1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.os; 17 18 import android.Manifest; 19 import android.annotation.FlaggedApi; 20 import android.annotation.NonNull; 21 import android.annotation.RequiresPermission; 22 import android.annotation.SystemApi; 23 import android.annotation.SystemService; 24 import android.content.ComponentName; 25 import android.content.Context; 26 import android.content.pm.SignedPackage; 27 import android.content.pm.SignedPackageParcel; 28 import android.util.ArraySet; 29 import android.util.Log; 30 31 import java.util.Collections; 32 import java.util.List; 33 import java.util.Map; 34 import java.util.Set; 35 import java.util.stream.Collectors; 36 37 38 /** 39 * Allows apps outside the system process to access various bits of configuration defined in 40 * /etc/sysconfig and its counterparts on OEM and vendor partitions. 41 * 42 * TODO: Intended for access by system mainline modules only. Marking as SystemApi until the 43 * module-only API surface is available. 44 * @hide 45 */ 46 @SystemApi 47 @SystemService(Context.SYSTEM_CONFIG_SERVICE) 48 public class SystemConfigManager { 49 private static final String TAG = SystemConfigManager.class.getSimpleName(); 50 51 private final ISystemConfig mInterface; 52 53 /** @hide **/ SystemConfigManager()54 public SystemConfigManager() { 55 mInterface = ISystemConfig.Stub.asInterface( 56 ServiceManager.getService(Context.SYSTEM_CONFIG_SERVICE)); 57 } 58 59 /** 60 * Returns a set of package names for carrier apps that are preinstalled on the device but 61 * should be disabled until the matching carrier's SIM is inserted into the device. 62 * @return A set of package names. 63 */ 64 @RequiresPermission(Manifest.permission.READ_CARRIER_APP_INFO) getDisabledUntilUsedPreinstalledCarrierApps()65 public @NonNull Set<String> getDisabledUntilUsedPreinstalledCarrierApps() { 66 try { 67 List<String> apps = mInterface.getDisabledUntilUsedPreinstalledCarrierApps(); 68 return new ArraySet<>(apps); 69 } catch (RemoteException e) { 70 Log.e(TAG, "Caught remote exception"); 71 return Collections.emptySet(); 72 } 73 } 74 75 /** 76 * Returns a map that describes helper apps associated with carrier apps that, like the apps 77 * returned by {@link #getDisabledUntilUsedPreinstalledCarrierApps()}, should be disabled until 78 * the correct SIM is inserted into the device. 79 * @return A map with keys corresponding to package names returned by 80 * {@link #getDisabledUntilUsedPreinstalledCarrierApps()} and values as lists of package 81 * names of helper apps. 82 */ 83 @RequiresPermission(Manifest.permission.READ_CARRIER_APP_INFO) 84 public @NonNull Map<String, List<String>> getDisabledUntilUsedPreinstalledCarrierAssociatedApps()85 getDisabledUntilUsedPreinstalledCarrierAssociatedApps() { 86 try { 87 return (Map<String, List<String>>) 88 mInterface.getDisabledUntilUsedPreinstalledCarrierAssociatedApps(); 89 } catch (RemoteException e) { 90 Log.e(TAG, "Caught remote exception"); 91 return Collections.emptyMap(); 92 } 93 } 94 95 /** 96 * Returns a map that describes helper apps associated with carrier apps that, like the apps 97 * returned by {@link #getDisabledUntilUsedPreinstalledCarrierApps()}, should be disabled until 98 * the correct SIM is inserted into the device. 99 * 100 * <p>TODO(b/159069037) expose this and get rid of the other method that omits SDK version. 101 * 102 * @return A map with keys corresponding to package names returned by 103 * {@link #getDisabledUntilUsedPreinstalledCarrierApps()} and values as lists of package 104 * names of helper apps and the SDK versions when they were first added. 105 * 106 * @hide 107 */ 108 @RequiresPermission(Manifest.permission.READ_CARRIER_APP_INFO) 109 public @NonNull Map<String, List<CarrierAssociatedAppEntry>> getDisabledUntilUsedPreinstalledCarrierAssociatedAppEntries()110 getDisabledUntilUsedPreinstalledCarrierAssociatedAppEntries() { 111 try { 112 return (Map<String, List<CarrierAssociatedAppEntry>>) 113 mInterface.getDisabledUntilUsedPreinstalledCarrierAssociatedAppEntries(); 114 } catch (RemoteException e) { 115 Log.e(TAG, "Caught remote exception", e); 116 return Collections.emptyMap(); 117 } 118 } 119 120 /** 121 * Get uids which have been granted given permission in system configuration. 122 * 123 * The uids and assigning permissions are defined on data/etc/platform.xml 124 * 125 * @param permissionName The target permission. 126 * @return The uids have been granted given permission in system configuration. 