
299 vector<string> ret;
300 return ret;
301 }
302
FillV10Perms(const MediaType mediaType,const bool containsRead,const bool containsWrite,vector<string> & perm)303 static void FillV10Perms(const MediaType mediaType, const bool containsRead, const bool containsWrite,
304 vector<string> &perm)
305 {
306 if (containsRead) {
307 if (mediaType == MEDIA_TYPE_IMAGE || mediaType == MEDIA_TYPE_VIDEO ||
308 mediaType == Media::MEDIA_TYPE_PHOTO || mediaType == Media::MEDIA_TYPE_ALBUM) {
309 perm.push_back(PERM_READ_IMAGEVIDEO);
310 } else if (mediaType == MEDIA_TYPE_AUDIO) {
311 perm.push_back(PERM_READ_AUDIO);
312 } else if (mediaType == MEDIA_TYPE_FILE) {
313 perm.push_back(PERM_READ_IMAGEVIDEO);
314 perm.push_back(PERM_READ_AUDIO);
315 perm.push_back(PERM_READ_DOCUMENT);
316 }
317 }
318 if (containsWrite) {
319 if (mediaType == MEDIA_TYPE_IMAGE || mediaType == MEDIA_TYPE_VIDEO ||
320 mediaType == Media::MEDIA_TYPE_PHOTO || mediaType == Media::MEDIA_TYPE_ALBUM) {
321 perm.push_back(PERM_WRITE_IMAGEVIDEO);
322 } else if (mediaType == MEDIA_TYPE_AUDIO) {
323 perm.push_back(PERM_WRITE_AUDIO);
324 } else if (mediaType == MEDIA_TYPE_FILE) {
325 perm.push_back(PERM_WRITE_IMAGEVIDEO);
326 perm.push_back(PERM_WRITE_AUDIO);
327 perm.push_back(PERM_WRITE_DOCUMENT);
328 }
329 }
330 }
331
FillDeprecatedPerms(const bool containsRead,const bool containsWrite,vector<string> & perm)332 static void FillDeprecatedPerms(const bool containsRead, const bool containsWrite, vector<string> &perm)
333 {
334 if (containsRead) {
335 perm.push_back(PERMISSION_NAME_READ_MEDIA);
336 }
337 if (containsWrite) {
338 perm.push_back(PERMISSION_NAME_WRITE_MEDIA);
339 }
340 }
341
ContainsFlag(const string & mode,const char flag)342 static inline bool ContainsFlag(const string &mode, const char flag)
343 {
344 return mode.find(flag) != string::npos;
345 }
346
CollectPermissionInfo(MediaLibraryCommand & cmd,const string & mode,const bool permGranted,PermissionUsedType type)347 static void CollectPermissionInfo(MediaLibraryCommand &cmd, const string &mode,
348 const bool permGranted, PermissionUsedType type)
349 {
350 if ((cmd.GetOprnObject() == OperationObject::FILESYSTEM_PHOTO) ||
351 (cmd.GetOprnObject() == OperationObject::THUMBNAIL) ||
352 (cmd.GetOprnObject() == OperationObject::THUMBNAIL_ASTC)) {
353 if (mode.find("r") != string::npos) {
354 PermissionUtils::CollectPermissionInfo(PERM_READ_IMAGEVIDEO, permGranted, type);
355 }
356 if (mode.find("w") != string::npos) {
357 PermissionUtils::CollectPermissionInfo(PERM_WRITE_IMAGEVIDEO, permGranted, type);
358 }
359 }
360 }
361
CheckOpenFilePermission(MediaLibraryCommand & cmd,string & mode)362 static int32_t CheckOpenFilePermission(MediaLibraryCommand &cmd, string &mode)
363 {
364 MEDIA_DEBUG_LOG("uri: %{private}s mode: %{private}s", cmd.GetUri().ToString().c_str(), mode.c_str());
365 MediaType mediaType = MediaFileUri::GetMediaTypeFromUri(cmd.GetUri().ToString());
366 const bool containsRead = ContainsFlag(mode, 'r');
367 const bool containsWrite = ContainsFlag(mode, 'w');
368
369 if (cmd.GetQuerySetParam(IS_TOOL_OPEN) == TOOL_OPEN_TRUE) {
370 return IsDeveloperMediaTool(cmd, mode)? E_SUCCESS : E_PERMISSION_DENIED;
371 }
372 vector<string> perms;
373 FillV10Perms(mediaType, containsRead, containsWrite, perms);
374 if ((cmd.GetOprnObject() == OperationObject::FILESYSTEM_PHOTO) ||
375 (cmd.GetOprnObject() == OperationObject::THUMBNAIL) ||
376 (cmd.GetOprnObject() == OperationObject::THUMBNAIL_ASTC)) {
377 return PermissionUtils::CheckPhotoCallerPermission(perms)? E_SUCCESS : E_PERMISSION_DENIED;
378 }
379 int32_t err = (mediaType == MEDIA_TYPE_FILE) ?
