BasePermission.java revision 002fdbdb950ebbf40331a27de33b80db33e40d30
1/* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import static android.Manifest.permission.READ_EXTERNAL_STORAGE; 20import static android.content.pm.PermissionInfo.PROTECTION_DANGEROUS; 21import static android.content.pm.PermissionInfo.PROTECTION_NORMAL; 22import static android.content.pm.PermissionInfo.PROTECTION_SIGNATURE; 23import static android.content.pm.PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM; 24 25import static com.android.server.pm.Settings.ATTR_NAME; 26import static com.android.server.pm.Settings.ATTR_PACKAGE; 27import static com.android.server.pm.Settings.TAG_ITEM; 28 29import android.annotation.IntDef; 30import android.annotation.NonNull; 31import android.annotation.Nullable; 32import android.content.pm.PackageParser; 33import android.content.pm.PackageParser.Permission; 34import android.content.pm.PermissionInfo; 35import android.content.pm.Signature; 36import android.os.UserHandle; 37import android.util.Log; 38import android.util.Slog; 39 40import com.android.server.pm.DumpState; 41import com.android.server.pm.PackageManagerService; 42import com.android.server.pm.PackageSettingBase; 43 44import org.xmlpull.v1.XmlPullParser; 45import org.xmlpull.v1.XmlSerializer; 46 47import java.io.IOException; 48import java.io.PrintWriter; 49import java.lang.annotation.Retention; 50import java.lang.annotation.RetentionPolicy; 51import java.util.Arrays; 52import java.util.Collection; 53import java.util.Map; 54import java.util.Objects; 55import java.util.Set; 56 57public final class BasePermission { 58 static final String TAG = "PackageManager"; 59 60 public static final int TYPE_NORMAL = 0; 61 public static final int TYPE_BUILTIN = 1; 62 public static final int TYPE_DYNAMIC = 2; 63 @IntDef(value = { 64 TYPE_NORMAL, 65 TYPE_BUILTIN, 66 TYPE_DYNAMIC, 67 }) 68 @Retention(RetentionPolicy.SOURCE) 69 public @interface PermissionType {} 70 71 @IntDef(value = { 72 PROTECTION_DANGEROUS, 73 PROTECTION_NORMAL, 74 PROTECTION_SIGNATURE, 75 PROTECTION_SIGNATURE_OR_SYSTEM, 76 }) 77 @Retention(RetentionPolicy.SOURCE) 78 public @interface ProtectionLevel {} 79 80 final String name; 81 82 final @PermissionType int type; 83 84 String sourcePackageName; 85 86 // TODO: Can we get rid of this? Seems we only use some signature info from the setting 87 PackageSettingBase sourcePackageSetting; 88 89 int protectionLevel; 90 91 PackageParser.Permission perm; 92 93 PermissionInfo pendingPermissionInfo; 94 95 /** UID that owns the definition of this permission */ 96 int uid; 97 98 /** Additional GIDs given to apps granted this permission */ 99 private int[] gids; 100 101 /** 102 * Flag indicating that {@link #gids} should be adjusted based on the 103 * {@link UserHandle} the granted app is running as. 104 */ 105 private boolean perUser; 106 107 public BasePermission(String _name, String _sourcePackageName, @PermissionType int _type) { 108 name = _name; 109 sourcePackageName = _sourcePackageName; 110 type = _type; 111 // Default to most conservative protection level. 112 protectionLevel = PermissionInfo.PROTECTION_SIGNATURE; 113 } 114 115 @Override 116 public String toString() { 117 return "BasePermission{" + Integer.toHexString(System.identityHashCode(this)) + " " + name 118 + "}"; 119 } 120 121 public String getName() { 122 return name; 123 } 124 public int getProtectionLevel() { 125 return protectionLevel; 126 } 127 public String getSourcePackageName() { 128 return sourcePackageName; 129 } 130 public PackageSettingBase getSourcePackageSetting() { 131 return sourcePackageSetting; 132 } 133 public Signature[] getSourceSignatures() { 134 return sourcePackageSetting.getSignatures(); 135 } 136 public int getType() { 137 return type; 138 } 139 public int getUid() { 140 return uid; 141 } 142 public void setGids(int[] gids, boolean perUser) { 143 this.gids = gids; 