1 /* 2 * Copyright (C) 2024 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.appfunctions; 18 19 import android.Manifest; 20 import android.annotation.IntDef; 21 import android.annotation.NonNull; 22 import android.os.UserHandle; 23 24 import com.android.internal.annotations.VisibleForTesting; 25 import com.android.internal.infra.AndroidFuture; 26 27 import java.lang.annotation.Retention; 28 import java.lang.annotation.RetentionPolicy; 29 30 /** 31 * Interface for validating that the caller has the correct privilege to call an AppFunctionManager 32 * API. 33 */ 34 @VisibleForTesting(visibility = VisibleForTesting.Visibility.PACKAGE) 35 public interface CallerValidator { 36 // TODO(b/357551503): Should we verify NOT instant app? 37 // TODO(b/357551503): Verify that user have been unlocked. 38 39 /** 40 * This method is used to validate that the calling package reported in the request is the same 41 * as the binder calling identity. 42 * 43 * @param claimedCallingPackage The package name of the caller. 44 * @return The package name of the caller. 45 * @throws SecurityException if the package name and uid don't match. 46 */ validateCallingPackage(@onNull String claimedCallingPackage)47 String validateCallingPackage(@NonNull String claimedCallingPackage); 48 49 /** 50 * Validates that the caller can invoke an AppFunctionManager API in the provided target user 51 * space. 52 * 53 * @param targetUserHandle The user which the caller is requesting to execute as. 54 * @param claimedCallingPackage The package name of the caller. 55 * @return The user handle that the call should run as. Will always be a concrete user. 56 * @throws IllegalArgumentException if the target user is a special user. 57 * @throws SecurityException if caller trying to interact across users without {@link 58 * Manifest.permission#INTERACT_ACROSS_USERS_FULL} 59 */ verifyTargetUserHandle( @onNull UserHandle targetUserHandle, @NonNull String claimedCallingPackage)60 UserHandle verifyTargetUserHandle( 61 @NonNull UserHandle targetUserHandle, @NonNull String claimedCallingPackage); 62 63 /** 64 * Validates that the caller can execute the specified app function. 65 * 66 * <p>The caller can execute if the app function's package name is the same as the caller's 67 * package or the caller has the {@link Manifest.permission#EXECUTE_APP_FUNCTIONS} granted. 68 * 69 * @param callingUid The calling uid. 70 * @param callingPid The calling pid. 71 * @param targetUser The user which the caller is requesting to execute as. 72 * @param callerPackageName The calling package (as previously validated). 73 * @param targetPackageName The package that owns the app function to execute. 74 * @param functionId The id of the app function to execute. 75 * @return Whether the caller can execute the specified app function. 76 */ 77 @CanExecuteAppFunctionResult verifyCallerCanExecuteAppFunction( int callingUid, int callingPid, @NonNull UserHandle targetUser, @NonNull String callerPackageName, @NonNull String targetPackageName, @NonNull String functionId)78 AndroidFuture<Integer> verifyCallerCanExecuteAppFunction( 79 int callingUid, 80 int callingPid, 81 @NonNull UserHandle targetUser, 82 @NonNull String callerPackageName, 83 @NonNull String targetPackageName, 84 @NonNull String functionId); 85 86 @IntDef( 87 prefix = {"CAN_EXECUTE_APP_FUNCTIONS_"}, 88 value = { 89 CAN_EXECUTE_APP_FUNCTIONS_DENIED, 90 CAN_EXECUTE_APP_FUNCTIONS_ALLOWED_SAME_PACKAGE, 91 CAN_EXECUTE_APP_FUNCTIONS_ALLOWED_HAS_PERMISSION, 92 }) 93 @Retention(RetentionPolicy.SOURCE) 94 @interface CanExecuteAppFunctionResult {} 95 96 /** Callers are not allowed to execute app functions. */ 97 int CAN_EXECUTE_APP_FUNCTIONS_DENIED = 0; 98 99 /** 100 * Callers can execute app functions because they are calling app functions from the same 101 * package. 102 */ 103 int CAN_EXECUTE_APP_FUNCTIONS_ALLOWED_SAME_PACKAGE = 1; 104 105 /** 106 * Callers can execute app functions because they have the necessary permission. 107 * This case also applies when a caller with the permission invokes their own app functions. 108 */ 109 int CAN_EXECUTE_APP_FUNCTIONS_ALLOWED_HAS_PERMISSION = 2; 110 111 /** 112 * Checks if the app function policy is allowed. 113 * 114 * @param callingUser The current calling user. 115 * @param targetUser The user which the caller is requesting to execute as. 116 * @return Whether the app function policy is allowed. 117 */ verifyEnterprisePolicyIsAllowed( @onNull UserHandle callingUser, @NonNull UserHandle targetUser)118 boolean verifyEnterprisePolicyIsAllowed( 119 @NonNull UserHandle callingUser, @NonNull UserHandle targetUser); 120 } 121