380 (PermissionUtils::CheckHasPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED) :
381 (PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED);
382 if (err == E_SUCCESS) {
383 return E_SUCCESS;
384 }
385 // Try to check deprecated permissions
386 perms.clear();
387 FillDeprecatedPerms(containsRead, containsWrite, perms);
388 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
389 }
390
AddHiddenAlbumPermission(MediaLibraryCommand & cmd,vector<string> & outPerms)391 static inline void AddHiddenAlbumPermission(MediaLibraryCommand &cmd, vector<string> &outPerms)
392 {
393 Media::OperationType type = cmd.GetOprnType();
394 if (type == Media::OperationType::QUERY_HIDDEN) {
395 outPerms.push_back(PERM_MANAGE_PRIVATE_PHOTOS);
396 }
397 }
398
SystemApiCheck(MediaLibraryCommand & cmd)399 static int32_t SystemApiCheck(MediaLibraryCommand &cmd)
400 {
401 static const set<OperationObject> SYSTEM_API_OBJECTS = {
402 OperationObject::UFM_PHOTO,
403 OperationObject::UFM_AUDIO,
404 OperationObject::UFM_ALBUM,
405 OperationObject::UFM_MAP,
406 OperationObject::SMART_ALBUM,
407
408 OperationObject::ALL_DEVICE,
409 OperationObject::ACTIVE_DEVICE,
410 OperationObject::PAH_FORM_MAP,
411 };
412
413 static const set<string> SYSTEM_API_URIS = {
414 // Deleting asset permanently from system is only allowed for system apps.
415 URI_DELETE_PHOTOS,
416 // Deleting asset to trash album directly without a pop-up box is only allowed for system apps.
417 UFM_DELETE_PHOTOS,
418 PAH_DELETE_PHOTOS,
419 };
420
421 OperationObject obj = cmd.GetOprnObject();
422 string uri = cmd.GetUriStringWithoutSegment();
423 if (SYSTEM_API_OBJECTS.find(obj) != SYSTEM_API_OBJECTS.end() ||
424 (SYSTEM_API_URIS.find(uri) != SYSTEM_API_URIS.end())) {
425 if (!PermissionUtils::IsSystemApp()) {
426 MEDIA_ERR_LOG("Systemapi should only be called by system applications!");
427 return E_CHECK_SYSTEMAPP_FAIL;
428 }
429 }
430 return E_SUCCESS;
431 }
432
HandleMediaVolumePerm()433 static inline int32_t HandleMediaVolumePerm()
434 {
435 return PermissionUtils::CheckCallerPermission(PERMISSION_NAME_READ_MEDIA) ? E_SUCCESS : E_PERMISSION_DENIED;
436 }
437
HandleBundlePermCheck()438 static inline int32_t HandleBundlePermCheck()
439 {
440 bool ret = PermissionUtils::CheckCallerPermission(PERMISSION_NAME_WRITE_MEDIA);
441 if (ret) {
442 return E_SUCCESS;
443 }
444
445 return PermissionUtils::CheckHasPermission(WRITE_PERMS_V10) ? E_SUCCESS : E_PERMISSION_DENIED;
446 }
447
HandleNoPermCheck(MediaLibraryCommand & cmd)448 static int32_t HandleNoPermCheck(MediaLibraryCommand &cmd)
449 {
450 static const set<string> NO_NEED_PERM_CHECK_URI = {
451 URI_CLOSE_FILE,
452 MEDIALIBRARY_DIRECTORY_URI,
453 };
454
455 static const set<OperationObject> NO_NEED_PERM_CHECK_OBJ = {
456 OperationObject::ALL_DEVICE,
457 OperationObject::ACTIVE_DEVICE,
458 OperationObject::MISCELLANEOUS,
459 };
460
461 string uri = cmd.GetUri().ToString();
462 OperationObject obj = cmd.GetOprnObject();
463 if (NO_NEED_PERM_CHECK_URI.find(uri) != NO_NEED_PERM_CHECK_URI.end() ||
464 NO_NEED_PERM_CHECK_OBJ.find(obj) != NO_NEED_PERM_CHECK_OBJ.end()) {
465 return E_SUCCESS;
466 }
467 return E_NEED_FURTHER_CHECK;
