1 /* 2 * Copyright (C) 2023 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.adservices.service.consent; 18 19 import android.annotation.NonNull; 20 21 import com.android.adservices.service.common.feature.PrivacySandboxFeatureType; 22 import com.android.adservices.service.ui.enrollment.collection.PrivacySandboxEnrollmentChannelCollection; 23 import com.android.adservices.service.ui.ux.collection.PrivacySandboxUxCollection; 24 25 import com.google.common.collect.ImmutableList; 26 27 import java.io.IOException; 28 29 /** 30 * Interface to handle user's consent related Apis. 31 * 32 * <p>For Beta the consent is given for all {@link AdServicesApiType} or for none. 33 * 34 * <p>Currently there are three types of source of truth to store consent data, 35 * 36 * <ul> 37 * <li>SYSTEM_SERVER_ONLY: Write and read consent from system server only. 38 * <li>PPAPI_ONLY: Write and read consent from PPAPI only. 39 * <li>PPAPI_AND_SYSTEM_SERVER: Write consent to both PPAPI and system server. Read consent from 40 * system server only. 41 * </ul> 42 * 43 * Every source of truth should have its own dedicated storage class that implements the 44 * IConsentStorage interface.. 45 */ 46 public interface IConsentStorage { 47 /** 48 * Deletes all app consent data and all app data gathered or generated by the Privacy Sandbox. 49 * 50 * <p>This should be called when the Privacy Sandbox has been disabled. 51 * 52 * @throws IOException if the operation fails 53 */ clearAllAppConsentData()54 void clearAllAppConsentData() throws IOException; 55 56 /** 57 * Clear consent data after an app was uninstalled. 58 * 59 * @param packageName the package name that had been uninstalled. 60 * @throws IOException if the operation fails 61 */ clearConsentForUninstalledApp(@onNull String packageName)62 void clearConsentForUninstalledApp(@NonNull String packageName) throws IOException; 63 64 /** 65 * Clear consent data after an app was uninstalled. 66 * 67 * @param packageName the package name that had been uninstalled. 68 * @param packageUid the package uid that had been uninstalled. 69 * @throws IOException if the operation fails 70 */ clearConsentForUninstalledApp(@onNull String packageName, int packageUid)71 void clearConsentForUninstalledApp(@NonNull String packageName, int packageUid) 72 throws IOException; 73 74 /** 75 * Deletes the list of known allowed apps as well as all app data from the Privacy Sandbox. 76 * 77 * <p>The list of blocked apps is not reset. 78 * 79 * @throws IOException if the operation fails 80 */ clearKnownAppsWithConsent()81 void clearKnownAppsWithConsent() throws IOException; 82 83 /** 84 * @return an {@link ImmutableList} of all known apps in the database that have had user consent 85 * revoked 86 * @throws IOException if the operation fails 87 */ 88 @NonNull getAppsWithRevokedConsent()89 ImmutableList<String> getAppsWithRevokedConsent() throws IOException; 90 91 /** 92 * Retrieves the consent for all services. 93 * 94 * <p>To read from PPAPI consent if source of truth is PPAPI. To read from system server consent 95 * if source of truth is system server or dual sources. 96 * 97 * @return AdServicesApiConsent the consent 98 * @throws IOException if the operation fails 99 */ 100 @NonNull getConsent(@onNull AdServicesApiType apiType)101 AdServicesApiConsent getConsent(@NonNull AdServicesApiType apiType) throws IOException; 102 103 /** 104 * Gets the current privacy sandbox feature. 105 * 106 * <p>To write to PPAPI if consent source of truth is PPAPI_ONLY or dual sources. To write to 107 * system server if consent source of truth is SYSTEM_SERVER_ONLY or dual sources. 108 * 109 * @return PrivacySandboxFeatureType privacy sandbox feature 110 * @throws IOException if the operation fails 111 */ 112 @NonNull getCurrentPrivacySandboxFeature()113 PrivacySandboxFeatureType getCurrentPrivacySandboxFeature() throws IOException; 114 115 /** Returns current enrollment channel. */ 116 @NonNull getEnrollmentChannel( @onNull PrivacySandboxUxCollection ux)117 PrivacySandboxEnrollmentChannelCollection getEnrollmentChannel( 118 @NonNull PrivacySandboxUxCollection ux) throws IOException; 119 120 /** 121 * @return an {@link ImmutableList} of all known apps in the database that have not had user 122 * consent revoked 123 */ 124 @NonNull getKnownAppsWithConsent()125 ImmutableList<String> getKnownAppsWithConsent() throws IOException; 126 127 /** 128 * Returns information whether user interacted with consent manually. 129 * 130 * @return true if the user interacted with the consent manually, otherwise false. 131 */ getUserManualInteractionWithConsent()132 int getUserManualInteractionWithConsent() throws IOException; 133 134 /** Returns current UX. */ 135 @NonNull getUx()136 PrivacySandboxUxCollection getUx() throws IOException; 137 138 /** Returns whether the isAdIdEnabled bit is true. */ isAdIdEnabled()139 boolean isAdIdEnabled() throws IOException; 140 141 /** Returns whether the isAdultAccount bit is true. */ isAdultAccount()142 boolean isAdultAccount() throws IOException; 143 144 /** 145 * Returns whether a given application (identified by package name) has had user consent 146 * revoked. 