1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import android.annotation.AppIdInt; 20 import android.annotation.NonNull; 21 import android.annotation.Nullable; 22 import android.annotation.UserIdInt; 23 import android.content.pm.PackageManager; 24 import android.content.pm.PermissionGroupInfo; 25 import android.content.pm.PermissionInfo; 26 import android.content.pm.permission.SplitPermissionInfoParcelable; 27 import android.permission.IOnPermissionsChangeListener; 28 import android.permission.PermissionManagerInternal; 29 30 import com.android.server.pm.parsing.pkg.AndroidPackage; 31 32 import java.io.FileDescriptor; 33 import java.io.PrintWriter; 34 import java.util.ArrayList; 35 import java.util.List; 36 import java.util.Map; 37 import java.util.Set; 38 39 /** 40 * Interface for managing all permissions and handling permissions related tasks. 41 */ 42 public interface PermissionManagerServiceInterface extends PermissionManagerInternal { 43 /** 44 * Dump. 45 */ dump(FileDescriptor fd, PrintWriter pw, String[] args)46 void dump(FileDescriptor fd, PrintWriter pw, String[] args); 47 48 /** 49 * Retrieve all of the known permission groups in the system. 50 * 51 * @param flags additional option flags to modify the data returned 52 * @return a list of {@link PermissionGroupInfo} containing information about all of the known 53 * permission groups 54 */ getAllPermissionGroups( @ackageManager.PermissionGroupInfoFlags int flags)55 List<PermissionGroupInfo> getAllPermissionGroups( 56 @PackageManager.PermissionGroupInfoFlags int flags); 57 58 /** 59 * Retrieve all of the information we know about a particular group of permissions. 60 * 61 * @param groupName the fully qualified name (e.g. com.android.permission_group.APPS) of the 62 * permission you are interested in 63 * @param flags additional option flags to modify the data returned 64 * @return a {@link PermissionGroupInfo} containing information about the permission, or 65 * {@code null} if not found 66 */ getPermissionGroupInfo(String groupName, @PackageManager.PermissionGroupInfoFlags int flags)67 PermissionGroupInfo getPermissionGroupInfo(String groupName, 68 @PackageManager.PermissionGroupInfoFlags int flags); 69 70 /** 71 * Retrieve all of the information we know about a particular permission. 72 * 73 * @param permName the fully qualified name (e.g. com.android.permission.LOGIN) of the 74 * permission you are interested in 75 * @param flags additional option flags to modify the data returned 76 * @return a {@link PermissionInfo} containing information about the permission, or {@code null} 77 * if not found 78 */ getPermissionInfo(@onNull String permName, @NonNull String opPackageName, @PackageManager.PermissionInfoFlags int flags)79 PermissionInfo getPermissionInfo(@NonNull String permName, @NonNull String opPackageName, 80 @PackageManager.PermissionInfoFlags int flags); 81 82 /** 83 * Query for all of the permissions associated with a particular group. 84 * 85 * @param groupName the fully qualified name (e.g. com.android.permission.LOGIN) of the 86 * permission group you are interested in. Use {@code null} to find all of the 87 * permissions not associated with a group 88 * @param flags additional option flags to modify the data returned 89 * @return a list of {@link PermissionInfo} containing information about all of the permissions 90 * in the given group, or {@code null} if the group is not found 91 */ queryPermissionsByGroup(String groupName, @PackageManager.PermissionInfoFlags int flags)92 List<PermissionInfo> queryPermissionsByGroup(String groupName, 93 @PackageManager.PermissionInfoFlags int flags); 94 95 /** 96 * Add a new dynamic permission to the system. For this to work, your package must have defined 97 * a permission tree through the 98 * {@link android.R.styleable#AndroidManifestPermissionTree <permission-tree>} tag in its 99 * manifest. A package can only add permissions to trees that were defined by either its own 100 * package or another with the same user id; a permission is in a tree if it matches the name of 101 * the permission tree + ".": for example, "com.foo.bar" is a member of the permission tree 102 * "com.foo". 103 * <p> 104 * It is good to make your permission tree name descriptive, because you are taking possession 105 * of that entire set of permission names. Thus, it must be under a domain you control, with a 106 * suffix that will not match any normal permissions that may be declared in any applications 107 * that are part of that domain. 108 * <p> 109 * New permissions must be added before any .apks are installed that use those permissions. 