468 }
469
HandleSecurityComponentPermission(MediaLibraryCommand & cmd)470 static int32_t HandleSecurityComponentPermission(MediaLibraryCommand &cmd)
471 {
472 if (cmd.GetUri().ToString().find(OPRN_CREATE_COMPONENT) != string::npos ||
473 cmd.GetUri().ToString().find(OPRN_SAVE_CAMERA_PHOTO_COMPONENT) != string::npos) {
474 #ifdef MEDIALIBRARY_SECURITY_OPEN
475 auto tokenId = PermissionUtils::GetTokenId();
476 if (!Security::SecurityComponent::SecCompKit::VerifySavePermission(tokenId)) {
477 MEDIA_ERR_LOG("Failed to verify save permission of security component");
478 return E_NEED_FURTHER_CHECK;
479 }
480 return E_SUCCESS;
481 #else
482 MEDIA_ERR_LOG("Security component is not existed");
483 return E_NEED_FURTHER_CHECK;
484 #endif
485 }
486 return E_NEED_FURTHER_CHECK;
487 }
488
HandleShortPermission(bool & need)489 static int32_t HandleShortPermission(bool &need)
490 {
491 int32_t err = PermissionUtils::CheckPhotoCallerPermission(PERM_SHORT_TERM_WRITE_IMAGEVIDEO) ? E_SUCCESS :
492 E_PERMISSION_DENIED;
493 if (!err) {
494 need = true;
495 } else {
496 need = false;
497 }
498 return err;
499 }
500
HandleRestorePermission(MediaLibraryCommand & cmd)501 static int32_t HandleRestorePermission(MediaLibraryCommand &cmd)
502 {
503 if (cmd.GetUriStringWithoutSegment() == PAH_GENERATE_THUMBNAILS_RESTORE) {
504 return PermissionUtils::CheckCallerPermission(PERM_READ_IMAGEVIDEO) ? E_SUCCESS : E_PERMISSION_DENIED;
505 }
506 return E_PERMISSION_DENIED;
507 }
508
UserFileMgrPermissionCheck(MediaLibraryCommand & cmd,const bool isWrite)509 static int32_t UserFileMgrPermissionCheck(MediaLibraryCommand &cmd, const bool isWrite)
510 {
511 static const set<OperationObject> USER_FILE_MGR_OBJECTS = {
512 OperationObject::UFM_PHOTO,
513 OperationObject::UFM_AUDIO,
514 OperationObject::UFM_ALBUM,
515 OperationObject::UFM_MAP,
516 };
517
518 OperationObject obj = cmd.GetOprnObject();
519 if (USER_FILE_MGR_OBJECTS.find(obj) == USER_FILE_MGR_OBJECTS.end()) {
520 return E_NEED_FURTHER_CHECK;
521 }
522
523 int32_t err = HandleSecurityComponentPermission(cmd);
524 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
525 return err;
526 }
527
528 vector<string> perms;
529 if (obj == OperationObject::UFM_AUDIO) {
530 perms.push_back(isWrite ? PERM_WRITE_AUDIO : PERM_READ_AUDIO);
531 } else {
532 perms.push_back(isWrite ? PERM_WRITE_IMAGEVIDEO : PERM_READ_IMAGEVIDEO);
533 }
534 AddHiddenAlbumPermission(cmd, perms);
535 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
536 }
537
PhotoAccessHelperPermCheck(MediaLibraryCommand & cmd,const bool isWrite)538 static int32_t PhotoAccessHelperPermCheck(MediaLibraryCommand &cmd, const bool isWrite)
539 {
540 int32_t err = HandleSecurityComponentPermission(cmd);
541 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
542 return err;
543 }
544
545 OperationObject obj = cmd.GetOprnObject();
546 if (PHOTO_ACCESS_HELPER_OBJECTS.find(obj) == PHOTO_ACCESS_HELPER_OBJECTS.end()) {
547 return E_NEED_FURTHER_CHECK;
548 }
549 vector<string> perms;
550 AddHiddenAlbumPermission(cmd, perms);
551 perms.push_back(isWrite ? PERM_WRITE_IMAGEVIDEO : PERM_READ_IMAGEVIDEO);
