1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.sdksandbox; 18 19 import android.annotation.NonNull; 20 import android.annotation.SdkConstant; 21 import android.annotation.SystemApi; 22 import android.content.Intent; 23 import android.content.IntentFilter; 24 import android.content.pm.ApplicationInfo; 25 import android.content.pm.ProviderInfo; 26 import android.os.IBinder; 27 28 /** 29 * Exposes APIs to {@code system_server} components outside of the module boundaries. 30 * 31 * @hide 32 */ 33 @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) 34 public interface SdkSandboxManagerLocal { 35 36 @SdkConstant(SdkConstant.SdkConstantType.SERVICE_ACTION) 37 String SERVICE_INTERFACE = "com.android.sdksandbox.SdkSandboxService"; 38 39 /** 40 * Broadcast Receiver listen to sufficient verifier requests from Package Manager 41 * when install new SDK, to verifier SDK code during installation time 42 * and terminate install if SDK not compatible with privacy sandbox restrictions. 43 */ 44 @SdkConstant(SdkConstant.SdkConstantType.BROADCAST_INTENT_ACTION) 45 String VERIFIER_RECEIVER = "com.android.server.sdksandbox.SdkSandboxVerifierReceiver"; 46 47 /** 48 * Enforces that the sdk sandbox process is allowed to broadcast a given intent. 49 * 50 * @deprecated Use {@link SdkSandboxManagerLocal#canSendBroadcast(Intent)} instead. 51 * @param intent the intent to check. 52 * @throws SecurityException if the intent is not allowed to be broadcast. 53 */ 54 @Deprecated enforceAllowedToSendBroadcast(@onNull Intent intent)55 void enforceAllowedToSendBroadcast(@NonNull Intent intent); 56 57 /** 58 * Whether the sdk sandbox process is allowed to broadcast a given intent. 59 * 60 * @param intent the intent to check. 61 * @return true if the intent is allowed to be broadcast, otherwise false 62 */ canSendBroadcast(@onNull Intent intent)63 boolean canSendBroadcast(@NonNull Intent intent); 64 65 /** 66 * Enforces that the sdk sandbox process is allowed to start an activity with a given intent. 67 * 68 * @param intent the intent to check. 69 * @throws SecurityException if the activity is not allowed to be started. 70 */ enforceAllowedToStartActivity(@onNull Intent intent)71 void enforceAllowedToStartActivity(@NonNull Intent intent); 72 73 /** 74 75 * Enforces that the sdk sandbox process is allowed to start or bind to a service with a given 76 * intent. 77 * 78 * @param intent the intent to check. 79 * @throws SecurityException if the service is not allowed to be started or bound to. 80 */ enforceAllowedToStartOrBindService(@onNull Intent intent)81 void enforceAllowedToStartOrBindService(@NonNull Intent intent); 82 83 /** 84 * Whether the sdk sandbox process is allowed to access a given ContentProvider. 85 * 86 * @param providerInfo info about the Content Provider being accessed. 87 * @return true if the sandbox uid is allowed to access the ContentProvider, false otherwise. 88 */ canAccessContentProviderFromSdkSandbox(@onNull ProviderInfo providerInfo)89 boolean canAccessContentProviderFromSdkSandbox(@NonNull ProviderInfo providerInfo); 90 91 /** 92 * Enforces that the caller app is allowed to start a {@code SandboxedActivity} inside its 93 * sandbox process. 94 * 95 * @param intent the activity intent 96 * @param clientAppUid uid of the client app 97 * @param clientAppPackageName package name of the client app 98 * @throws SecurityException if the caller app is not allowed to start {@code 99 * SandboxedActivity}. 100 */ enforceAllowedToHostSandboxedActivity( @onNull Intent intent, int clientAppUid, @NonNull String clientAppPackageName)101 void enforceAllowedToHostSandboxedActivity( 102 @NonNull Intent intent, int clientAppUid, @NonNull String clientAppPackageName); 103 104 /** 105 * Whether the sdk sandbox process is allowed to register a broadcast receiver with a given 106 * intentFilter. 107 * 108 * @param intentFilter the intentFilter to check. 109 * @param flags flags that the ActivityManagerService.registerReceiver method was called with. 110 * @param onlyProtectedBroadcasts true if all actions in {@link android.content.IntentFilter} 111 * are protected broadcasts 112 * @return true if sandbox is allowed to register a broadcastReceiver, otherwise false. 113 */ canRegisterBroadcastReceiver( @onNull IntentFilter intentFilter, int flags, boolean onlyProtectedBroadcasts)114 boolean canRegisterBroadcastReceiver( 115 @NonNull IntentFilter intentFilter, int flags, boolean onlyProtectedBroadcasts); 116 117 /** 118 * Returns name of the sdk sandbox process that corresponds to the given client app. 119 * 120 * @param clientAppInfo {@link ApplicationInfo} of the given client app 121 * @return name of the sdk sandbox process to be instrumented 122 */ 123 @NonNull getSdkSandboxProcessNameForInstrumentation(@onNull ApplicationInfo clientAppInfo)124 String getSdkSandboxProcessNameForInstrumentation(@NonNull ApplicationInfo clientAppInfo); 125 126 /** 127 * Called by the {@code ActivityManagerService} to notify that instrumentation of the 128 * sdk sandbox process that belongs to the client app is about to start. 129 * 130 * <p>If there is a running instance of the sdk sandbox process, then it will be stopped. 131 * While the instrumentation for the sdk sandbox is running, the corresponding client app 132 * won't be allowed to connect to the instrumented sdk sandbox process. 133 * 134 * @param clientAppPackageName package name of the client app 135 * @param clientAppUid uid of the client app 136 */ notifyInstrumentationStarted(@onNull String clientAppPackageName, int clientAppUid)137 void notifyInstrumentationStarted(@NonNull String clientAppPackageName, int clientAppUid); 138 139 /** 140 * Called by the {@code ActivityManagerService} to notify that instrumentation of the 141 * sdk sandbox process that belongs to the client app finished. 142 * 143 * <p>This method must be called after the instrumented sdk sandbox process has been stopped. 144 * 145 * <p>Once the instrumentation finishes, the client app will be able to connect to the new 146 * instance of its sdk sandbox process. 147 * 148 * @param clientAppPackageName package name of the client app 149 * @param clientAppUid uid of the client app 150 */ notifyInstrumentationFinished(@onNull String clientAppPackageName, int clientAppUid)151 void notifyInstrumentationFinished(@NonNull String clientAppPackageName, int clientAppUid); 152 153 /** 154 * Returns true if instrumentation of the sdk sandbox process belonging to the client app is 155 * currently running, false otherwise. 156 * 157 * @param clientAppPackageName package name of the client app 158 * @param clientAppUid uid of the client app 159 * @hide 160 */ isInstrumentationRunning(@onNull String clientAppPackageName, int clientAppUid)161 boolean isInstrumentationRunning(@NonNull String clientAppPackageName, int clientAppUid); 162 163 // TODO(b/282239822): Remove this workaround on Android VIC 164 /** 165 * Register the AdServicesManager System Service 166 * 167 * @param iBinder The AdServicesManagerService Binder. 168 * @hide 169 */ registerAdServicesManagerService(IBinder iBinder, boolean published)170 void registerAdServicesManagerService(IBinder iBinder, boolean published); 171 } 172