/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.pm.permission;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.pm.PackageParser;
import android.content.pm.PermissionGroupInfo;
import android.content.pm.PermissionInfo;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.PackageManager.PermissionInfoFlags;
import android.content.pm.PackageParser.Permission;
import com.android.server.pm.SharedUserSetting;
import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* Internal interfaces to be used by other components within the system server.
*/
public abstract class PermissionManagerInternal {
/**
* Callbacks invoked when interesting actions have been taken on a permission.
* <p>
* NOTE: The current arguments are merely to support the existing use cases. This
* needs to be properly thought out with appropriate arguments for each of the
* callback methods.
*/
public static class PermissionCallback {
public void onGidsChanged(int appId, int userId) {
}
public void onPermissionChanged() {
}
public void onPermissionGranted(int uid, int userId) {
}
public void onInstallPermissionGranted() {
}
public void onPermissionRevoked(int uid, int userId) {
}
public void onInstallPermissionRevoked() {
}
public void onPermissionUpdated(int[] updatedUserIds, boolean sync) {
}
public void onPermissionRemoved() {
}
public void onInstallPermissionUpdated() {
}
}
public abstract void systemReady();
public abstract boolean isPermissionsReviewRequired(PackageParser.Package pkg, int userId);
public abstract void grantRuntimePermission(
@NonNull String permName, @NonNull String packageName, boolean overridePolicy,
int callingUid, int userId, @Nullable PermissionCallback callback);
public abstract void grantRuntimePermissionsGrantedToDisabledPackage(
@NonNull PackageParser.Package pkg, int callingUid,
@Nullable PermissionCallback callback);
public abstract void grantRequestedRuntimePermissions(
@NonNull PackageParser.Package pkg, @NonNull int[] userIds,
@NonNull String[] grantedPermissions, int callingUid,
@Nullable PermissionCallback callback);
public abstract void revokeRuntimePermission(@NonNull String permName,
@NonNull String packageName, boolean overridePolicy, int callingUid, int userId,
@Nullable PermissionCallback callback);
public abstract void updatePermissions(@Nullable String packageName,
@Nullable PackageParser.Package pkg, boolean replaceGrant,
@NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback);
public abstract void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdated,
@NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback);
/**
* We might auto-grant permissions if any permission of the group is already granted. Hence if
* the group of a granted permission changes we need to revoke it to avoid having permissions of
* the new group auto-granted.
*
* @param newPackage The new package that was installed
* @param oldPackage The old package that was updated
* @param allPackageNames All packages
* @param permissionCallback Callback for permission changed
*/
public abstract void revokeRuntimePermissionsIfGroupChanged(
@NonNull PackageParser.Package newPackage,
@NonNull PackageParser.Package oldPackage,
@NonNull ArrayList<String> allPackageNames,
@NonNull PermissionCallback permissionCallback);
/**
* Add all permissions in the given package.
* <p>
* NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to
* the permission settings.
*/
public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty);
public abstract void addAllPermissionGroups(@NonNull PackageParser.Package pkg, boolean chatty);
public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty);
public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async,
int callingUid, @Nullable PermissionCallback callback);
public abstract void removeDynamicPermission(@NonNull String permName, int callingUid,
@Nullable PermissionCallback callback);
public abstract @Nullable String[] getAppOpPermissionPackages(@NonNull String permName);
public abstract int getPermissionFlags(@NonNull String permName,
@NonNull String packageName, int callingUid, int userId);
/**
* Retrieve all of the information we know about a particular group of permissions.
*/
public abstract @Nullable PermissionGroupInfo getPermissionGroupInfo(
@NonNull String groupName, int flags, int callingUid);
/**
* Retrieve all of the known permission groups in the system.
*/
public abstract @Nullable List<PermissionGroupInfo> getAllPermissionGroups(int flags,
int callingUid);
/**
* Retrieve all of the information we know about a particular permission.
*/
public abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permName,
@NonNull String packageName, @PermissionInfoFlags int flags, int callingUid);
/**
* Retrieve all of the permissions associated with a particular group.
*/
public abstract @Nullable List<PermissionInfo> getPermissionInfoByGroup(@NonNull String group,
@PermissionInfoFlags int flags, int callingUid);
/**
* Updates the flags associated with a permission by replacing the flags in
* the specified mask with the provided flag values.
*/
public abstract void updatePermissionFlags(@NonNull String permName,
@NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId,
@Nullable PermissionCallback callback);
/**
* Updates the flags for all applications by replacing the flags in the specified mask
* with the provided flag values.
*/
public abstract boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues,
int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages,
@Nullable PermissionCallback callback);
public abstract int checkPermission(@NonNull String permName, @NonNull String packageName,
int callingUid, int userId);
public abstract int checkUidPermission(@NonNull String permName,
@Nullable PackageParser.Package pkg, int uid, int callingUid);
/**
* Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS
* or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller.
* @param checkShell whether to prevent shell from access if there's a debugging restriction
* @param message the message to log on security exception
*/
public abstract void enforceCrossUserPermission(int callingUid, int userId,
boolean requireFullPermission, boolean checkShell, @NonNull String message);
/**
* @see #enforceCrossUserPermission(int, int, boolean, boolean, String)
* @param requirePermissionWhenSameUser When {@code true}, still require the cross user
* permission to be held even if the callingUid and userId reference the same user.
*/
public abstract void enforceCrossUserPermission(int callingUid, int userId,
boolean requireFullPermission, boolean checkShell,
boolean requirePermissionWhenSameUser, @NonNull String message);
public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message);
public abstract @NonNull PermissionSettings getPermissionSettings();
public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy();
/** HACK HACK methods to allow for partial migration of data to the PermissionManager class */
public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName);
}