diff --git a/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets b/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets index 4b7136accd1b221611c881cee2092d25be949dc3..57573129410174d693aa3622822fae36ab88da76 100644 --- a/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets +++ b/frameworks/ets/ani/accesstoken/ets/@ohos.abilityAccessCtrl.ets @@ -149,6 +149,35 @@ export default namespace abilityAccessCtrl { requestPermissionOnSetting( context: Context, permissionList: Array): Promise>; + + revokeUserGrantedPermissionExecute( + tokenID: int, + permissionName: Permissions, + permissionFlags: int, + ): void; + + revokeUserGrantedPermission( + tokenID: int, + permissionName: Permissions, + permissionFlags: int, + ): Promise; + + revokeUserGrantedPermission( + tokenID: int, + permissionName: Permissions, + permissionFlags: int, + callback: AsyncCallback + ): void; + + getVersionExecute(): int; + + getVersion(): Promise; + + getPermissionsStatusExecute( + tokenID: int, permissionList: Array): Array; + + getPermissionsStatus( + tokenID: int, permissionList: Array): Promise>; } class AtManagerInner implements AtManager { @@ -258,5 +287,68 @@ export default namespace abilityAccessCtrl { }); return p; } - } + + native revokeUserGrantedPermissionExecute(tokenID: int, permissionName: Permissions, + permissionFlags: int): void; + + revokeUserGrantedPermission(tokenID: int, permissionName: Permissions, permissionFlags: int): Promise { + return new Promise( + (resolve: (v: undefined) => void, reject: (error: BusinessError) => void): void => { + let p = taskpool.execute((): void => { + new AtManagerInner().revokeUserGrantedPermissionExecute(tokenID, permissionName, permissionFlags); + }); + p.then((e: NullishType): void => { + resolve(undefined); + }).catch((err: BusinessError): void => { + reject(err); + }) + }); + } + + revokeUserGrantedPermission(tokenID: int, permissionName: Permissions, + permissionFlags: int, callback: AsyncCallback): void { + let job = taskpool.execute((): void => { + new AtManagerInner().revokeUserGrantedPermissionExecute(tokenID, permissionName, permissionFlags); + }); + job.then(()=>{ + let err = new BusinessError(); + callback(err, undefined); + }, (err: BusinessError): void=> { + callback(err, undefined); + }) + } + + native getVersionExecute(): int; + + getVersion(): Promise{ + let p = new Promise((resolve: (v: int)=> void, reject: (error: BusinessError) + => void) =>{ + let p1 = taskpool.execute((): int => { return new AtManagerInner().getVersionExecute() as int;}); + p1.then((e: NullishType) => { + resolve(e as int); + }).catch((err: BusinessError): void => { + reject(err); + }); + }); + return p; + } + + native getPermissionsStatusExecute( + tokenID: int, permissionList: Array): Array; + + getPermissionsStatus( + tokenID: int, permissionList: Array): Promise> { + let p = new Promise>((resolve: (v: Array) + => void, reject: (error: BusinessError) => void) => { + let p1 = taskpool.execute((): Array => { return new AtManagerInner().getPermissionsStatusExecute(tokenID, + permissionList) as Array;}); + p1.then((e: NullishType) => { + resolve(e as Array); + }).catch((err: BusinessError): void => { + reject(err); + }); + }); + return p; + } + } } \ No newline at end of file diff --git a/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp b/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp index 7f9a763f5a38ded59f13bd9ed74ae8fdd3edd5bf..53c129ad10d3304535400dfffbf659a592a68c02 100644 --- a/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp +++ b/frameworks/ets/ani/accesstoken/src/ability_access_ctrl.cpp @@ -24,9 +24,11 @@ #include "accesstoken_log.h" #include "ani_base_context.h" #include "ani_error.h" +#include "ani_utils.h" #include "hisysevent.h" #include "parameter.h" #include "permission_list_state.h" +#include "permission_map.h" #include "token_setproc.h" #include "want.h" @@ -1309,6 +1311,113 @@ static ani_ref RequestPermissionOnSettingExecute([[maybe_unused]] ani_env* env, return result; } +static bool IsPermissionFlagValid(uint32_t flag) +{ + return (flag == PermissionFlag::PERMISSION_USER_SET) || (flag == PermissionFlag::PERMISSION_USER_FIXED) || + (flag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME); +}; + +static void RevokeUserGrantedPermissionExecute([[maybe_unused]] ani_env* env, + [[maybe_unused]] ani_object object, ani_int tokenID, ani_string permissionName, ani_int