1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import android.annotation.AppIdInt; 20 import android.annotation.NonNull; 21 import android.annotation.Nullable; 22 import android.annotation.UserIdInt; 23 import android.content.pm.PackageManager; 24 import android.content.pm.PermissionInfo; 25 import android.permission.PermissionManagerInternal; 26 27 import com.android.server.pm.parsing.pkg.AndroidPackage; 28 29 import java.util.ArrayList; 30 import java.util.List; 31 import java.util.function.Consumer; 32 33 /** 34 * Internal interfaces services. 35 * 36 * TODO: Should be merged into PermissionManagerInternal, but currently uses internal classes. 37 */ 38 public abstract class PermissionManagerServiceInternal extends PermissionManagerInternal { 39 40 /** 41 * Provider for package names. 42 */ 43 public interface PackagesProvider { 44 45 /** 46 * Gets the packages for a given user. 47 * @param userId The user id. 48 * @return The package names. 49 */ getPackages(int userId)50 String[] getPackages(int userId); 51 } 52 53 /** 54 * Provider for package names. 55 */ 56 public interface SyncAdapterPackagesProvider { 57 58 /** 59 * Gets the sync adapter packages for given authority and user. 60 * @param authority The authority. 61 * @param userId The user id. 62 * @return The package names. 63 */ getPackages(String authority, int userId)64 String[] getPackages(String authority, int userId); 65 } 66 67 /** 68 * Provider for default browser 69 */ 70 public interface DefaultBrowserProvider { 71 72 /** 73 * Get the package name of the default browser. 74 * 75 * @param userId the user id 76 * 77 * @return the package name of the default browser, or {@code null} if none 78 */ 79 @Nullable getDefaultBrowser(@serIdInt int userId)80 String getDefaultBrowser(@UserIdInt int userId); 81 82 /** 83 * Set the package name of the default browser. 84 * 85 * @param packageName package name of the default browser, or {@code null} to remove 86 * @param userId the user id 87 * 88 * @return whether the default browser was successfully set. 89 */ setDefaultBrowser(@ullable String packageName, @UserIdInt int userId)90 boolean setDefaultBrowser(@Nullable String packageName, @UserIdInt int userId); 91 92 /** 93 * Set the package name of the default browser asynchronously. 94 * 95 * @param packageName package name of the default browser, or {@code null} to remove 96 * @param userId the user id 97 */ setDefaultBrowserAsync(@ullable String packageName, @UserIdInt int userId)98 void setDefaultBrowserAsync(@Nullable String packageName, @UserIdInt int userId); 99 } 100 101 /** 102 * Provider for default dialer 103 */ 104 public interface DefaultDialerProvider { 105 106 /** 107 * Get the package name of the default dialer. 108 * 109 * @param userId the user id 110 * 111 * @return the package name of the default dialer, or {@code null} if none 112 */ 113 @Nullable getDefaultDialer(@serIdInt int userId)114 String getDefaultDialer(@UserIdInt int userId); 115 } 116 117 /** 118 * Provider for default home 119 */ 120 public interface DefaultHomeProvider { 121 122 /** 123 * Get the package name of the default home. 124 * 125 * @param userId the user id 126 * 127 * @return the package name of the default home, or {@code null} if none 128 */ 129 @Nullable getDefaultHome(@serIdInt int userId)130 String getDefaultHome(@UserIdInt int userId); 131 132 /** 133 * Set the package name of the default home. 134 * 135 * @param packageName package name of the default home, or {@code null} to remove 136 * @param userId the user id 137 * @param callback the callback made after the default home as been updated 138 */ setDefaultHomeAsync(@ullable String packageName, @UserIdInt int userId, @NonNull Consumer<Boolean> callback)139 void setDefaultHomeAsync(@Nullable String packageName, @UserIdInt int userId, 140 @NonNull Consumer<Boolean> callback); 141 } 142 143 /** 144 * Callbacks invoked when interesting actions have been taken on a permission. 145 * <p> 146 * NOTE: The current arguments are merely to support the existing use cases. This 147 * needs to be properly thought out with appropriate arguments for each of the 148 * callback methods. 