110 * Permissions you add through this method are remembered across reboots of the device. If the 111 * given permission already exists, the info you supply here will be used to update it. 112 * 113 * @param info description of the permission to be added 114 * @param async whether the persistence of the permission should be asynchronous, allowing it to 115 * return quicker and batch a series of adds, at the expense of no guarantee the 116 * added permission will be retained if the device is rebooted before it is 117 * written. 118 * @return {@code true} if a new permission was created, {@code false} if an existing one was 119 * updated 120 * @throws SecurityException if you are not allowed to add the given permission name 121 * 122 * @see #removePermission(String) 123 */ addPermission(PermissionInfo info, boolean async)124 boolean addPermission(PermissionInfo info, boolean async); 125 126 /** 127 * Removes a permission that was previously added with 128 * {@link #addPermission(PermissionInfo, boolean)}. The same ownership rules apply -- you are 129 * only allowed to remove permissions that you are allowed to add. 130 * 131 * @param permName the name of the permission to remove 132 * @throws SecurityException if you are not allowed to remove the given permission name 133 * 134 * @see #addPermission(PermissionInfo, boolean) 135 */ removePermission(String permName)136 void removePermission(String permName); 137 138 /** 139 * Gets the state flags associated with a permission. 140 * 141 * @param packageName the package name for which to get the flags 142 * @param permName the permission for which to get the flags 143 * @param userId the user for which to get permission flags 144 * @return the permission flags 145 */ getPermissionFlags(String packageName, String permName, int userId)146 int getPermissionFlags(String packageName, String permName, int userId); 147 148 /** 149 * Updates the flags associated with a permission by replacing the flags in the specified mask 150 * with the provided flag values. 151 * 152 * @param packageName The package name for which to update the flags 153 * @param permName The permission for which to update the flags 154 * @param flagMask The flags which to replace 155 * @param flagValues The flags with which to replace 156 * @param userId The user for which to update the permission flags 157 */ updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int userId)158 void updatePermissionFlags(String packageName, String permName, int flagMask, 159 int flagValues, boolean checkAdjustPolicyFlagPermission, int userId); 160 161 /** 162 * Update the permission flags for all packages and runtime permissions of a user in order 163 * to allow device or profile owner to remove POLICY_FIXED. 164 */ updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId)165 void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId); 166 167 /** 168 * TODO: theianchen We should get rid of the IBinder interface which is an implementation detail 169 * 170 * Add a listener for permission changes for installed packages. 171 * @param listener the listener to add 172 */ addOnPermissionsChangeListener(IOnPermissionsChangeListener listener)173 void addOnPermissionsChangeListener(IOnPermissionsChangeListener listener); 174 175 /** 176 * Remove a listener for permission changes for installed packages. 177 * @param listener the listener to remove 178 */ removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener)179 void removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener); 180 181 /** 182 * addAllowlistedRestrictedPermission. TODO: theianchen add doc 183 */ addAllowlistedRestrictedPermission(@onNull String packageName, @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)184 boolean addAllowlistedRestrictedPermission(@NonNull String packageName, 185 @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, 186 @UserIdInt int userId); 187 188 /** 189 * Gets the restricted permissions that have been allowlisted and the app is allowed to have 190 * them granted in their full form. 191 * <p> 192 * Permissions can be hard restricted which means that the app cannot hold them or soft 193 * restricted where the app can hold the permission but in a weaker form. Whether a permission 194 * is {@link PermissionInfo#FLAG_HARD_RESTRICTED hard restricted} or 195 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED soft restricted} depends on the permission 196 * declaration. Allowlisting a hard restricted permission allows for the to hold that permission 197 * and allowlisting a soft restricted permission allows the app to hold the permission in its 198 * full, unrestricted form. 199 * <p> 200 * There are four allowlists: 201 * <ol> 202 * <li> 203 * One for cases where the system permission policy allowlists a permission. This list 204 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM} flag. Can only be 205 * accessed by pre-installed holders of a dedicated permission. 