permissionFlags) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "RevokeUserGrantedPermission begin."); + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "env null."); + return; + } + + std::string permissionNameString; + if (!AniParseString(env, permissionName, permissionNameString)) { + BusinessErrorAni::ThrowParameterTypeError(env, STS_ERROR_PARAM_ILLEGAL, + GetParamErrorMsg("permissionName", "Permissions")); + return; + } + + if (!IsPermissionFlagValid(static_cast (permissionFlags))) { + BusinessErrorAni::ThrowError(env, STSErrorCode::STS_ERROR_PARAM_INVALID, + GetErrorMessage(STSErrorCode::STS_ERROR_PARAM_INVALID)); + return; + } + + if (permissionNameString.size() > MAX_LENGTH || permissionNameString.empty()) { + BusinessErrorAni::ThrowError(env, STSErrorCode::STS_ERROR_PARAM_INVALID, + GetErrorMessage(STSErrorCode::STS_ERROR_PARAM_INVALID)); + return; + } + PermissionBriefDef def; + if (!GetPermissionBriefDef(permissionNameString, def) || def.grantMode != USER_GRANT) { + BusinessErrorAni::ThrowError(env, STSErrorCode::STS_ERROR_PERMISSION_NOT_EXIST, GetErrorMessage(STSErrorCode::STS_ERROR_PERMISSION_NOT_EXIST)); + return; + } + + int32_t ret = AccessTokenKit::RevokePermission(tokenID, permissionNameString, permissionFlags); + if (ret != RET_SUCCESS) { + int32_t stsCode = BusinessErrorAni::GetStsErrorCode(ret); + BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode)); + } +} + +static ani_int GetVersionExecute([[maybe_unused]] ani_env* env, [[maybe_unused]] ani_object object) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "getVersionExecute begin."); + uint32_t version = -1; + if (env == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "env null"); + return version; + } + + int32_t result = AccessTokenKit::GetVersion(version); + if (result != RET_SUCCESS) { + int32_t stsCode = BusinessErrorAni::GetStsErrorCode(result); + BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode)); + return version; + } + return version; +} + +static ani_ref GetPermissionsStatusExecute([[maybe_unused]] ani_env* env, + [[maybe_unused]] ani_object object, ani_int tokenID, ani_array_ref permissionList) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetPermissionsStatusExecute begin."); + if ((env == nullptr) || (permissionList == nullptr)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "permissionList or env null."); + return nullptr; + } + std::vector aniPermissionList; + if (!AniParseStringArray(env, permissionList, aniPermissionList)) { + BusinessErrorAni::ThrowParameterTypeError(env, STSErrorCode::STS_ERROR_PARAM_ILLEGAL, + GetParamErrorMsg("permissionList", "Array")); + return nullptr; + } + + if (aniPermissionList.empty()) { + BusinessErrorAni::ThrowError(env, STS_ERROR_INNER, GetErrorMessage(STS_ERROR_INNER)); + return nullptr; + } + + std::vector permList; + for (const auto& permission : aniPermissionList) { + PermissionListState permState; + permState.permissionName = permission; + permState.state = INVALID_OPER; + permList.emplace_back(permState); + } + + int32_t result = RET_SUCCESS; + std::vector permissionQueryResults; + result = AccessTokenKit::GetPermissionsStatus(tokenID, permList); + if (result != RET_SUCCESS) { + int32_t stsCode = BusinessErrorAni::GetStsErrorCode(result); + BusinessErrorAni::ThrowError(env, stsCode, GetErrorMessage(stsCode)); + return nullptr; + } + for (const auto& permState : permList) { + permissionQueryResults.emplace_back(permState.state); + } + + return ConvertAniArrayInt(env, permissionQueryResults); +} + extern "C" { ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result) { @@ -1353,6 +1462,15 @@ ANI_EXPORT ani_status ANI_Constructor(ani_vm* vm, uint32_t* result) ani_native_function { "requestPermissionOnSettingExecute", "Lapplication/Context/Context;Lescompat/Array;:Lescompat/Array;", reinterpret_cast(RequestPermissionOnSettingExecute) }, + ani_native_function { "revokeUserGrantedPermissionExecute", + nullptr, + reinterpret_cast(RevokeUserGrantedPermissionExecute) }, + ani_native_function { "getVersionExecute", + nullptr, + reinterpret_cast(GetVersionExecute) }, + ani_native_function { "getPermissionsStatusExecute", + nullptr, + reinterpret_cast(GetPermissionsStatusExecute) }, }; if (ANI_OK != env->Class_BindNativeMethods(cls, claMethods.data(), claMethods.size())) { ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind native methods to %{public}s", className);