1/*
2** Copyright 2013, The Android Open Source Project
3**
4** Licensed under the Apache License, Version 2.0 (the "License");
5** you may not use this file except in compliance with the License.
6** You may obtain a copy of the License at
7**
8**     http://www.apache.org/licenses/LICENSE-2.0
9**
10** Unless required by applicable law or agreed to in writing, software
11** distributed under the License is distributed on an "AS IS" BASIS,
12** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13** See the License for the specific language governing permissions and
14** limitations under the License.
15*/
16
17package com.android.packageinstaller;
18
19import android.app.Activity;
20import android.content.Context;
21import android.content.pm.PackageInfo;
22import android.content.pm.PackageManager;
23import android.content.pm.PackageManager.NameNotFoundException;
24import android.content.pm.PermissionInfo;
25import android.os.Bundle;
26import android.support.v4.view.ViewPager;
27import android.view.LayoutInflater;
28import android.view.View;
29import android.view.View.OnClickListener;
30import android.view.ViewGroup;
31import android.widget.AppSecurityPermissions;
32import android.widget.Button;
33import android.widget.TabHost;
34import android.widget.TextView;
35
36import java.util.ArrayList;
37import java.util.List;
38
39/*
40 * The activity which is responsible for asking the user to grant permissions
41 * to applications.
42 */
43public class GrantActivity extends Activity implements OnClickListener {
44    private Button mOk;
45    private Button mCancel;
46    private PackageManager mPm;
47    private String mRequestingPackage;
48    private String[] requested_permissions;
49
50    @Override
51    public void onCreate(Bundle icicle) {
52        super.onCreate(icicle);
53        mPm = getPackageManager();
54        mRequestingPackage = this.getCallingPackage();
55
56        requested_permissions = getRequestedPermissions();
57        if (requested_permissions.length == 0) {
58            // The grant request was empty. Return success
59            setResult(RESULT_OK);
60            finish();
61            return;
62        }
63
64        PackageInfo pkgInfo = getUpdatedPackageInfo();
65        AppSecurityPermissions perms = new AppSecurityPermissions(this, pkgInfo);
66        if (perms.getPermissionCount(AppSecurityPermissions.WHICH_NEW) == 0) {
67            // The updated permissions dialog said there are no new permissions.
68            // This should never occur if requested_permissions.length > 0,
69            // but we check for it anyway, just in case.
70            setResult(RESULT_OK);
71            finish();
72            return;
73        }
74
75        setContentView(R.layout.install_start);
76        ((TextView)findViewById(R.id.install_confirm_question)).setText(R.string.grant_confirm_question);
77        PackageUtil.AppSnippet as = new PackageUtil.AppSnippet(mPm.getApplicationLabel(pkgInfo.applicationInfo),
78                mPm.getApplicationIcon(pkgInfo.applicationInfo));
79        PackageUtil.initSnippetForNewApp(this, as, R.id.app_snippet);
80        mOk = (Button)findViewById(R.id.ok_button);
81        mOk.setText(R.string.ok);
82        mCancel = (Button)findViewById(R.id.cancel_button);
83        mOk.setOnClickListener(this);
84        mCancel.setOnClickListener(this);
85
86        TabHost tabHost = (TabHost)findViewById(android.R.id.tabhost);
87        tabHost.setup();
88        ViewPager viewPager = (ViewPager) findViewById(R.id.pager);
89        TabsAdapter adapter = new TabsAdapter(this, tabHost, viewPager);
90
91        View newTab = perms.getPermissionsView(AppSecurityPermissions.WHICH_NEW);
92        View allTab = getPermissionList(perms);
93
94        adapter.addTab(tabHost.newTabSpec("new").setIndicator(
95                getText(R.string.newPerms)), newTab);
96        adapter.addTab(tabHost.newTabSpec("all").setIndicator(
97                getText(R.string.allPerms)), allTab);
98    }
99
100    /**
101     * Returns a PackageInfo object representing the results of adding all the permissions
102     * in {@code requested_permissions} to {@code mRequestingPackage}. This is the package
103     * permissions the user will have if they accept the grant request.
