1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.annotation.UserIdInt; 22 import android.content.pm.PackageManager; 23 import android.content.pm.PackageManager.PermissionInfoFlags; 24 import android.content.pm.PackageParser; 25 import android.content.pm.PermissionGroupInfo; 26 import android.content.pm.PermissionInfo; 27 import android.permission.PermissionManagerInternal; 28 29 import java.util.ArrayList; 30 import java.util.Collection; 31 import java.util.List; 32 33 /** 34 * Internal interfaces services. 35 * 36 * TODO: Should be merged into PermissionManagerInternal, but currently uses internal classes. 37 */ 38 public abstract class PermissionManagerServiceInternal extends PermissionManagerInternal { 39 /** 40 * Callbacks invoked when interesting actions have been taken on a permission. 41 * <p> 42 * NOTE: The current arguments are merely to support the existing use cases. This 43 * needs to be properly thought out with appropriate arguments for each of the 44 * callback methods. 45 */ 46 public static class PermissionCallback { onGidsChanged(int appId, int userId)47 public void onGidsChanged(int appId, int userId) { 48 } onPermissionChanged()49 public void onPermissionChanged() { 50 } onPermissionGranted(int uid, int userId)51 public void onPermissionGranted(int uid, int userId) { 52 } onInstallPermissionGranted()53 public void onInstallPermissionGranted() { 54 } onPermissionRevoked(int uid, int userId)55 public void onPermissionRevoked(int uid, int userId) { 56 } onInstallPermissionRevoked()57 public void onInstallPermissionRevoked() { 58 } onPermissionUpdated(int[] updatedUserIds, boolean sync)59 public void onPermissionUpdated(int[] updatedUserIds, boolean sync) { 60 } onPermissionRemoved()61 public void onPermissionRemoved() { 62 } onInstallPermissionUpdated()63 public void onInstallPermissionUpdated() { 64 } 65 } 66 systemReady()67 public abstract void systemReady(); 68 isPermissionsReviewRequired(@onNull PackageParser.Package pkg, @UserIdInt int userId)69 public abstract boolean isPermissionsReviewRequired(@NonNull PackageParser.Package pkg, 70 @UserIdInt int userId); 71 grantRuntimePermission( @onNull String permName, @NonNull String packageName, boolean overridePolicy, int callingUid, int userId, @Nullable PermissionCallback callback)72 public abstract void grantRuntimePermission( 73 @NonNull String permName, @NonNull String packageName, boolean overridePolicy, 74 int callingUid, int userId, @Nullable PermissionCallback callback); grantRuntimePermissionsGrantedToDisabledPackage( @onNull PackageParser.Package pkg, int callingUid, @Nullable PermissionCallback callback)75 public abstract void grantRuntimePermissionsGrantedToDisabledPackage( 76 @NonNull PackageParser.Package pkg, int callingUid, 77 @Nullable PermissionCallback callback); grantRequestedRuntimePermissions( @onNull PackageParser.Package pkg, @NonNull int[] userIds, @NonNull String[] grantedPermissions, int callingUid, @Nullable PermissionCallback callback)78 public abstract void grantRequestedRuntimePermissions( 79 @NonNull PackageParser.Package pkg, @NonNull int[] userIds, 80 @NonNull String[] grantedPermissions, int callingUid, 81 @Nullable PermissionCallback callback); getWhitelistedRestrictedPermissions( @onNull PackageParser.Package pkg, @PackageManager.PermissionWhitelistFlags int whitelistFlags, int userId)82 public abstract @Nullable List<String> getWhitelistedRestrictedPermissions( 83 @NonNull PackageParser.Package pkg, 84 @PackageManager.PermissionWhitelistFlags int whitelistFlags, int userId); setWhitelistedRestrictedPermissions( @onNull PackageParser.Package pkg, @NonNull int[] userIds, @NonNull List<String> permissions, int callingUid, @PackageManager.PermissionWhitelistFlags int whitelistFlags, @Nullable PermissionCallback callback)85 public abstract void setWhitelistedRestrictedPermissions( 86 @NonNull PackageParser.Package pkg, @NonNull int[] userIds, 87 @NonNull List<String> permissions, int callingUid, 88 @PackageManager.PermissionWhitelistFlags int whitelistFlags, 89 @Nullable PermissionCallback callback); revokeRuntimePermission(@onNull String permName, @NonNull String packageName, boolean overridePolicy, int userId, @Nullable PermissionCallback callback)90 public abstract void revokeRuntimePermission(@NonNull String permName, 91 @NonNull String packageName, boolean overridePolicy, int userId, 92 @Nullable PermissionCallback callback); 93 updatePermissions(@ullable String packageName, @Nullable PackageParser.Package pkg, boolean replaceGrant, @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback)94 public abstract void updatePermissions(@Nullable String packageName, 95 @Nullable PackageParser.Package pkg, boolean replaceGrant, 96 @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback); updateAllPermissions(@ullable String volumeUuid, boolean sdkUpdate, @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback)97 public abstract void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdate, 98 @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback); 99 100 /** 101 * We might auto-grant permissions if any permission of the group is already granted. Hence if 102 * the group of a granted permission changes we need to revoke it to avoid having permissions of 103 * the new group auto-granted. 104 * 105 * @param newPackage The new package that was installed 106 * @param oldPackage The old package that was updated 107 * @param allPackageNames All packages 108 * @param permissionCallback Callback for permission changed 109 */ revokeRuntimePermissionsIfGroupChanged( @onNull PackageParser.Package newPackage, @NonNull PackageParser.Package oldPackage, @NonNull ArrayList<String> allPackageNames, @NonNull PermissionCallback permissionCallback)110 public abstract void revokeRuntimePermissionsIfGroupChanged( 111 @NonNull PackageParser.Package newPackage, 112 @NonNull PackageParser.Package oldPackage, 113 @NonNull ArrayList<String> allPackageNames, 114 @NonNull PermissionCallback permissionCallback); 115 116 /** 117 * Add all permissions in the given package. 