149 */ 150 public static class PermissionCallback { onGidsChanged(@ppIdInt int appId, @UserIdInt int userId)151 public void onGidsChanged(@AppIdInt int appId, @UserIdInt int userId) { 152 } onPermissionChanged()153 public void onPermissionChanged() { 154 } onPermissionGranted(int uid, @UserIdInt int userId)155 public void onPermissionGranted(int uid, @UserIdInt int userId) { 156 } onInstallPermissionGranted()157 public void onInstallPermissionGranted() { 158 } onPermissionRevoked(int uid, @UserIdInt int userId, String reason)159 public void onPermissionRevoked(int uid, @UserIdInt int userId, String reason) { 160 } onInstallPermissionRevoked()161 public void onInstallPermissionRevoked() { 162 } onPermissionUpdated(@serIdInt int[] updatedUserIds, boolean sync)163 public void onPermissionUpdated(@UserIdInt int[] updatedUserIds, boolean sync) { 164 } onPermissionUpdatedNotifyListener(@serIdInt int[] updatedUserIds, boolean sync, int uid)165 public void onPermissionUpdatedNotifyListener(@UserIdInt int[] updatedUserIds, boolean sync, 166 int uid) { 167 onPermissionUpdated(updatedUserIds, sync); 168 } onPermissionRemoved()169 public void onPermissionRemoved() { 170 } onInstallPermissionUpdated()171 public void onInstallPermissionUpdated() { 172 } onInstallPermissionUpdatedNotifyListener(int uid)173 public void onInstallPermissionUpdatedNotifyListener(int uid) { 174 onInstallPermissionUpdated(); 175 } 176 } 177 systemReady()178 public abstract void systemReady(); 179 isPermissionsReviewRequired(@onNull AndroidPackage pkg, @UserIdInt int userId)180 public abstract boolean isPermissionsReviewRequired(@NonNull AndroidPackage pkg, 181 @UserIdInt int userId); 182 grantRequestedRuntimePermissions( @onNull AndroidPackage pkg, @NonNull int[] userIds, @NonNull String[] grantedPermissions, int callingUid)183 public abstract void grantRequestedRuntimePermissions( 184 @NonNull AndroidPackage pkg, @NonNull int[] userIds, 185 @NonNull String[] grantedPermissions, int callingUid); setWhitelistedRestrictedPermissions( @onNull AndroidPackage pkg, @NonNull int[] userIds, @NonNull List<String> permissions, int callingUid, @PackageManager.PermissionWhitelistFlags int whitelistFlags)186 public abstract void setWhitelistedRestrictedPermissions( 187 @NonNull AndroidPackage pkg, @NonNull int[] userIds, 188 @NonNull List<String> permissions, int callingUid, 189 @PackageManager.PermissionWhitelistFlags int whitelistFlags); 190 /** Sets the whitelisted, restricted permissions for the given package. */ setWhitelistedRestrictedPermissions( @onNull String packageName, @NonNull List<String> permissions, @PackageManager.PermissionWhitelistFlags int flags, int userId)191 public abstract void setWhitelistedRestrictedPermissions( 192 @NonNull String packageName, @NonNull List<String> permissions, 193 @PackageManager.PermissionWhitelistFlags int flags, int userId); setAutoRevokeWhitelisted( @onNull String packageName, boolean whitelisted, int userId)194 public abstract void setAutoRevokeWhitelisted( 195 @NonNull String packageName, boolean whitelisted, int userId); 196 197 /** 198 * Update permissions when a package changed. 199 * 200 * <p><ol> 201 * <li>Reconsider the ownership of permission</li> 202 * <li>Update the state (grant, flags) of the permissions</li> 203 * </ol> 204 * 205 * @param packageName The package that is updated 206 * @param pkg The package that is updated, or {@code null} if package is deleted 207 * @param allPackages All currently known packages 208 * @param callback Callback to call after permission changes 209 */ updatePermissions(@onNull String packageName, @Nullable AndroidPackage pkg)210 public abstract void updatePermissions(@NonNull String packageName, 211 @Nullable AndroidPackage pkg); 212 213 /** 214 * Update all permissions for all apps. 215 * 216 * <p><ol> 217 * <li>Reconsider the ownership of permission</li> 218 * <li>Update the state (grant, flags) of the permissions</li> 219 * </ol> 220 * 221 * @param volumeUuid The volume of the packages to be updated, {@code null} for all volumes 222 * @param allPackages All currently known packages 223 * @param callback Callback to call after permission changes 224 */ updateAllPermissions(@ullable String volumeUuid, boolean sdkUpdate)225 public abstract void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdate); 226 227 /** 228 * Resets any user permission state changes (eg. permissions and flags) of all 229 * packages installed for the given user. 230 * 231 * @see #resetRuntimePermissions(AndroidPackage, int) 232 */ resetAllRuntimePermissions(@serIdInt int userId)233 public abstract void resetAllRuntimePermissions(@UserIdInt int userId); 234 235 /** 236 * Resets any user permission state changes (eg. permissions and flags) of the 237 * specified package for the given user. 238 */ resetRuntimePermissions(@onNull AndroidPackage pkg, @UserIdInt int userId)239 public abstract void resetRuntimePermissions(@NonNull AndroidPackage pkg, 240 @UserIdInt int userId); 241 242 /** 243 * We might auto-grant permissions if any permission of the group is already granted. Hence if 244 * the group of a granted permission changes we need to revoke it to avoid having permissions of 245 * the new group auto-granted. 