206 * <li> 207 * One for cases where the system allowlists the permission when upgrading from an OS version in 208 * which the permission was not restricted to an OS version in which the permission is 209 * restricted. This list corresponds to the 210 * {@link PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be accessed by 211 * pre-installed holders of a dedicated permission or the installer on record. 212 * <li> 213 * One for cases where the installer of the package allowlists a permission. This list 214 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER} flag. Can be 215 * accessed by pre-installed holders of a dedicated permission or the installer on record. 216 * </ol> 217 * 218 * @param packageName the app for which to get allowlisted permissions 219 * @param flags the flag to determine which allowlist to query. Only one flag can be 220 * passed. 221 * @return the allowlisted permissions that are on any of the allowlists you query for 222 * @throws SecurityException if you try to access a allowlist that you have no access to 223 * 224 * @see #addAllowlistedRestrictedPermission(String, String, int) 225 * @see #removeAllowlistedRestrictedPermission(String, String, int) 226 * @see PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM 227 * @see PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE 228 * @see PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER 229 */ getAllowlistedRestrictedPermissions(@onNull String packageName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)230 List<String> getAllowlistedRestrictedPermissions(@NonNull String packageName, 231 @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId); 232 233 /** 234 * Removes a allowlisted restricted permission for an app. 235 * <p> 236 * Permissions can be hard restricted which means that the app cannot hold them or soft 237 * restricted where the app can hold the permission but in a weaker form. Whether a permission 238 * is {@link PermissionInfo#FLAG_HARD_RESTRICTED hard restricted} or 239 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED soft restricted} depends on the permission 240 * declaration. Allowlisting a hard restricted permission allows for the to hold that permission 241 * and allowlisting a soft restricted permission allows the app to hold the permission in its 242 * full, unrestricted form. 243 * <p>There are four allowlists: 244 * <ol> 245 * <li> 246 * One for cases where the system permission policy allowlists a permission. This list 247 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM} flag. Can only be 248 * accessed by pre-installed holders of a dedicated permission. 249 * <li> 250 * One for cases where the system allowlists the permission when upgrading from an OS version in 251 * which the permission was not restricted to an OS version in which the permission is 252 * restricted. This list corresponds to the 253 * {@link PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be accessed by 254 * pre-installed holders of a dedicated permission or the installer on record. 255 * <li> 256 * One for cases where the installer of the package allowlists a permission. This list 257 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER} flag. Can be 258 * accessed by pre-installed holders of a dedicated permission or the installer on record. 259 * </ol> 260 * <p> 261 * You need to specify the allowlists for which to set the allowlisted permissions which will 262 * clear the previous allowlisted permissions and replace them with the provided ones. 263 * 264 * @param packageName the app for which to get allowlisted permissions 265 * @param permName the allowlisted permission to remove 266 * @param flags the allowlists from which to remove. Passing multiple flags updates all 267 * specified allowlists. 268 * @return whether the permission was removed from the allowlist 269 * @throws SecurityException if you try to modify a allowlist that you have no access to. 270 * 271 * @see #getAllowlistedRestrictedPermissions(String, int) 272 * @see #addAllowlistedRestrictedPermission(String, String, int) 273 * @see PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM 274 * @see PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE 275 * @see PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER 276 */ removeAllowlistedRestrictedPermission(@onNull String packageName, @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)277 boolean removeAllowlistedRestrictedPermission(@NonNull String packageName, 278 @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, 279 @UserIdInt int userId); 280 281 /** 282 * Grant a runtime permission to an application which the application does not already have. The 283 * permission must have been requested by the application. If the application is not allowed to 284 * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or 285 * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown. 286 * <p> 287 * <strong>Note: </strong>Using this API requires holding 288 * {@code android.permission.GRANT_RUNTIME_PERMISSIONS} and if the user ID is not the current 289 * user {@code android.permission.INTERACT_ACROSS_USERS_FULL}. 