552 return PermissionUtils::CheckCallerPermission(perms) ? E_SUCCESS : E_PERMISSION_DENIED;
553 }
554
HandleSpecialObjectPermission(MediaLibraryCommand & cmd,bool isWrite)555 static int32_t HandleSpecialObjectPermission(MediaLibraryCommand &cmd, bool isWrite)
556 {
557 int err = HandleNoPermCheck(cmd);
558 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
559 return err;
560 }
561
562 OperationObject obj = cmd.GetOprnObject();
563 if (obj == OperationObject::MEDIA_VOLUME) {
564 return HandleMediaVolumePerm();
565 } else if (obj == OperationObject::BUNDLE_PERMISSION) {
566 return HandleBundlePermCheck();
567 }
568
569 return E_NEED_FURTHER_CHECK;
570 }
571
UnifyOprnObject(MediaLibraryCommand & cmd)572 static void UnifyOprnObject(MediaLibraryCommand &cmd)
573 {
574 static const unordered_map<OperationObject, OperationObject> UNIFY_OP_OBJECT_MAP = {
575 { OperationObject::UFM_PHOTO, OperationObject::FILESYSTEM_PHOTO },
576 { OperationObject::UFM_AUDIO, OperationObject::FILESYSTEM_AUDIO },
577 { OperationObject::UFM_ALBUM, OperationObject::PHOTO_ALBUM },
578 { OperationObject::UFM_MAP, OperationObject::PHOTO_MAP },
579 { OperationObject::PAH_PHOTO, OperationObject::FILESYSTEM_PHOTO },
580 { OperationObject::PAH_ALBUM, OperationObject::PHOTO_ALBUM },
581 { OperationObject::PAH_MAP, OperationObject::PHOTO_MAP },
582 { OperationObject::TOOL_PHOTO, OperationObject::FILESYSTEM_PHOTO },
583 { OperationObject::TOOL_AUDIO, OperationObject::FILESYSTEM_AUDIO },
584 { OperationObject::TOOL_ALBUM, OperationObject::PHOTO_ALBUM },
585 };
586
587 OperationObject obj = cmd.GetOprnObject();
588 if (UNIFY_OP_OBJECT_MAP.find(obj) != UNIFY_OP_OBJECT_MAP.end()) {
589 cmd.SetOprnObject(UNIFY_OP_OBJECT_MAP.at(obj));
590 }
591 }
592
MediatoolPermCheck(MediaLibraryCommand & cmd)593 static int32_t MediatoolPermCheck(MediaLibraryCommand &cmd)
594 {
595 if (IsMediatoolOperation(cmd)) {
596 if (!IsDeveloperMediaTool(cmd)) {
597 return E_PERMISSION_DENIED;
598 }
599 return E_SUCCESS;
600 } else {
601 return E_NEED_FURTHER_CHECK;
602 }
603 }
604
CheckPermFromUri(MediaLibraryCommand & cmd,bool isWrite)605 static int32_t CheckPermFromUri(MediaLibraryCommand &cmd, bool isWrite)
606 {
607 MEDIA_DEBUG_LOG("uri: %{private}s object: %{public}d, opType: %{public}d isWrite: %{public}d",
608 cmd.GetUri().ToString().c_str(), cmd.GetOprnObject(), cmd.GetOprnType(), isWrite);
609
610 int err = SystemApiCheck(cmd);
611 if (err != E_SUCCESS) {
612 return err;
613 }
614 err = MediatoolPermCheck(cmd);
615 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
616 UnifyOprnObject(cmd);
617 return err;
618 }
619 err = PhotoAccessHelperPermCheck(cmd, isWrite);
620 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
621 UnifyOprnObject(cmd);
622 return err;
623 }
624 err = UserFileMgrPermissionCheck(cmd, isWrite);
625 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
626 UnifyOprnObject(cmd);
627 return err;
628 }
629 err = HandleSpecialObjectPermission(cmd, isWrite);
630 if (err == E_SUCCESS || (err != E_SUCCESS && err != E_NEED_FURTHER_CHECK)) {
631 UnifyOprnObject(cmd);
632 return err;
633 }
634
635 // Finally, we should check the permission of medialibrary interfaces.
