diff --git a/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets b/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets index 4b7136accd1b221611c881cee2092d25be949dc3..65c7ee463517c1a565eea7d37d970a57f05eb4ae 100644 --- a/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets +++ b/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets @@ -119,6 +119,17 @@ export default namespace abilityAccessCtrl { throw err; } } + + function validateTokenAndList(tokenID: int, permissionList: Array): void { + if (typeof permissionList !== "object" || !Array.isArray(permissionList) || + permissionList.length == 0 || typeof permissionList[0] !== "string") { + let err = new BusinessError(); + err.code = STSErrorCode.STS_ERROR_PARAM_ILLEGAL; + err.data = PARAM_ERROR_MSG("permissionList", "Array"); + throw err; + } + } + native function createAtManager(): AtManager; interface AtManager { @@ -149,6 +160,34 @@ export default namespace abilityAccessCtrl { requestPermissionOnSetting( context: Context, permissionList: Array): Promise>; + + revokeUserGrantedPermissionExecute( + tokenID:int, + permissionName:Permissions, + permissionFlags:int, + ):void; + + revokeUserGrantedPermission( + tokenID:int, + permissionName:Permissions, + permissionFlags:int, + ):Promise; + + revokeUserGrantedPermission( + tokenID:int, + permissionName:Permissions, + permissionFlags:int, + callback: AsyncCallback + ):void; + + getVersionExecute():int; + getVersion(): Promise; + + getPermissionsStatusExecute( + tokenID: int, permissionList: Array): Array; + getPermissionsStatus( + tokenID: int, permissionList: Array): Promise>; + } class AtManagerInner implements AtManager { @@ -258,5 +297,75 @@ export default namespace abilityAccessCtrl { }); return p; } - } + + native revokeUserGrantedPermissionExecute(tokenID: int, permissionName: Permissions, + permissionFlags: int): void; + + revokeUserGrantedPermission(tokenID: int, permissionName: Permissions, permissionFlags: int): Promise { + validateTokenAndPermission(tokenID, permissionName); + return new Promise( + (resolve: (v: undefined) => void, reject: (error: BusinessError) => void): void => { + let p = taskpool.execute((): void => { + new AtManagerInner().revokeUserGrantedPermissionExecute(tokenID, permissionName, permissionFlags); + }); + p.then((e: NullishType): void => { + resolve(undefined); + }).catch((err: BusinessError): void => { + reject(err); + }) + }); + } + + revokeUserGrantedPermission(tokenID: int, permissionName: Permissions, + permissionFlags: int, callback:AsyncCallback): void { + validateTokenAndPermission(tokenID, permissionName); + let fun = async() => { + let job = taskpool.execute(() : void => { + new AtManagerInner().revokeUserGrantedPermissionExecute(tokenID,permissionName, + permissionFlags); + }); + job.then(()=>{ + let err = new BusinessError(); + callback(err,undefined); + },(err:BusinessError): void=> { + callback(err,undefined); + }) + } + fun(); + } + + native getVersionExecute():int; + + getVersion():Promise{ + let p = new Promise((resolve: (v: int)=> void, reject: (error: BusinessError) + => void) =>{ + let p1 = taskpool.execute((): int => { return new AtManagerInner().getVersionExecute() as int;}); + p1.then((e: NullishType) => { + resolve(e as int); + }).catch((err: BusinessError): void => { + reject(err); + }); + }); + return p; + } + + native getPermissionsStatusExecute( + tokenID: int, permissionList: Array): Array; + + getPermissionsStatus( + tokenID: int, permissionList: Array): Promise>{ + validateTokenAndList(tokenID, permissionList); + let p = new Promise>((resolve: (v: Array) + => void, reject: (error: BusinessError) => void) => { + let p1 = taskpool.execute((): Array => { return new AtManagerInner().getPermissionsStatusExecute(tokenID, + permissionList) as Array;}); + p1.then((e: NullishType) => { + resolve(e as Array); + }).catch((err: BusinessError): void => { + reject(err); + }); + }); + return p; + } + } } \ No newline at end of file diff --git a/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp b/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp index 7f9a763f5a38ded59f13bd9ed74ae8fdd3edd5bf..7f527c13dbe6ba2e2c50db99a0cd1ff842a68e80 100644 --- a/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp +++ b/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp @@ -29,6 +29,7 @@ #include "permission_list_state.h" #include "token_setproc.h" #include "want.h" +#include "ani_utils.h" namespace OHOS { namespace Security { @@ -1309,6 +1310,101 @@ static ani_ref RequestPermissionOnSettingExecute([[maybe_unused]] ani_env* env, return result; } +static bool IsPermissionFlagValid(uint32_t flag) +{ + return (flag == PermissionFlag::PERMISSION_USER_SET) || (flag == PermissionFlag::PERMISSION_USER_FIXED) || + (flag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME); +}; + +static void RevokeUserGrantedPermissionExecute([[maybe_unused]] ani_env* env, [[maybe_unused]] ani_object object, ani_int tokenID,ani_string permissionName,ani_int permissionFlags) +{ + ACCESSTOKEN_LOG_INFO(LABEL,"RevokeUserGrantedPermission begin."); + if (env == nullptr || permissionName == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permissionName or env null"); + return; + } + + std::string permissionname; + if (!AniParseString(env, permissionName, permissionname)) { + BusinessErrorAni::ThrowError(env, STS_ERROR_PARAM_ILLEGAL, + GetParamErrorMsg("permissionname", "string")); + return; + } + PermissionDef def; + + int32_t res = AccessTokenKit::GetDefPermission(permissionname, def); + if (res != RET_SUCCESS) { + int32_t stsCode = BusinessErrorAni::GetStsErrorCode(res); + BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode)); + return; + } + + if (!IsPermissionFlagValid(static_cast (permissionFlags))) { + BusinessErrorAni::ThrowError(env, STSErrorCode::STS_ERROR_PARAM_INVALID, + GetErrorMessage(STSErrorCode::STS_ERROR_PARAM_INVALID)); + return; + } + + if (def.grantMode == USER_GRANT) { + res = AccessTokenKit::RevokePermission(tokenID, permissionname, permissionFlags); + } else { + res = ERR_PERMISSION_NOT_EXIST; + } + + if (res != 0) { + int32_t stsCode = BusinessErrorAni::GetStsErrorCode(res); + BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode)); + } +} + +static ani_int GetVersionExecute([[maybe_unused]] ani_env* env, [[maybe_unused]] ani_object object) +{ + ACCESSTOKEN_LOG_INFO(LABEL,"getVersionExecute begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "env null"); + return -1; + } + + uint32_t version = 0; + int32_t result = AccessTokenKit::GetVersion(version); + if(result != RET_SUCCESS){ + int32_t stsCode = BusinessErrorAni::GetStsErrorCode(result); + BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode)); + return -1; + } + return version; +} + +//static bool ParseInputToGetQueryResult() +//todo +static ani_ref GetPermissionsStatusExecute([[maybe_unused]] ani_env* env, [[maybe_unused]] ani_object object, ani_int tokenID, ani_array_ref permissionList) +{ + ACCESSTOKEN_LOG_INFO(LABEL,"getPermissionsStatusExecute begin."); + if (env == nullptr || permissionList == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permissionList or env null"); + return nullptr; + } + std::vector permissionlist; + if(!AniParseStringArray(env, permissionList, permissionlist)){ + BusinessErrorAni::ThrowError(env, STS_ERROR_PARAM_ILLEGAL, + GetParamErrorMsg("permissions", "Array")); + return nullptr; + } + + // 检查tokenid + if (tokenID == INVALID_TOKENID) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenID"); + return AccessTokenError::ERR_PARAM_INVALID; + } + //入栈(准备权限查询列表) + + //调用AccessTokenKit::GetPermissionsStatus + + return nullptr; +} + + + extern "C" { ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result) { @@ -1353,6 +1449,15 @@ ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result) ani_native_function { "requestPermissionOnSettingExecute", "Lapplication/Context/Context;Lescompat/Array;:Lescompat/Array;", reinterpret_cast(RequestPermissionOnSettingExecute) }, + ani_native_function { "revokeUserGrantedPermissionExecute", + nullptr, + reinterpret_cast(RevokeUserGrantedPermissionExecute) }, + ani_native_function { "getVersionExecute", + nullptr, + reinterpret_cast(GetVersionExecute)}, + ani_native_function { "getPermissionsStatusExecute", + nullptr, + reinterpret_cast(GetPermissionsStatusExecute)}, }; if (ANI_OK != env->Class_BindNativeMethods(cls, claMethods.data(), claMethods.size())) { ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind native methods to %{public}s", className);