104     */
105    private PackageInfo getUpdatedPackageInfo() {
106        try {
107            PackageInfo pkgInfo = mPm.getPackageInfo(mRequestingPackage, PackageManager.GET_PERMISSIONS);
108            for (int i = 0; i < pkgInfo.requestedPermissions.length; i++) {
109                for (String requested_permission : requested_permissions) {
110                    if (requested_permission.equals(pkgInfo.requestedPermissions[i])) {
111                        pkgInfo.requestedPermissionsFlags[i] |= PackageInfo.REQUESTED_PERMISSION_GRANTED;
112                    }
113                }
114            }
115
116            return pkgInfo;
117        } catch (NameNotFoundException e) {
118            throw new RuntimeException(e); // will never occur
119        }
120    }
121
122    private View getPermissionList(AppSecurityPermissions perms) {
123        LayoutInflater inflater = (LayoutInflater)getSystemService(Context.LAYOUT_INFLATER_SERVICE);
124        View root = inflater.inflate(R.layout.permissions_list, null);
125        View personalPermissions = perms.getPermissionsView(AppSecurityPermissions.WHICH_PERSONAL);
126        View devicePermissions = perms.getPermissionsView(AppSecurityPermissions.WHICH_DEVICE);
127
128        ((ViewGroup)root.findViewById(R.id.privacylist)).addView(personalPermissions);
129        ((ViewGroup)root.findViewById(R.id.devicelist)).addView(devicePermissions);
130
131        return root;
132    }
133
134    /**
135     * Return an array of permissions requested by the caller, filtered to exclude
136     * irrelevant or otherwise malicious permission requests from untrusted callers.
137     */
138    private String[] getRequestedPermissions() {
139        String[] permissions = getIntent()
140                .getStringArrayExtra(PackageManager.EXTRA_REQUEST_PERMISSION_PERMISSION_LIST);
141        if (permissions == null) {
142            return new String[0];
143        }
144        permissions = keepNormalDangerousPermissions(permissions);
145        permissions = keepRequestingPackagePermissions(permissions);
146        return permissions;
147
148    }
149
150    /**
151     * Remove any permissions in {@code permissions} which are not present
152     * in {@code mRequestingPackage} and return the result. We also filter out
153     * permissions which are required by {@code mRequestingPackage}, and permissions
154     * which have already been granted to {@code mRequestingPackage}, as those permissions
155     * are useless to change.
156     */
157    private String[] keepRequestingPackagePermissions(String[] permissions) {
158        List<String> result = new ArrayList<String>();
159        try {
160            PackageInfo pkgInfo = mPm.getPackageInfo(mRequestingPackage, PackageManager.GET_PERMISSIONS);
161            if (pkgInfo.requestedPermissions == null) {
162                return new String[0];
163            }
164            for (int i = 0; i < pkgInfo.requestedPermissions.length; i++) {
165                for (String permission : permissions) {
166                    final boolean isRequired =
167                            ((pkgInfo.requestedPermissionsFlags[i]
168                                    & PackageInfo.REQUESTED_PERMISSION_REQUIRED) != 0);
169                    final boolean isGranted =
170                            ((pkgInfo.requestedPermissionsFlags[i]
171                                    & PackageInfo.REQUESTED_PERMISSION_GRANTED) != 0);
172
173                    /*
174                     * We ignore required permissions, and permissions which have already
175                     * been granted, as it's useless to grant those permissions.
176                     */
177                    if (permission.equals(pkgInfo.requestedPermissions[i])
178                            && !isRequired && !isGranted) {
179                        result.add(permission);
180                        break;
181                    }
182                }
183            }
184        } catch (NameNotFoundException e) {
185            throw new RuntimeException(e); // should never happen
186        }
187        return result.toArray(new String[result.size()]);
188    }
189
190    /**
191     * Filter the permissions in {@code permissions}, keeping only the NORMAL or DANGEROUS
192     * permissions.
193     *
194     * @param permissions the permissions to filter
195     * @return A subset of {@code permissions} with only the
196     *     NORMAL or DANGEROUS permissions kept
197     */
198    private String[] keepNormalDangerousPermissions(String[] permissions) {
199        List<String> result = new ArrayList<String>();
200        for (String permission : permissions) {
201            try {
202                PermissionInfo pInfo = mPm.getPermissionInfo(permission, 0);
203                final int base = pInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE;
204                if ((base != PermissionInfo.PROTECTION_NORMAL)
205                        && (base != PermissionInfo.PROTECTION_DANGEROUS)) {
206                    continue;
207                }
208                result.add(permission);
209            } catch (NameNotFoundException e) {
210                // ignore
211            }
212        }
213        return result.toArray(new String[result.size()]);
214    }
215
216    @Override
217    public void onClick(View v) {
218        if (v == mOk) {
219            for (String permission : requested_permissions) {
220                mPm.grantPermission(mRequestingPackage, permission);
221            }
222            setResult(RESULT_OK);
223        }
224        if (v == mCancel) {
225            setResult(RESULT_CANCELED);
226        }
227        finish();
228    }
229}
230