636 string perm = isWrite ? PERMISSION_NAME_WRITE_MEDIA : PERMISSION_NAME_READ_MEDIA;
637 err = PermissionUtils::CheckCallerPermission(perm) ? E_SUCCESS : E_PERMISSION_DENIED;
638 if (err < 0) {
639 return err;
640 }
641 UnifyOprnObject(cmd);
642 return E_SUCCESS;
643 }
644
CheckIsOwner(const Uri & uri,MediaLibraryCommand & cmd,const string & mode)645 static bool CheckIsOwner(const Uri &uri, MediaLibraryCommand &cmd, const string &mode)
646 {
647 auto ret = false;
648 string unifyMode = mode;
649 if (cmd.GetTableName() == PhotoColumn::PHOTOS_TABLE || cmd.GetTableName() == AudioColumn::AUDIOS_TABLE ||
650 cmd.GetTableName() == MEDIALIBRARY_TABLE) {
651 std::vector<std::string> columns;
652 DatashareBusinessError businessError;
653 int errCode = businessError.GetCode();
654 string clientAppId = GetClientAppId();
655 string fileId = MediaFileUtils::GetIdFromUri(uri.ToString());
656 DataSharePredicates predicates;
657 predicates.And()->EqualTo("file_id", fileId);
658 predicates.And()->EqualTo("owner_appid", clientAppId);
659 if (clientAppId.empty() || fileId.empty()) {
660 return false;
661 }
662 auto queryResultSet = MediaLibraryDataManager::GetInstance()->Query(cmd, columns, predicates, errCode);
663 auto count = 0;
664 if (queryResultSet != nullptr) {
665 queryResultSet->GetRowCount(count);
666 if (count != 0) {
667 ret = true;
668 CollectPermissionInfo(cmd, unifyMode, true,
669 PermissionUsedTypeValue::SECURITY_COMPONENT_TYPE);
670 }
671 }
672 }
673 return ret;
674 }
675
AddOwnerCheck(MediaLibraryCommand & cmd,DataSharePredicates & appidPredicates)676 static bool AddOwnerCheck(MediaLibraryCommand &cmd, DataSharePredicates &appidPredicates)
677 {
678 if (cmd.GetTableName() != PhotoColumn::PHOTOS_TABLE && cmd.GetTableName() != AudioColumn::AUDIOS_TABLE &&
679 cmd.GetTableName() != MEDIALIBRARY_TABLE) {
680 return false;
681 }
682 string clientAppId = GetClientAppId();
683 if (clientAppId.empty()) {
684 return false;
685 }
686 appidPredicates.And()->EqualTo("owner_appid", clientAppId);
687 return true;
688 }
689
GetFlagFromMode(const string & mode)690 static uint32_t GetFlagFromMode(const string &mode)
691 {
692 if (mode.find("w") != string::npos) {
693 return AAFwk::Want::FLAG_AUTH_WRITE_URI_PERMISSION;
694 }
695 return AAFwk::Want::FLAG_AUTH_READ_URI_PERMISSION;
696 }
697
CheckPermissionForOpenFile(const Uri & uri,MediaLibraryCommand & command,string & unifyMode)698 int MediaDataShareExtAbility::CheckPermissionForOpenFile(const Uri &uri,
699 MediaLibraryCommand &command, string &unifyMode)
700 {
701 PermParam permParam = {
702 .isWrite = false,
703 .isOpenFile = true,
704 .openFileNode = unifyMode
705 };
706 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
707 int err = permissionHandler_->CheckPermission(command, permParam);
708 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
709 if (err != E_SUCCESS) {
710 err = CheckOpenFilePermission(command, unifyMode);
711 }
712 if (err == E_PERMISSION_DENIED) {
713 err = UriPermissionOperations::CheckUriPermission(command.GetUriStringWithoutSegment(), unifyMode);
714 if (err != E_OK) {
715 auto& uriPermissionClient = AAFwk::UriPermissionManagerClient::GetInstance();
716 if (uriPermissionClient.VerifyUriPermission(Uri(command.GetUriStringWithoutSegment()),
717 GetFlagFromMode(unifyMode), IPCSkeleton::GetCallingTokenID())) {
718 CollectPermissionInfo(command, unifyMode, true, PermissionUsedTypeValue::PICKER_TYPE);
719 err = E_OK;
720 }
721 }
722 if (err != E_OK) {
723 CollectPermissionInfo(command, unifyMode, false, PermissionUsedTypeValue::PICKER_TYPE);
724 if (!CheckIsOwner(uri, command, unifyMode)) {
725 MEDIA_ERR_LOG("Permission Denied! err = %{public}d", err);
726 CollectPermissionInfo(command, unifyMode, false,
727 PermissionUsedTypeValue::SECURITY_COMPONENT_TYPE);
728 return err;
729 } else {
730 return E_OK;
731 }
732 }
733 }
734 return err;
735 }
736
OpenFile(const Uri & uri,const string & mode)737 int MediaDataShareExtAbility::OpenFile(const Uri &uri, const string &mode)
738 {
739 #ifdef MEDIALIBRARY_COMPATIBILITY
740 string realUriStr = MediaFileUtils::GetRealUriFromVirtualUri(uri.ToString());
741 Uri realUri(realUriStr);
742 MediaLibraryCommand command(realUri, Media::OperationType::OPEN);
743
744 #else
745 MediaLibraryCommand command(uri, Media::OperationType::OPEN);
746 #endif
747
748 string unifyMode = mode;
749 transform(unifyMode.begin(), unifyMode.end(), unifyMode.begin(), ::tolower);
