1 package com.android.nfc; 2 3 import android.app.ActivityManager; 4 import android.content.Context; 5 import android.os.Binder; 6 import android.os.UserHandle; 7 import android.os.UserManager; 8 9 import java.util.List; 10 11 public class NfcPermissions { 12 13 /** 14 * NFC ADMIN permission - only for system apps 15 */ 16 private static final String ADMIN_PERM = android.Manifest.permission.WRITE_SECURE_SETTINGS; 17 private static final String ADMIN_PERM_ERROR = "WRITE_SECURE_SETTINGS permission required"; 18 19 /** 20 * Regular NFC permission 21 */ 22 static final String NFC_PERMISSION = android.Manifest.permission.NFC; 23 private static final String NFC_PERM_ERROR = "NFC permission required"; 24 25 /** 26 * NFC PREFERRED PAYMENT INFO permission 27 */ 28 static final String NFC_PREFERRED_PAYMENT_INFO_PERMISSION = 29 android.Manifest.permission.NFC_PREFERRED_PAYMENT_INFO; 30 private static final String NFC_PREFERRED_PAYMENT_INFO_PERM_ERROR = 31 "NFC_PREFERRED_PAYMENT_INFO permission required"; 32 33 /** 34 * NFC SET CONTROLLER ALWAYS ON permission 35 */ 36 static final String NFC_SET_CONTROLLER_ALWAYS_ON = 37 android.Manifest.permission.NFC_SET_CONTROLLER_ALWAYS_ON; 38 private static final String NFC_SET_CONTROLLER_ALWAYS_ON_ERROR = 39 "NFC_SET_CONTROLLER_ALWAYS_ON permission required"; 40 validateUserId(int userId)41 public static void validateUserId(int userId) { 42 if (userId != UserHandle.getUserHandleForUid(Binder.getCallingUid()).getIdentifier()) { 43 throw new SecurityException("userId passed in is not the calling user."); 44 } 45 } 46 47 /** 48 * Validate whether the profileId belongs to current user 49 */ validateProfileId(Context context, int profileId)50 public static void validateProfileId(Context context, int profileId) { 51 // Propagate the state change to all user profiles 52 UserManager um = context.createContextAsUser( 53 UserHandle.of(ActivityManager.getCurrentUser()), /*flags=*/0) 54 .getSystemService(UserManager.class); 55 List<UserHandle> luh = um.getEnabledProfiles(); 56 57 for (UserHandle uh : luh) { 58 if (profileId == uh.getIdentifier()) { 59 return; 60 } 61 } 62 63 throw new SecurityException("profileId passed in does not belong to the calling user."); 64 } 65 enforceAdminPermissions(Context context)66 public static void enforceAdminPermissions(Context context) { 67 context.enforceCallingOrSelfPermission(ADMIN_PERM, ADMIN_PERM_ERROR); 68 } 69 70 enforceUserPermissions(Context context)71 public static void enforceUserPermissions(Context context) { 72 context.enforceCallingOrSelfPermission(NFC_PERMISSION, NFC_PERM_ERROR); 73 } 74 enforcePreferredPaymentInfoPermissions(Context context)75 public static void enforcePreferredPaymentInfoPermissions(Context context) { 76 context.enforceCallingOrSelfPermission(NFC_PREFERRED_PAYMENT_INFO_PERMISSION, 77 NFC_PREFERRED_PAYMENT_INFO_PERM_ERROR); 78 } 79 80 /** 81 * Permission check for android.Manifest.permission.NFC_SET_CONTROLLER_ALWAYS_ON 82 */ enforceSetControllerAlwaysOnPermissions(Context context)83 public static void enforceSetControllerAlwaysOnPermissions(Context context) { 84 context.enforceCallingOrSelfPermission(NFC_SET_CONTROLLER_ALWAYS_ON, 85 NFC_SET_CONTROLLER_ALWAYS_ON_ERROR); 86 } 87 } 88