246 * 247 * @param newPackage The new package that was installed 248 * @param oldPackage The old package that was updated 249 * @param allPackageNames All packages 250 */ revokeRuntimePermissionsIfGroupChanged( @onNull AndroidPackage newPackage, @NonNull AndroidPackage oldPackage, @NonNull ArrayList<String> allPackageNames)251 public abstract void revokeRuntimePermissionsIfGroupChanged( 252 @NonNull AndroidPackage newPackage, 253 @NonNull AndroidPackage oldPackage, 254 @NonNull ArrayList<String> allPackageNames); 255 256 /** 257 * Some permissions might have been owned by a non-system package, and the system then defined 258 * said permission. Some other permissions may one have been install permissions, but are now 259 * runtime or higher. These permissions should be revoked. 260 * 261 * @param permissionsToRevoke A list of permission names to revoke 262 * @param allPackageNames All packages 263 */ revokeRuntimePermissionsIfPermissionDefinitionChanged( @onNull List<String> permissionsToRevoke, @NonNull ArrayList<String> allPackageNames)264 public abstract void revokeRuntimePermissionsIfPermissionDefinitionChanged( 265 @NonNull List<String> permissionsToRevoke, 266 @NonNull ArrayList<String> allPackageNames); 267 268 /** 269 * If the app is updated, and has scoped storage permissions, then it is possible that the 270 * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions. 271 * @param newPackage The new package that was installed 272 * @param oldPackage The old package that was updated 273 */ revokeStoragePermissionsIfScopeExpanded( @onNull AndroidPackage newPackage, @NonNull AndroidPackage oldPackage )274 public abstract void revokeStoragePermissionsIfScopeExpanded( 275 @NonNull AndroidPackage newPackage, 276 @NonNull AndroidPackage oldPackage 277 ); 278 279 /** 280 * Add all permissions in the given package. 281 * <p> 282 * NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to 283 * the permission settings. 284 * 285 * @return A list of BasePermissions that were updated, and need to be revoked from packages 286 */ addAllPermissions(@onNull AndroidPackage pkg, boolean chatty)287 public abstract List<String> addAllPermissions(@NonNull AndroidPackage pkg, boolean chatty); addAllPermissionGroups(@onNull AndroidPackage pkg, boolean chatty)288 public abstract void addAllPermissionGroups(@NonNull AndroidPackage pkg, boolean chatty); removeAllPermissions(@onNull AndroidPackage pkg, boolean chatty)289 public abstract void removeAllPermissions(@NonNull AndroidPackage pkg, boolean chatty); 290 291 /** Retrieve the packages that have requested the given app op permission */ getAppOpPermissionPackages( @onNull String permName, int callingUid)292 public abstract @Nullable String[] getAppOpPermissionPackages( 293 @NonNull String permName, int callingUid); 294 295 /** 296 * Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS 297 * or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller. 298 * @param checkShell whether to prevent shell from access if there's a debugging restriction 299 * @param message the message to log on security exception 300 */ enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, boolean checkShell, @NonNull String message)301 public abstract void enforceCrossUserPermission(int callingUid, int userId, 302 boolean requireFullPermission, boolean checkShell, @NonNull String message); 303 304 /** 305 * Similar to {@link #enforceCrossUserPermission(int, int, boolean, boolean, String)} 306 * but also allows INTERACT_ACROSS_PROFILES permission if calling user and {@code userId} are 307 * in the same profile group. 