750 int err = CheckPermissionForOpenFile(uri, command, unifyMode);
751 if (err < 0) {
752 MEDIA_ERR_LOG("permission deny: %{public}d", err);
753 return err;
754 }
755 int32_t object = static_cast<int32_t>(command.GetOprnObject());
756 int32_t type = static_cast<int32_t>(command.GetOprnType());
757 DfxTimer dfxTimer(type, object, OPEN_FILE_TIME_OUT, true);
758 if (command.GetUri().ToString().find(MEDIA_DATA_DB_THUMBNAIL) != string::npos) {
759 command.SetOprnObject(OperationObject::THUMBNAIL);
760 }
761 if (command.GetUri().ToString().find(MEDIA_DATA_DB_THUMB_ASTC) != string::npos) {
762 command.SetOprnObject(OperationObject::THUMBNAIL_ASTC);
763 }
764 if (command.GetUri().ToString().find(PhotoColumn::PHOTO_CACHE_URI_PREFIX) != string::npos) {
765 command.SetOprnObject(OperationObject::FILESYSTEM_PHOTO);
766 }
767 if (command.GetUri().ToString().find(PhotoColumn::HIGHTLIGHT_URI) != string::npos) {
768 command.SetOprnObject(OperationObject::HIGHLIGHT_URI);
769 } else if (command.GetUri().ToString().find(MEDIA_DATA_DB_HIGHLIGHT) != string::npos) {
770 command.SetOprnObject(OperationObject::HIGHLIGHT_COVER);
771 }
772 if (command.GetUri().ToString().find(PhotoColumn::PHOTO_REQUEST_PICTURE) != string::npos) {
773 command.SetOprnObject(OperationObject::REQUEST_PICTURE);
774 }
775 if (command.GetUri().ToString().find(PhotoColumn::PHOTO_REQUEST_PICTURE_BUFFER) != string::npos) {
776 command.SetOprnObject(OperationObject::PHOTO_REQUEST_PICTURE_BUFFER);
777 }
778 return MediaLibraryDataManager::GetInstance()->OpenFile(command, unifyMode);
779 }
780
OpenRawFile(const Uri & uri,const string & mode)781 int MediaDataShareExtAbility::OpenRawFile(const Uri &uri, const string &mode)
782 {
783 return 0;
784 }
785
Insert(const Uri & uri,const DataShareValuesBucket & value)786 int MediaDataShareExtAbility::Insert(const Uri &uri, const DataShareValuesBucket &value)
787 {
788 MediaLibraryCommand cmd(uri);
789 PermParam permParam = {
790 .isWrite = true,
791 };
792 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
793 int err = permissionHandler_->CheckPermission(cmd, permParam);
794 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
795 if (err != E_SUCCESS) {
796 err = CheckPermFromUri(cmd, true);
797 }
798 if (err != E_SUCCESS) {
799 return err;
800 }
801 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
802 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
803 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
804 return MediaLibraryDataManager::GetInstance()->Insert(cmd, value);
805 }
806
InsertExt(const Uri & uri,const DataShareValuesBucket & value,string & result)807 int MediaDataShareExtAbility::InsertExt(const Uri &uri, const DataShareValuesBucket &value, string &result)
808 {
809 MediaLibraryCommand cmd(uri);
810 PermParam permParam = {
811 .isWrite = true,
812 };
813 bool needToResetTime = false;
814 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
815 int err = permissionHandler_->CheckPermission(cmd, permParam);
816 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
817 if (err != E_SUCCESS) {
818 err = CheckPermFromUri(cmd, true);
819 }
820 if ((err != E_SUCCESS) && cmd.GetUriStringWithoutSegment() == PAH_CREATE_PHOTO)
821 err = HandleShortPermission(needToResetTime);
822 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
823 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
824 if (err < 0) {
825 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
826 return err;
827 }
828
829 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
830 int32_t ret = MediaLibraryDataManager::GetInstance()->InsertExt(cmd, value, result);
831 if (needToResetTime) {
832 AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
833 Security::AccessToken::AccessTokenKit::GrantPermissionForSpecifiedTime(tokenCaller,
834 PERM_SHORT_TERM_WRITE_IMAGEVIDEO, THREE_HUNDERD_S);
835 }
836 return ret;
837 }
838
CheckCloudSyncPermission()839 static bool CheckCloudSyncPermission()
840 {
841 if (!PermissionUtils::CheckCallerPermission(PERM_CLOUD_SYNC_MANAGER)) {
842 MEDIA_ERR_LOG("permission denied");
843 return false;
844 }
845 return true;
846 }
847
Update(const Uri & uri,const DataSharePredicates & predicates,const DataShareValuesBucket & value)848 int MediaDataShareExtAbility::Update(const Uri &uri, const DataSharePredicates &predicates,
849 const DataShareValuesBucket &value)
850 {
851 MediaLibraryCommand cmd(uri);