127 */ 128 @RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSIONS) 129 @NonNull getSystemPermissionUids(@onNull String permissionName)130 public int[] getSystemPermissionUids(@NonNull String permissionName) { 131 try { 132 return mInterface.getSystemPermissionUids(permissionName); 133 } catch (RemoteException e) { 134 throw e.rethrowFromSystemServer(); 135 } 136 } 137 138 /** 139 * Get enabled component for a specific package 140 * 141 * @param packageName The target package. 142 * @return The enabled component 143 * {@hide} 144 */ 145 @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) 146 @NonNull getEnabledComponentOverrides(@onNull String packageName)147 public List<ComponentName> getEnabledComponentOverrides(@NonNull String packageName) { 148 try { 149 return mInterface.getEnabledComponentOverrides(packageName); 150 } catch (RemoteException e) { 151 throw e.rethrowFromSystemServer(); 152 } 153 } 154 155 /** 156 * Return the components that are enabled by default as VR mode listener services. 157 * @hide 158 */ 159 @RequiresPermission(android.Manifest.permission.QUERY_ALL_PACKAGES) getDefaultVrComponents()160 public List<ComponentName> getDefaultVrComponents() { 161 try { 162 return mInterface.getDefaultVrComponents(); 163 } catch (RemoteException e) { 164 e.rethrowFromSystemServer(); 165 } 166 return Collections.emptyList(); 167 } 168 169 /** 170 * Return the packages that are prevented from being disabled, where if 171 * disabled it would result in a non-functioning system or similar. 172 * @hide 173 */ 174 @NonNull getPreventUserDisablePackages()175 public List<String> getPreventUserDisablePackages() { 176 try { 177 return mInterface.getPreventUserDisablePackages(); 178 } catch (RemoteException e) { 179 throw e.rethrowFromSystemServer(); 180 } 181 } 182 183 184 /** 185 * Returns a set of signed packages, represented as (packageName, certificateDigest) pairs, that 186 * should be considered "trusted packages" by ECM (Enhanced Confirmation Mode). 187 * 188 * <p>"Trusted packages" are exempt from ECM (i.e., they will never be considered "restricted"). 189 * 190 * <p>A package will be considered "trusted package" if and only if it *matches* least one of 191 * the (*packageName*, *certificateDigest*) pairs in this set, where *matches* means satisfying 192 * both of the following: 193 * 194 * <ol> 195 * <li>The package's name equals *packageName* 196 * <li>The package is, or was ever, signed by *certificateDigest*, according to the package's 197 * {@link android.content.pm.SigningDetails} 198 * </ol> 199 * 200 * @hide 201 */ 202 @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) 203 @FlaggedApi(android.permission.flags.Flags.FLAG_ENHANCED_CONFIRMATION_MODE_APIS_ENABLED) 204 @RequiresPermission(Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES) 205 @NonNull getEnhancedConfirmationTrustedPackages()206 public Set<SignedPackage> getEnhancedConfirmationTrustedPackages() { 207 try { 208 List<SignedPackageParcel> parcels = mInterface.getEnhancedConfirmationTrustedPackages(); 209 return parcels.stream().map(SignedPackage::new).collect(Collectors.toSet()); 210 } catch (RemoteException e) { 211 throw e.rethrowFromSystemServer(); 212 } 213 } 214 215 /** 216 * Returns a set of signed packages, represented as (packageName, certificateDigest) pairs, that 217 * should be considered "trusted installers" by ECM (Enhanced Confirmation Mode). 218 * 219 * <p>"Trusted installers", and all apps installed by a trusted installer, are exempt from ECM 220 * (i.e., they will never be considered "restricted"). 221 * 222 * <p>A package will be considered a "trusted installer" if and only if it *matches* least one 223 * of the (*packageName*, *certificateDigest*) pairs in this set, where *matches* means 224 * satisfying both of the following: 225 * 226 * <ol> 227 * <li>The package's name equals *packageName* 228 * <li>The package is, or was ever, signed by *certificateDigest*, according to the package's 229 * {@link android.content.pm.SigningDetails} 230 * </ol> 231 * 232 * @hide 233 */ 234 @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) 235 @FlaggedApi(android.permission.flags.Flags.FLAG_ENHANCED_CONFIRMATION_MODE_APIS_ENABLED) 236 @RequiresPermission(Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES) 237 @NonNull getEnhancedConfirmationTrustedInstallers()238 public Set<SignedPackage> getEnhancedConfirmationTrustedInstallers() { 239 try { 240 List<SignedPackageParcel> parcels = 241 mInterface.getEnhancedConfirmationTrustedInstallers(); 242 return parcels.stream().map(SignedPackage::new).collect(Collectors.toSet()); 243 } catch (RemoteException e) { 244 throw e.rethrowFromSystemServer(); 245 } 246 } 247 } 248