290 * 291 * @param packageName the package to which to grant the permission 292 * @param permName the permission name to grant 293 * @param userId the user for which to grant the permission 294 * 295 * @see #revokeRuntimePermission(String, String, android.os.UserHandle, String) 296 */ grantRuntimePermission(String packageName, String permName, int userId)297 void grantRuntimePermission(String packageName, String permName, int userId); 298 299 /** 300 * Revoke a runtime permission that was previously granted by 301 * {@link #grantRuntimePermission(String, String, android.os.UserHandle)}. The permission must 302 * have been requested by and granted to the application. If the application is not allowed to 303 * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or 304 * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown. 305 * <p> 306 * <strong>Note: </strong>Using this API requires holding 307 * {@code android.permission.REVOKE_RUNTIME_PERMISSIONS} and if the user ID is not the current 308 * user {@code android.permission.INTERACT_ACROSS_USERS_FULL}. 309 * 310 * @param packageName the package from which to revoke the permission 311 * @param permName the permission name to revoke 312 * @param userId the user for which to revoke the permission 313 * @param reason the reason for the revoke, or {@code null} for unspecified 314 * 315 * @see #grantRuntimePermission(String, String, android.os.UserHandle) 316 */ revokeRuntimePermission(String packageName, String permName, int userId, String reason)317 void revokeRuntimePermission(String packageName, String permName, int userId, 318 String reason); 319 320 /** 321 * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE 322 * USED in CTS or local tests. 323 * 324 * @param packageName The package to be revoked 325 * @param userId The user for which to revoke 326 */ revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId)327 void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId); 328 329 /** 330 * Get whether you should show UI with rationale for requesting a permission. You should do this 331 * only if you do not have the permission and the context in which the permission is requested 332 * does not clearly communicate to the user what would be the benefit from grating this 333 * permission. 334 * 335 * @param permName a permission your app wants to request 336 * @return whether you can show permission rationale UI 337 */ shouldShowRequestPermissionRationale(String packageName, String permName, @UserIdInt int userId)338 boolean shouldShowRequestPermissionRationale(String packageName, String permName, 339 @UserIdInt int userId); 340 341 /** 342 * Checks whether a particular permissions has been revoked for a package by policy. Typically 343 * the device owner or the profile owner may apply such a policy. The user cannot grant policy 344 * revoked permissions, hence the only way for an app to get such a permission is by a policy 345 * change. 346 * 347 * @param packageName the name of the package you are checking against 348 * @param permName the name of the permission you are checking for 349 * 350 * @return whether the permission is restricted by policy 351 */ isPermissionRevokedByPolicy(String packageName, String permName, int userId)352 boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId); 353 354 /** 355 * Get set of permissions that have been split into more granular or dependent permissions. 356 * 357 * <p>E.g. before {@link android.os.Build.VERSION_CODES#Q} an app that was granted 358 * {@link Manifest.permission#ACCESS_COARSE_LOCATION} could access the location while it was in 359 * foreground and background. On platforms after {@link android.os.Build.VERSION_CODES#Q} 360 * the location permission only grants location access while the app is in foreground. This 361 * would break apps that target before {@link android.os.Build.VERSION_CODES#Q}. Hence whenever 362 * such an old app asks for a location permission (i.e. the 363 * {@link PermissionManager.SplitPermissionInfo#getSplitPermission()}), then the 364 * {@link Manifest.permission#ACCESS_BACKGROUND_LOCATION} permission (inside 365 * {@link PermissionManager.SplitPermissionInfo#getNewPermissions}) is added. 366 * 367 * <p>Note: Regular apps do not have to worry about this. The platform and permission controller 368 * automatically add the new permissions where needed. 369 * 370 * @return All permissions that are split. 