852 if (cmd.GetOprnObject() == OperationObject::CLOUD_MEDIA_ASSET_OPERATE) {
853 if (!CheckCloudSyncPermission()) {
854 return E_PERMISSION_DENIED;
855 }
856 return CloudMediaAssetManager::GetInstance().HandleCloudMediaAssetUpdateOperations(cmd);
857 }
858 PermParam permParam = {
859 .isWrite = true,
860 };
861 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
862 cmd.SetDataSharePred(predicates);
863 int err = permissionHandler_->CheckPermission(cmd, permParam);
864 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
865 if (err != E_SUCCESS) {
866 err = CheckPermFromUri(cmd, true);
867 }
868 if (err != E_SUCCESS) {
869 err = HandleRestorePermission(cmd);
870 }
871 bool isMediatoolOperation = IsMediatoolOperation(cmd);
872 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
873 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
874 DataSharePredicates appidPredicates = predicates;
875
876 if (err != E_SUCCESS) {
877 if (isMediatoolOperation) {
878 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
879 return err;
880 }
881 if (!AddOwnerCheck(cmd, appidPredicates)) {
882 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
883 return err;
884 }
885 }
886
887 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
888 auto updateRet = MediaLibraryDataManager::GetInstance()->Update(cmd, value, appidPredicates);
889 if (err < 0 && updateRet <= 0) {
890 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
891 return err;
892 }
893 return updateRet;
894 }
895
Delete(const Uri & uri,const DataSharePredicates & predicates)896 int MediaDataShareExtAbility::Delete(const Uri &uri, const DataSharePredicates &predicates)
897 {
898 MediaLibraryCommand cmd(uri, Media::OperationType::DELETE);
899 PermParam permParam = {
900 .isWrite = true,
901 };
902 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, E_PERMISSION_DENIED, "permissionHandler_ is nullptr");
903 cmd.SetDataSharePred(predicates);
904 int err = permissionHandler_->CheckPermission(cmd, permParam);
905 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
906 if (err != E_SUCCESS) {
907 err = CheckPermFromUri(cmd, true);
908 }
909 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
910 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
911 if (err != E_SUCCESS) {
912 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
913 return err;
914 }
915
916 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
917 return MediaLibraryDataManager::GetInstance()->Delete(cmd, predicates);
918 }
919
Query(const Uri & uri,const DataSharePredicates & predicates,vector<string> & columns,DatashareBusinessError & businessError)920 shared_ptr<DataShareResultSet> MediaDataShareExtAbility::Query(const Uri &uri,
921 const DataSharePredicates &predicates, vector<string> &columns, DatashareBusinessError &businessError)
922 {
923 MediaLibraryCommand cmd(uri);
924 PermParam permParam = {.isWrite = false};
925 CHECK_AND_RETURN_RET_LOG(permissionHandler_ != nullptr, nullptr, "permissionHandler_ is nullptr");
926 cmd.SetDataSharePred(predicates);
927 int err = permissionHandler_->CheckPermission(cmd, permParam);
928 MEDIA_DEBUG_LOG("permissionHandler_ err=%{public}d", err);
929 if (err != E_SUCCESS) {
930 err = CheckPermFromUri(cmd, false);
931 }
932 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
933 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
934 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
935 bool isMediatoolOperation = IsMediatoolOperation(cmd);
936 int errCode = businessError.GetCode();
937 DataSharePredicates appidPredicates = predicates;
938
939 if (err != E_SUCCESS) {
940 if (isMediatoolOperation) {
941 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
942 businessError.SetCode(err);
943 return nullptr;
944 }
945 auto& uriPermissionClient = AAFwk::UriPermissionManagerClient::GetInstance();
946 if (uriPermissionClient.VerifyUriPermission(uri, AAFwk::Want::FLAG_AUTH_READ_URI_PERMISSION,
947 IPCSkeleton::GetCallingTokenID())) {
948 MEDIA_DEBUG_LOG("Permission check pass , uri = %{private}s", uri.ToString().c_str());
949 } else {
950 if (!AddOwnerCheck(cmd, appidPredicates)) {
951 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
952 businessError.SetCode(err);
953 return nullptr;
954 }
955 }
956 }
957 auto queryResultSet = MediaLibraryDataManager::GetInstance()->Query(cmd, columns, appidPredicates, errCode);
958 businessError.SetCode(to_string(errCode));
