1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <android/content/AttributionSourceState.h> 20 #include <android/permission/IPermissionChecker.h> 21 22 #include <utils/threads.h> 23 24 #include <optional> 25 26 #ifdef __ANDROID_VNDK__ 27 #error "This header is not visible to vendors" 28 #endif 29 30 // --------------------------------------------------------------------------- 31 namespace android { 32 33 namespace permission { 34 35 using android::content::AttributionSourceState; 36 using android::permission::IPermissionChecker; 37 38 class PermissionChecker 39 { 40 public: 41 42 enum PermissionResult { 43 44 /** 45 * The permission is granted. 46 */ 47 PERMISSION_GRANTED = IPermissionChecker::PERMISSION_GRANTED, 48 49 /** 50 * The permission is denied. Applicable only to runtime and app op permissions. 51 * 52 * Returned when: 53 * - the runtime permission is granted, but the corresponding app op is denied 54 * for runtime permissions. 55 * - the app ops is ignored for app op permissions. 56 * 57 */ 58 PERMISSION_SOFT_DENIED = IPermissionChecker::PERMISSION_SOFT_DENIED, 59 60 /** 61 * The permission is denied. 62 * 63 * Returned when: 64 * - the permission is denied for non app op permissions. 65 * - the app op is denied or app op is AppOpsManager#MODE_DEFAULT and permission is denied. 66 */ 67 PERMISSION_HARD_DENIED = IPermissionChecker::PERMISSION_HARD_DENIED 68 }; 69 70 PermissionChecker(); 71 72 /** 73 * Checks whether a given data access chain described by the given attribution source 74 * has a given permission and whether the app op that corresponds to this permission 75 * is allowed. Call this method if you are the datasource which would not blame you for 76 * access to the data since you are the data. Use this API if you are the datasource of 77 * the protected state. 78 * 79 * NOTE: The attribution source should be for yourself with its next attribution 80 * source being the app that would receive the data from you. 81 * 82 * NOTE: Use this method only for permission checks at the point where you will deliver 83 * the permission protected data to clients. 84 * 85 * @param permission The permission to check. 86 * @param attributionSource The attribution chain to check. 87 * @param message A message describing the reason the permission was checked. 88 * @param attributedOpCode The op code towards which to blame the access. If this 89 * is a valid app op the op corresponding to the checked permission (if such) 90 * would only be checked to ensure it is allowed and if that succeeds the 91 * noting would be against the attributed op. 92 * @return The permission check result which is either PERMISSION_GRANTED, 93 * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. 94 */ 95 PermissionChecker::PermissionResult checkPermissionForDataDeliveryFromDatasource( 96 const String16& permission, const AttributionSourceState& attributionSource, 97 const String16& message, int32_t attributedOpCode); 98 99 /** 100 * Checks whether a given data access chain described by the given attribution source 101 * has a given permission and whether the app op that corresponds to this permission 102 * is allowed. The app ops are not noted/started. 103 * 104 * NOTE: Use this method only for permission checks at the preflight point where you 105 * will not deliver the permission protected data to clients but schedule permission 106 * data delivery, apps register listeners, etc. 107 * 108 * @param permission The permission to check. 109 * @param attributionSource The attribution chain to check. 110 * @param message A message describing the reason the permission was checked. 111 * @param attributedOpCode The op code towards which to blame the access. If this 112 * is a valid app op the op corresponding to the checked permission (if such) 113 * would only be checked to ensure it is allowed and if that succeeds the 114 * starting would be against the attributed op. 115 * @return The permission check result which is either PERMISSION_GRANTED, 116 * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. 117 */ 118 PermissionResult checkPermissionForPreflight( 119 const String16& permission, const AttributionSourceState& attributionSource, 120 const String16& message, int32_t attributedOpCode); 121 122 /** 123 * Checks whether a given data access chain described by the given attribution source 124 * has a given permission and whether the app op that corresponds to this permission 125 * is allowed. The app ops are not noted/started. 126 * 127 * NOTE: The attribution source should be for yourself with its next attribution 128 * source being the app that would receive the data from you. 129 * 130 * NOTE: Use this method only for permission checks at the preflight point where you 131 * will not deliver the permission protected data to clients but schedule permission 132 * data delivery, apps register listeners, etc. 133 * 134 * @param permission The permission to check. 135 * @param attributionSource The attribution chain to check. 136 * @param message A message describing the reason the permission was checked. 137 * @param attributedOpCode The op code towards which to blame the access. If this 138 * is a valid app op the op corresponding to the checked permission (if such) 139 * would only be checked to ensure it is allowed and if that succeeds the 140 * starting would be against the attributed op. 141 * @return The permission check result which is either PERMISSION_GRANTED, 142 * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. 143 */ 144 PermissionResult checkPermissionForPreflightFromDatasource( 145 const String16& permission, const AttributionSourceState& attributionSource, 146 const String16& message, int32_t attributedOpCode); 147 148 /** 149 * Checks whether a given data access chain described by the given attribution source 150 * has a given permission and whether the app op that corresponds to this permission 151 * is allowed. The app ops are also marked as started. This is useful for long running 152 * permissions like camera and microphone. Use this API if you are the datasource of 153 * the protected state. 154 * 155 * NOTE: The attribution source should be for yourself with its next attribution 156 * source being the app that would receive the data from you. 157 * 158 * NOTE: Use this method only for permission checks at the point where you will deliver 159 * the permission protected data to clients. 160 * 161 * @param permission The permission to check. 162 * @param attributionSource The attribution chain to check. 163 * @param message A message describing the reason the permission was checked. 164 * @param attributedOpCode The op code towards which to blame the access. If this 165 * is a valid app op the op corresponding to the checked permission (if such) 166 * would only be checked to ensure it is allowed and if that succeeds the 167 * starting would be against the attributed op. 168 * @return The permission check result which is either PERMISSION_GRANTED, 169 * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. 170 */ 171 PermissionResult checkPermissionForStartDataDeliveryFromDatasource( 172 const String16& permission, const AttributionSourceState& attributionSource, 173 const String16& message, int32_t attributedOpCode); 174 175 /** 176 * Finishes an ongoing op for data access chain described by the given 177 * attribution source. Use this API if you are the datasource of the protected 178 * state. Use this API if you are the datasource of the protected state. 179 * 180 * NOTE: The attribution source should be for yourself with its next attribution 181 * source being the app that would receive the data from you. 182 * 183 * @param op The op to finish. 184 * @param attributionSource The attribution chain for which to finish data delivery. 185 * @param attributedOpCode The op code towards which to blame the access. If this 186 * is a valid app op it is the op that would be finished. 187 */ 188 void finishDataDeliveryFromDatasource(int32_t op, 189 const AttributionSourceState& attributionSource); 190 191 private: 192 Mutex mLock; 193 sp<IPermissionChecker> mService; 194 sp<IPermissionChecker> getService(); 195 196 PermissionResult checkPermission(const String16& permission, 197 const AttributionSourceState& attributionSource, 198 const String16& message, bool forDataDelivery, bool startDataDelivery, 199 bool fromDatasource, int32_t attributedOpCode); 200 }; 201 202 } // namespace permission 203 204 } // namespace android 205 206 // --------------------------------------------------------------------------- 207