371 */ getSplitPermissions()372 List<SplitPermissionInfoParcelable> getSplitPermissions(); 373 374 /** 375 * TODO:theianchen add doc describing this is the old checkPermissionImpl 376 */ checkPermission(String pkgName, String permName, int userId)377 int checkPermission(String pkgName, String permName, int userId); 378 379 /** 380 * TODO:theianchen add doc describing this is the old checkUidPermissionImpl 381 */ checkUidPermission(int uid, String permName)382 int checkUidPermission(int uid, String permName); 383 384 /** 385 * Adds a listener for runtime permission state (permissions or flags) changes. 386 * 387 * @param listener The listener. 388 */ addOnRuntimePermissionStateChangedListener( @onNull PermissionManagerServiceInternal .OnRuntimePermissionStateChangedListener listener)389 void addOnRuntimePermissionStateChangedListener( 390 @NonNull PermissionManagerServiceInternal 391 .OnRuntimePermissionStateChangedListener listener); 392 393 /** 394 * Removes a listener for runtime permission state (permissions or flags) changes. 395 * 396 * @param listener The listener. 397 */ removeOnRuntimePermissionStateChangedListener( @onNull PermissionManagerServiceInternal .OnRuntimePermissionStateChangedListener listener)398 void removeOnRuntimePermissionStateChangedListener( 399 @NonNull PermissionManagerServiceInternal 400 .OnRuntimePermissionStateChangedListener listener); 401 402 /** 403 * Get all the package names requesting app op permissions. 404 * 405 * @return a map of app op permission names to package names requesting them 406 */ getAllAppOpPermissionPackages()407 Map<String, Set<String>> getAllAppOpPermissionPackages(); 408 409 /** 410 * Get whether permission review is required for a package. 411 * 412 * @param packageName the name of the package 413 * @param userId the user ID 414 * @return whether permission review is required 415 */ isPermissionsReviewRequired(@onNull String packageName, @UserIdInt int userId)416 boolean isPermissionsReviewRequired(@NonNull String packageName, 417 @UserIdInt int userId); 418 419 /** 420 * Reset the runtime permission state changes for a package. 421 * 422 * TODO(zhanghai): Turn this into package change callback? 423 * 424 * @param pkg the package 425 * @param userId the user ID 426 */ resetRuntimePermissions(@onNull AndroidPackage pkg, @UserIdInt int userId)427 void resetRuntimePermissions(@NonNull AndroidPackage pkg, 428 @UserIdInt int userId); 429 430 /** 431 * Read legacy permission state from package settings. 432 * 433 * TODO(zhanghai): This is a temporary method because we should not expose 434 * {@code PackageSetting} which is a implementation detail that permission should not know. 435 * Instead, it should retrieve the legacy state via a defined API. 436 */ readLegacyPermissionStateTEMP()437 void readLegacyPermissionStateTEMP(); 438 439 /** 440 * Write legacy permission state to package settings. 441 * 442 * TODO(zhanghai): This is a temporary method and should be removed once we migrated persistence 443 * for permission. 444 */ writeLegacyPermissionStateTEMP()445 void writeLegacyPermissionStateTEMP(); 446 447 /** 448 * Get all the permissions granted to a package. 449 * 450 * @param packageName the name of the package 451 * @param userId the user ID 452 * @return the names of the granted permissions 453 */ 454 @NonNull getGrantedPermissions(@onNull String packageName, @UserIdInt int userId)455 Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId); 456 457 /** 458 * Get the GIDs of a permission. 459 * 460 * @param permissionName the name of the permission 461 * @param userId the user ID 462 * @return the GIDs of the permission 463 */ 464 @NonNull getPermissionGids(@onNull String permissionName, @UserIdInt int userId)465 int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId); 466 467 /** 468 * Get the packages that have requested an app op permission. 469 * 470 * @param permissionName the name of the app op permission 471 * @return the names of the packages that have requested the app op permission 472 */ 473 @NonNull getAppOpPermissionPackages(@onNull String permissionName)474 String[] getAppOpPermissionPackages(@NonNull String permissionName); 475 476 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ 477 @Nullable getPermissionTEMP(@onNull String permName)478 Permission getPermissionTEMP(@NonNull String permName); 479 480 /** Get all permissions that have a certain protection */ 481 @NonNull getAllPermissionsWithProtection( @ermissionInfo.Protection int protection)482 ArrayList<PermissionInfo> getAllPermissionsWithProtection( 483 @PermissionInfo.Protection int protection); 484 485 /** Get all permissions that have certain protection flags */ getAllPermissionsWithProtectionFlags( @ermissionInfo.ProtectionFlags int protectionFlags)486 @NonNull ArrayList<PermissionInfo> getAllPermissionsWithProtectionFlags( 487 @PermissionInfo.ProtectionFlags int protectionFlags); 488 489 /** 490 * Get all the legacy permissions currently registered in the system. 