308 */ enforceCrossUserOrProfilePermission(int callingUid, int userId, boolean requireFullPermission, boolean checkShell, @NonNull String message)309 public abstract void enforceCrossUserOrProfilePermission(int callingUid, int userId, 310 boolean requireFullPermission, boolean checkShell, @NonNull String message); 311 312 /** 313 * @see #enforceCrossUserPermission(int, int, boolean, boolean, String) 314 * @param requirePermissionWhenSameUser When {@code true}, still require the cross user 315 * permission to be held even if the callingUid and userId reference the same user. 316 */ enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, boolean checkShell, boolean requirePermissionWhenSameUser, @NonNull String message)317 public abstract void enforceCrossUserPermission(int callingUid, int userId, 318 boolean requireFullPermission, boolean checkShell, 319 boolean requirePermissionWhenSameUser, @NonNull String message); enforceGrantRevokeRuntimePermissionPermissions(@onNull String message)320 public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message); 321 getPermissionSettings()322 public abstract @NonNull PermissionSettings getPermissionSettings(); 323 324 /** Grants default browser permissions to the given package */ grantDefaultPermissionsToDefaultBrowser( @onNull String packageName, @UserIdInt int userId)325 public abstract void grantDefaultPermissionsToDefaultBrowser( 326 @NonNull String packageName, @UserIdInt int userId); 327 328 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ getPermissionTEMP(@onNull String permName)329 public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName); 330 331 /** Get all permissions that have a certain protection */ getAllPermissionsWithProtection( @ermissionInfo.Protection int protection)332 public abstract @NonNull ArrayList<PermissionInfo> getAllPermissionsWithProtection( 333 @PermissionInfo.Protection int protection); 334 335 /** Get all permissions that have certain protection flags */ getAllPermissionsWithProtectionFlags( @ermissionInfo.ProtectionFlags int protectionFlags)336 public abstract @NonNull ArrayList<PermissionInfo> getAllPermissionsWithProtectionFlags( 337 @PermissionInfo.ProtectionFlags int protectionFlags); 338 339 /** 340 * Returns the delegate used to influence permission checking. 341 * 342 * @return The delegate instance. 343 */ getCheckPermissionDelegate()344 public abstract @Nullable CheckPermissionDelegate getCheckPermissionDelegate(); 345 346 /** 347 * Sets the delegate used to influence permission checking. 348 * 349 * @param delegate A delegate instance or {@code null} to clear. 350 */ setCheckPermissionDelegate(@ullable CheckPermissionDelegate delegate)351 public abstract void setCheckPermissionDelegate(@Nullable CheckPermissionDelegate delegate); 352 353 /** 354 * Sets the dialer application packages provider. 355 * @param provider The provider. 356 */ setDialerAppPackagesProvider(PackagesProvider provider)357 public abstract void setDialerAppPackagesProvider(PackagesProvider provider); 358 359 /** 360 * Set the location extra packages provider. 361 * @param provider The packages provider. 362 */ setLocationExtraPackagesProvider(PackagesProvider provider)363 public abstract void setLocationExtraPackagesProvider(PackagesProvider provider); 364 365 /** 366 * Sets the location provider packages provider. 367 * @param provider The packages provider. 368 */ setLocationPackagesProvider(PackagesProvider provider)369 public abstract void setLocationPackagesProvider(PackagesProvider provider); 370 371 /** 372 * Sets the SIM call manager packages provider. 373 * @param provider The provider. 374 */ setSimCallManagerPackagesProvider(PackagesProvider provider)375 public abstract void setSimCallManagerPackagesProvider(PackagesProvider provider); 376 377 /** 378 * Sets the SMS application packages provider. 379 * @param provider The provider. 380 */ setSmsAppPackagesProvider(PackagesProvider provider)381 public abstract void setSmsAppPackagesProvider(PackagesProvider provider); 382 383 /** 384 * Sets the sync adapter packages provider. 385 * @param provider The provider. 386 */ setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider)387 public abstract void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider); 388 389 /** 390 * Sets the Use Open Wifi packages provider. 391 * @param provider The packages provider. 392 */ setUseOpenWifiAppPackagesProvider(PackagesProvider provider)393 public abstract void setUseOpenWifiAppPackagesProvider(PackagesProvider provider); 394 395 /** 396 * Sets the voice interaction packages provider. 397 * @param provider The packages provider. 