118 * <p> 119 * NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to 120 * the permission settings. 121 */ addAllPermissions(@onNull PackageParser.Package pkg, boolean chatty)122 public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); addAllPermissionGroups(@onNull PackageParser.Package pkg, boolean chatty)123 public abstract void addAllPermissionGroups(@NonNull PackageParser.Package pkg, boolean chatty); removeAllPermissions(@onNull PackageParser.Package pkg, boolean chatty)124 public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); addDynamicPermission(@onNull PermissionInfo info, boolean async, int callingUid, @Nullable PermissionCallback callback)125 public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async, 126 int callingUid, @Nullable PermissionCallback callback); removeDynamicPermission(@onNull String permName, int callingUid, @Nullable PermissionCallback callback)127 public abstract void removeDynamicPermission(@NonNull String permName, int callingUid, 128 @Nullable PermissionCallback callback); 129 getAppOpPermissionPackages(@onNull String permName)130 public abstract @Nullable String[] getAppOpPermissionPackages(@NonNull String permName); 131 getPermissionFlags(@onNull String permName, @NonNull String packageName, int callingUid, int userId)132 public abstract int getPermissionFlags(@NonNull String permName, 133 @NonNull String packageName, int callingUid, int userId); 134 /** 135 * Retrieve all of the information we know about a particular group of permissions. 136 */ getPermissionGroupInfo( @onNull String groupName, int flags, int callingUid)137 public abstract @Nullable PermissionGroupInfo getPermissionGroupInfo( 138 @NonNull String groupName, int flags, int callingUid); 139 /** 140 * Retrieve all of the known permission groups in the system. 141 */ getAllPermissionGroups(int flags, int callingUid)142 public abstract @Nullable List<PermissionGroupInfo> getAllPermissionGroups(int flags, 143 int callingUid); 144 /** 145 * Retrieve all of the information we know about a particular permission. 146 */ getPermissionInfo(@onNull String permName, @NonNull String packageName, @PermissionInfoFlags int flags, int callingUid)147 public abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permName, 148 @NonNull String packageName, @PermissionInfoFlags int flags, int callingUid); 149 /** 150 * Retrieve all of the permissions associated with a particular group. 151 */ getPermissionInfoByGroup(@onNull String group, @PermissionInfoFlags int flags, int callingUid)152 public abstract @Nullable List<PermissionInfo> getPermissionInfoByGroup(@NonNull String group, 153 @PermissionInfoFlags int flags, int callingUid); 154 155 /** 156 * Updates the flags associated with a permission by replacing the flags in 157 * the specified mask with the provided flag values. 158 */ updatePermissionFlags(@onNull String permName, @NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId, boolean overridePolicy, @Nullable PermissionCallback callback)159 public abstract void updatePermissionFlags(@NonNull String permName, 160 @NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId, 161 boolean overridePolicy, @Nullable PermissionCallback callback); 162 /** 163 * Updates the flags for all applications by replacing the flags in the specified mask 164 * with the provided flag values. 165 */ updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages, @Nullable PermissionCallback callback)166 public abstract boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, 167 int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages, 168 @Nullable PermissionCallback callback); 169 checkPermission(@onNull String permName, @NonNull String packageName, int callingUid, int userId)170 public abstract int checkPermission(@NonNull String permName, @NonNull String packageName, 171 int callingUid, int userId); checkUidPermission(@onNull String permName, @Nullable PackageParser.Package pkg, int uid, int callingUid)172 public abstract int checkUidPermission(@NonNull String permName, 173 @Nullable PackageParser.Package pkg, int uid, int callingUid); 174 175 /** 176 * Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS 177 * or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller. 178 * @param checkShell whether to prevent shell from access if there's a debugging restriction 179 * @param message the message to log on security exception 180 */ enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, boolean checkShell, @NonNull String message)181 public abstract void enforceCrossUserPermission(int callingUid, int userId, 182 boolean requireFullPermission, boolean checkShell, @NonNull String message); 183 /** 184 * @see #enforceCrossUserPermission(int, int, boolean, boolean, String) 185 * @param requirePermissionWhenSameUser When {@code true}, still require the cross user 186 * permission to be held even if the callingUid and userId reference the same user. 187 */ enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, boolean checkShell, boolean requirePermissionWhenSameUser, @NonNull String message)188 public abstract void enforceCrossUserPermission(int callingUid, int userId, 189 boolean requireFullPermission, boolean checkShell, 190 boolean requirePermissionWhenSameUser, @NonNull String message); enforceGrantRevokeRuntimePermissionPermissions(@onNull String message)191 public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message); 192 getPermissionSettings()193 public abstract @NonNull PermissionSettings getPermissionSettings(); getDefaultPermissionGrantPolicy()194 public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy(); 195 196 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ getPermissionTEMP(@onNull String permName)197 public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName); 198 199 /** Get all permission that have a certain protection level */ getAllPermissionWithProtectionLevel( @ermissionInfo.Protection int protectionLevel)200 public abstract @NonNull ArrayList<PermissionInfo> getAllPermissionWithProtectionLevel( 201 @PermissionInfo.Protection int protectionLevel); 202 } 203