491 * 492 * @return the legacy permissions 493 */ 494 @NonNull getLegacyPermissions()495 List<LegacyPermission> getLegacyPermissions(); 496 497 /** 498 * Get the legacy permission state of an app ID, either a package or a shared user. 499 * 500 * @param appId the app ID 501 * @return the legacy permission state 502 */ 503 @NonNull getLegacyPermissionState(@ppIdInt int appId)504 LegacyPermissionState getLegacyPermissionState(@AppIdInt int appId); 505 506 /** 507 * Read legacy permissions from legacy permission settings. 508 * 509 * TODO(zhanghai): This is a temporary method because we should not expose 510 * {@code LegacyPermissionSettings} which is a implementation detail that permission should not 511 * know. Instead, it should retrieve the legacy permissions via a defined API. 512 */ readLegacyPermissionsTEMP(@onNull LegacyPermissionSettings legacyPermissionSettings)513 void readLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); 514 515 /** 516 * Write legacy permissions to legacy permission settings. 517 * 518 * TODO(zhanghai): This is a temporary method and should be removed once we migrated persistence 519 * for permission. 520 */ writeLegacyPermissionsTEMP(@onNull LegacyPermissionSettings legacyPermissionSettings)521 void writeLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); 522 523 /** 524 * Callback when the system is ready. 525 */ onSystemReady()526 void onSystemReady(); 527 528 /** 529 * Callback when a storage volume is mounted, so that all packages on it become available. 530 * 531 * @param volumeUuid the UUID of the storage volume 532 * @param fingerprintChanged whether the current build fingerprint is different from what it was 533 * when this volume was last mounted 534 */ onStorageVolumeMounted(@onNull String volumeUuid, boolean fingerprintChanged)535 void onStorageVolumeMounted(@NonNull String volumeUuid, boolean fingerprintChanged); 536 537 /** 538 * Get the GIDs computed from the permission state of a UID, either a package or a shared user. 539 * 540 * @param uid the UID 541 * @return the GIDs for the UID 542 */ 543 @NonNull getGidsForUid(int uid)544 int[] getGidsForUid(int uid); 545 546 /** 547 * Callback when a user has been created. 548 * 549 * @param userId the created user ID 550 */ onUserCreated(@serIdInt int userId)551 void onUserCreated(@UserIdInt int userId); 552 553 /** 554 * Callback when a user has been removed. 555 * 556 * @param userId the removed user ID 557 */ onUserRemoved(@serIdInt int userId)558 void onUserRemoved(@UserIdInt int userId); 559 560 /** 561 * Callback when a package has been added. 562 * 563 * @param pkg the added package 564 * @param isInstantApp whether the added package is an instant app 565 * @param oldPkg the old package, or {@code null} if none 566 */ onPackageAdded(@onNull AndroidPackage pkg, boolean isInstantApp, @Nullable AndroidPackage oldPkg)567 void onPackageAdded(@NonNull AndroidPackage pkg, boolean isInstantApp, 568 @Nullable AndroidPackage oldPkg); 569 570 /** 571 * Callback when a package has been installed for a user. 572 * 573 * @param pkg the installed package 574 * @param previousAppId the previous app ID if the package is leaving a shared UID, 575 * or Process.INVALID_UID 576 * @param params the parameters passed in for package installation 577 * @param userId the user ID this package is installed for 578 */ onPackageInstalled(@onNull AndroidPackage pkg, int previousAppId, @NonNull PermissionManagerServiceInternal.PackageInstalledParams params, @UserIdInt int userId)579 void onPackageInstalled(@NonNull AndroidPackage pkg, int previousAppId, 580 @NonNull PermissionManagerServiceInternal.PackageInstalledParams params, 581 @UserIdInt int userId); 582 583 /** 584 * Callback when a package has been removed. 585 * 586 * @param pkg the removed package 587 */ onPackageRemoved(@onNull AndroidPackage pkg)588 void onPackageRemoved(@NonNull AndroidPackage pkg); 589 590 /** 591 * Callback when a package has been uninstalled. 592 * <p> 593 * The package may have been fully removed from the system, or only marked as uninstalled for 594 * this user but still instlaled for other users. 595 * 596 * TODO: Pass PackageState instead. 597 * 598 * @param packageName the name of the uninstalled package 599 * @param appId the app ID of the uninstalled package 600 * @param pkg the uninstalled package, or {@code null} if unavailable 601 * @param sharedUserPkgs the packages that are in the same shared user 602 * @param userId the user ID the package is uninstalled for 603 */ onPackageUninstalled(@onNull String packageName, int appId, @Nullable AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId)604 void onPackageUninstalled(@NonNull String packageName, int appId, @Nullable AndroidPackage pkg, 605 @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId); 606 } 607