147 * 148 * <p>If the given application is installed but is not found in the datastore, the application 149 * is treated as having user consent, and this method returns {@code false}. 150 * 151 * @throws IllegalArgumentException if the package name is invalid or not found as an installed 152 * application 153 * @throws IOException if the operation fails 154 */ isConsentRevokedForApp(@onNull String packageName)155 boolean isConsentRevokedForApp(@NonNull String packageName) 156 throws IllegalArgumentException, IOException; 157 158 /** Returns whether the isEntryPointEnabled bit is true. */ isEntryPointEnabled()159 boolean isEntryPointEnabled() throws IOException; 160 161 /** Returns whether the isU18Account bit is true. */ isU18Account()162 boolean isU18Account() throws IOException; 163 164 /** 165 * Saves information to the storage that GA UX notification was displayed for the first time to 166 * the user. 167 */ recordGaUxNotificationDisplayed(boolean wasGaUxDisplayed)168 void recordGaUxNotificationDisplayed(boolean wasGaUxDisplayed) throws IOException; 169 170 /** 171 * Saves information to the storage that notification was displayed for the first time to the 172 * user. 173 */ recordNotificationDisplayed(boolean wasNotificationDisplayed)174 void recordNotificationDisplayed(boolean wasNotificationDisplayed) throws IOException; 175 176 /** Saves information to the storage that user interacted with consent manually. */ recordUserManualInteractionWithConsent(int interaction)177 void recordUserManualInteractionWithConsent(int interaction) throws IOException; 178 179 /** Sets the AdIdEnabled bit to storage. */ setAdIdEnabled(boolean isAdIdEnabled)180 void setAdIdEnabled(boolean isAdIdEnabled) throws IOException; 181 182 /** Sets the AdultAccount bit to storage. */ setAdultAccount(boolean isAdultAccount)183 void setAdultAccount(boolean isAdultAccount) throws IOException; 184 185 /** 186 * Sets the consent for this user ID for this API type in storage. If we do not get 187 * confirmation that the write was successful, then we throw an exception so that user does not 188 * incorrectly think that the consent is updated. 189 * 190 * @throws IOException if the operation fails 191 */ setConsent(@onNull AdServicesApiType apiType, boolean isGiven)192 void setConsent(@NonNull AdServicesApiType apiType, boolean isGiven) throws IOException; 193 194 /** 195 * Sets consent for a given installed application, identified by package name. 196 * 197 * @throws IllegalArgumentException if the package name is invalid or not found as an installed 198 * application 199 * @throws IOException if the operation fails 200 */ setConsentForApp(@onNull String packageName, boolean isConsentRevoked)201 void setConsentForApp(@NonNull String packageName, boolean isConsentRevoked) throws IOException; 202 203 /** 204 * Deletes all app consent data and all app data gathered or generated by the Privacy Sandbox. 205 * 206 * <p>This should be called when the Privacy Sandbox has been disabled. 207 * 208 * @throws IOException if the operation fails 209 */ resetAppsAndBlockedApps()210 void resetAppsAndBlockedApps() throws IOException; 211 212 /** 213 * Deletes the list of known allowed apps as well as all app data from the Privacy Sandbox. 214 * 215 * <p>The list of blocked apps is not reset. 216 * 217 * @throws IOException if the operation fails 218 */ resetApps()219 void resetApps() throws IOException; 220 221 /** 222 * Tries to set consent for a given installed application, identified by package name, if it 223 * does not already exist in the datastore, and returns the current consent setting after 224 * checking. 225 * 226 * @return the current consent for the given {@code packageName} after trying to set the {@code 227 * value} 228 * @throws IllegalArgumentException if the package name is invalid or not found as an installed 229 * application 230 * @throws IOException if the operation fails 231 */ setConsentForAppIfNew(@onNull String packageName, boolean isConsentRevoked)232 boolean setConsentForAppIfNew(@NonNull String packageName, boolean isConsentRevoked) 233 throws IllegalArgumentException, IOException; 234 235 /** Sets the current privacy sandbox feature. */ setCurrentPrivacySandboxFeature(@onNull PrivacySandboxFeatureType featureType)236 void setCurrentPrivacySandboxFeature(@NonNull PrivacySandboxFeatureType featureType) 237 throws IOException; 238 239 /** Sets the current enrollment channel to storage. */ setEnrollmentChannel( @onNull PrivacySandboxUxCollection ux, @NonNull PrivacySandboxEnrollmentChannelCollection channel)240 void setEnrollmentChannel( 241 @NonNull PrivacySandboxUxCollection