959 if (queryResultSet == nullptr) {
960 MEDIA_ERR_LOG("queryResultSet is nullptr! errCode: %{public}d", errCode);
961 businessError.SetCode(errCode);
962 return nullptr;
963 }
964 auto count = 0;
965 queryResultSet->GetRowCount(count);
966 if (err < 0 && count == 0) {
967 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
968 businessError.SetCode(err);
969 return nullptr;
970 }
971 return make_shared<DataShareResultSet>(queryResultSet);
972 }
973
GetType(const Uri & uri)974 string MediaDataShareExtAbility::GetType(const Uri &uri)
975 {
976 MEDIA_INFO_LOG("%{public}s begin.", __func__);
977 MediaLibraryCommand cmd(uri);
978 int32_t err = CheckPermFromUri(cmd, false);
979 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
980 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
981 if (err != E_SUCCESS) {
982 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
983 return "";
984 }
985 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
986 string getTypeRet = MediaLibraryDataManager::GetInstance()->GetType(uri);
987 return getTypeRet;
988 }
989
BatchInsert(const Uri & uri,const vector<DataShareValuesBucket> & values)990 int MediaDataShareExtAbility::BatchInsert(const Uri &uri, const vector<DataShareValuesBucket> &values)
991 {
992 MediaLibraryCommand cmd(uri);
993 int32_t err = CheckPermFromUri(cmd, true);
994 int32_t type = static_cast<int32_t>(cmd.GetOprnType());
995 int32_t object = static_cast<int32_t>(cmd.GetOprnObject());
996 if (err != E_SUCCESS) {
997 MEDIA_INFO_LOG("permission deny: {%{public}d, %{public}d, %{public}d}", type, object, err);
998 return err;
999 }
1000 DfxTimer dfxTimer(type, object, COMMON_TIME_OUT, true);
1001 return MediaLibraryDataManager::GetInstance()->BatchInsert(cmd, values);
1002 }
1003
RegisterObserver(const Uri & uri,const sptr<AAFwk::IDataAbilityObserver> & dataObserver)1004 bool MediaDataShareExtAbility::RegisterObserver(const Uri &uri, const sptr<AAFwk::IDataAbilityObserver> &dataObserver)
1005 {
1006 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1007 auto obsMgrClient = DataObsMgrClient::GetInstance();
1008 if (obsMgrClient == nullptr) {
1009 MEDIA_ERR_LOG("%{public}s obsMgrClient is nullptr", __func__);
1010 return false;
1011 }
1012
1013 ErrCode ret = obsMgrClient->RegisterObserver(uri, dataObserver);
1014 if (ret != ERR_OK) {
1015 MEDIA_ERR_LOG("%{public}s obsMgrClient->RegisterObserver error return %{public}d", __func__, ret);
1016 return false;
1017 }
1018 MEDIA_INFO_LOG("%{public}s end.", __func__);
1019 return true;
1020 }
1021
UnregisterObserver(const Uri & uri,const sptr<AAFwk::IDataAbilityObserver> & dataObserver)1022 bool MediaDataShareExtAbility::UnregisterObserver(const Uri &uri, const sptr<AAFwk::IDataAbilityObserver> &dataObserver)
1023 {
1024 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1025 auto obsMgrClient = DataObsMgrClient::GetInstance();
1026 if (obsMgrClient == nullptr) {
1027 MEDIA_ERR_LOG("%{public}s obsMgrClient is nullptr", __func__);
1028 return false;
1029 }
1030
1031 ErrCode ret = obsMgrClient->UnregisterObserver(uri, dataObserver);
1032 if (ret != ERR_OK) {
1033 MEDIA_ERR_LOG("%{public}s obsMgrClient->UnregisterObserver error return %{public}d", __func__, ret);
1034 return false;
1035 }
1036 MEDIA_INFO_LOG("%{public}s end.", __func__);
1037 return true;
1038 }
1039
NotifyChange(const Uri & uri)1040 bool MediaDataShareExtAbility::NotifyChange(const Uri &uri)
1041 {
1042 auto obsMgrClient = DataObsMgrClient::GetInstance();
1043 if (obsMgrClient == nullptr) {
1044 MEDIA_ERR_LOG("%{public}s obsMgrClient is nullptr", __func__);
1045 return false;
1046 }
1047
1048 ErrCode ret = obsMgrClient->NotifyChange(uri);
1049 if (ret != ERR_OK) {
1050 MEDIA_ERR_LOG("%{public}s obsMgrClient->NotifyChange error return %{public}d", __func__, ret);
1051 return false;
1052 }
1053 return true;
1054 }
1055
NormalizeUri(const Uri & uri)1056 Uri MediaDataShareExtAbility::NormalizeUri(const Uri &uri)
1057 {
1058 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1059 auto ret = uri;
1060 MEDIA_INFO_LOG("%{public}s end.", __func__);
1061 return ret;
1062 }
1063
DenormalizeUri(const Uri & uri)1064 Uri MediaDataShareExtAbility::DenormalizeUri(const Uri &uri)
1065 {
1066 MEDIA_INFO_LOG("%{public}s begin.", __func__);
1067 auto ret = uri;
1068 MEDIA_INFO_LOG("%{public}s end.", __func__);
1069 return ret;
1070 }
1071 } // namespace AbilityRuntime
1072 } // namespace OHOS
1073