398 */ setVoiceInteractionPackagesProvider(PackagesProvider provider)399 public abstract void setVoiceInteractionPackagesProvider(PackagesProvider provider); 400 401 /** 402 * Sets the default browser provider. 403 * 404 * @param provider the provider 405 */ setDefaultBrowserProvider(@onNull DefaultBrowserProvider provider)406 public abstract void setDefaultBrowserProvider(@NonNull DefaultBrowserProvider provider); 407 408 /** 409 * Sets the package name of the default browser provider for the given user. 410 * 411 * @param packageName The package name of the default browser or {@code null} 412 * to clear the default browser 413 * @param async If {@code true}, set the default browser asynchronously, 414 * otherwise set it synchronously 415 * @param doGrant If {@code true} and if {@code packageName} is not {@code null}, 416 * perform default permission grants on the browser, otherwise skip the 417 * default permission grants. 418 * @param userId The user to set the default browser for. 419 */ setDefaultBrowser(@ullable String packageName, boolean async, boolean doGrant, @UserIdInt int userId)420 public abstract void setDefaultBrowser(@Nullable String packageName, boolean async, 421 boolean doGrant, @UserIdInt int userId); 422 423 /** 424 * Sets the default dialer provider. 425 * 426 * @param provider the provider 427 */ setDefaultDialerProvider(@onNull DefaultDialerProvider provider)428 public abstract void setDefaultDialerProvider(@NonNull DefaultDialerProvider provider); 429 430 /** 431 * Sets the default home provider. 432 * 433 * @param provider the provider 434 */ setDefaultHomeProvider(@onNull DefaultHomeProvider provider)435 public abstract void setDefaultHomeProvider(@NonNull DefaultHomeProvider provider); 436 437 /** 438 * Asynchronously sets the package name of the default home provider for the given user. 439 * 440 * @param packageName The package name of the default home or {@code null} 441 * to clear the default browser 442 * @param userId The user to set the default browser for 443 * @param callback Invoked after the default home has been set 444 */ setDefaultHome(@ullable String packageName, @UserIdInt int userId, @NonNull Consumer<Boolean> callback)445 public abstract void setDefaultHome(@Nullable String packageName, @UserIdInt int userId, 446 @NonNull Consumer<Boolean> callback); 447 448 /** 449 * Returns the default browser package name for the given user. 450 */ 451 @Nullable getDefaultBrowser(@serIdInt int userId)452 public abstract String getDefaultBrowser(@UserIdInt int userId); 453 454 /** 455 * Returns the default dialer package name for the given user. 456 */ 457 @Nullable getDefaultDialer(@serIdInt int userId)458 public abstract String getDefaultDialer(@UserIdInt int userId); 459 460 /** 461 * Returns the default home package name for the given user. 462 */ 463 @Nullable getDefaultHome(@serIdInt int userId)464 public abstract String getDefaultHome(@UserIdInt int userId); 465 466 /** 467 * Requests granting of the default permissions to the current default Use Open Wifi app. 468 * @param packageName The default use open wifi package name. 469 * @param userId The user for which to grant the permissions. 470 */ grantDefaultPermissionsToDefaultSimCallManager( @onNull String packageName, @UserIdInt int userId)471 public abstract void grantDefaultPermissionsToDefaultSimCallManager( 472 @NonNull String packageName, @UserIdInt int userId); 473 474 /** 475 * Requests granting of the default permissions to the current default Use Open Wifi app. 476 * @param packageName The default use open wifi package name. 477 * @param userId The user for which to grant the permissions. 478 */ grantDefaultPermissionsToDefaultUseOpenWifiApp( @onNull String packageName, @UserIdInt int userId)479 public abstract void grantDefaultPermissionsToDefaultUseOpenWifiApp( 480 @NonNull String packageName, @UserIdInt int userId); 481 482 /** Called when a new user has been created. */ onNewUserCreated(@serIdInt int userId)483 public abstract void onNewUserCreated(@UserIdInt int userId); 484 485 /** 486 * Removes invalid permissions which are not {@link PermissionInfo#FLAG_HARD_RESTRICTED} or 487 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED} from the input. 488 */ retainHardAndSoftRestrictedPermissions(@onNull List<String> permissions)489 public abstract void retainHardAndSoftRestrictedPermissions(@NonNull List<String> permissions); 490 } 491