ux, 242 @NonNull PrivacySandboxEnrollmentChannelCollection channel) 243 throws IOException; 244 245 /** Sets the EntryPointEnabled bit to storage . */ setEntryPointEnabled(boolean isEntryPointEnabled)246 void setEntryPointEnabled(boolean isEntryPointEnabled) throws IOException; 247 248 /** Sets the U18Account bit to storage. */ setU18Account(boolean isU18Account)249 void setU18Account(boolean isU18Account) throws IOException; 250 251 /** Sets the U18NotificationDisplayed bit to storage. */ setU18NotificationDisplayed(boolean wasU18NotificationDisplayed)252 void setU18NotificationDisplayed(boolean wasU18NotificationDisplayed) throws IOException; 253 254 /** Sets the current UX to storage. */ setUx(PrivacySandboxUxCollection ux)255 void setUx(PrivacySandboxUxCollection ux) throws IOException; 256 257 /** 258 * Retrieves if GA UX notification has been displayed. 259 * 260 * @return true if GA UX Consent Notification was displayed, otherwise false. 261 */ wasGaUxNotificationDisplayed()262 boolean wasGaUxNotificationDisplayed() throws IOException; 263 264 /** 265 * Retrieves if notification has been displayed. 266 * 267 * @return true if Consent Notification was displayed, otherwise false. 268 */ wasNotificationDisplayed()269 boolean wasNotificationDisplayed() throws IOException; 270 271 /** Returns whether the wasU18NotificationDisplayed bit is true. */ wasU18NotificationDisplayed()272 boolean wasU18NotificationDisplayed() throws IOException; 273 274 /** Returns whether the wasPasNotificationDisplayed bit is true. */ wasPasNotificationDisplayed()275 boolean wasPasNotificationDisplayed() throws IOException; 276 277 /** Records whether the PAS Notification was displayed. */ recordPasNotificationDisplayed(boolean wasPasDisplayed)278 void recordPasNotificationDisplayed(boolean wasPasDisplayed) throws IOException; 279 280 /** Set the measurement data reset activity happens based on consent_source_of_truth. */ setMeasurementDataReset(boolean isMeasurementDataReset)281 void setMeasurementDataReset(boolean isMeasurementDataReset) throws IOException; 282 283 /** 284 * Returns whether the measurement data reset activity happens based on consent_source_of_truth. 285 */ isMeasurementDataReset()286 boolean isMeasurementDataReset() throws IOException; 287 288 /** 289 * Retrieves the PP API default consent. 290 * 291 * @return true if the default consent is true, false otherwise. 292 */ getDefaultConsent()293 Boolean getDefaultConsent() throws IOException; 294 295 /** 296 * Retrieves the topics default consent. 297 * 298 * @return true if the topics default consent is true, false otherwise. 299 */ getTopicsDefaultConsent()300 Boolean getTopicsDefaultConsent() throws IOException; 301 302 /** 303 * Retrieves the FLEDGE default consent. 304 * 305 * @return true if the FLEDGE default consent is true, false otherwise. 306 */ getFledgeDefaultConsent()307 Boolean getFledgeDefaultConsent() throws IOException; 308 309 /** 310 * Retrieves the measurement default consent. 311 * 312 * @return true if the measurement default consent is true, false otherwise. 313 */ getMeasurementDefaultConsent()314 Boolean getMeasurementDefaultConsent() throws IOException; 315 316 /** 317 * Retrieves the default AdId state. 318 * 319 * @return true if the AdId is enabled by default, false otherwise. 320 */ getDefaultAdIdState()321 Boolean getDefaultAdIdState() throws IOException; 322 323 /** Saves the default consent bit to data stores based on source of truth. */ recordDefaultConsent(boolean defaultConsent)324 void recordDefaultConsent(boolean defaultConsent) throws IOException; 325 326 /** Saves the topics default consent bit to data stores based on source of truth. */ recordTopicsDefaultConsent(boolean defaultConsent)327 void recordTopicsDefaultConsent(boolean defaultConsent) throws IOException; 328 329 /** Saves the FLEDGE default consent bit to data stores based on source of truth. */ recordFledgeDefaultConsent(boolean defaultConsent)330 void recordFledgeDefaultConsent(boolean defaultConsent) throws IOException; 331 332 /** Saves the measurement default consent bit to data stores based on source of truth. */ recordMeasurementDefaultConsent(boolean defaultConsent)333 void recordMeasurementDefaultConsent(boolean defaultConsent) throws IOException; 334 335 /** Saves the default AdId state bit to data stores based on source of truth. */ recordDefaultAdIdState(boolean defaultAdIdState)336 void recordDefaultAdIdState(boolean defaultAdIdState) throws IOException; 337 338 /** 339 * Returns whether the measurement data reset activity happens based on consent_source_of_truth. 340 */ isPaDataReset()341 Boolean isPaDataReset() throws IOException; 342 343 /** Set the isPaDataReset bit to storage based on consent_source_of_truth. */ setPaDataReset(boolean isPaDataReset)344 void setPaDataReset(boolean isPaDataReset) throws IOException; 345 } 346