144 this.perUser = perUser; 145 } 146 public void setPermission(@Nullable Permission perm) { 147 this.perm = perm; 148 } 149 public void setSourcePackageSetting(PackageSettingBase sourcePackageSetting) { 150 this.sourcePackageSetting = sourcePackageSetting; 151 } 152 153 public int[] computeGids(int userId) { 154 if (perUser) { 155 final int[] userGids = new int[gids.length]; 156 for (int i = 0; i < gids.length; i++) { 157 userGids[i] = UserHandle.getUid(userId, gids[i]); 158 } 159 return userGids; 160 } else { 161 return gids; 162 } 163 } 164 165 public int calculateFootprint(BasePermission perm) { 166 if (uid == perm.uid) { 167 return perm.name.length() + perm.perm.info.calculateFootprint(); 168 } 169 return 0; 170 } 171 172 public boolean isPermission(Permission perm) { 173 return this.perm == perm; 174 } 175 176 public boolean isDynamic() { 177 return type == TYPE_DYNAMIC; 178 } 179 180 181 public boolean isNormal() { 182 return (protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 183 == PermissionInfo.PROTECTION_NORMAL; 184 } 185 public boolean isRuntime() { 186 return (protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 187 == PermissionInfo.PROTECTION_DANGEROUS; 188 } 189 public boolean isSignature() { 190 return (protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) == 191 PermissionInfo.PROTECTION_SIGNATURE; 192 } 193 194 public boolean isAppOp() { 195 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_APPOP) != 0; 196 } 197 public boolean isDevelopment() { 198 return isSignature() 199 && (protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0; 200 } 201 public boolean isInstaller() { 202 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTALLER) != 0; 203 } 204 public boolean isInstant() { 205 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTANT) != 0; 206 } 207 public boolean isOEM() { 208 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_OEM) != 0; 209 } 210 public boolean isPre23() { 211 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) != 0; 212 } 213 public boolean isPreInstalled() { 214 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0; 215 } 216 public boolean isPrivileged() { 217 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0; 218 } 219 public boolean isRuntimeOnly() { 220 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) != 0; 221 } 222 public boolean isSetup() { 223 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_SETUP) != 0; 224 } 225 public boolean isVerifier() { 226 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_VERIFIER) != 0; 227 } 228 public boolean isVendorPrivileged() { 229 return (protectionLevel & PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED) != 0; 230 } 231 232 public void transfer(@NonNull String origPackageName, @NonNull String newPackageName) { 233 if (!origPackageName.equals(sourcePackageName)) { 234 return; 235 } 236 sourcePackageName = newPackageName; 237 sourcePackageSetting = null; 238 perm = null; 239 if (pendingPermissionInfo != null) { 240 pendingPermissionInfo.packageName = newPackageName; 241 } 242 uid = 0; 243 setGids(null, false); 244 } 245 246 public boolean addToTree(@ProtectionLevel int protectionLevel, 247 @NonNull PermissionInfo info, @NonNull BasePermission tree) { 248 final boolean changed = 249 (this.protectionLevel != protectionLevel 250 || perm == null 251 || uid != tree.uid 252 || !perm.owner.equals(tree.perm.owner) 253 || !comparePermissionInfos(perm.info, info)); 254 this.protectionLevel = protectionLevel; 255 info = new PermissionInfo(info); 256 info.protectionLevel = protectionLevel; 257 perm = new PackageParser.Permission(tree.perm.owner, info); 258 perm.info.packageName = tree.perm.info.packageName; 259 uid = tree.uid; 260 return changed; 261 } 262 263 public void updateDynamicPermission(Collection<BasePermission> permissionTrees) { 264 if (PackageManagerService.DEBUG_SETTINGS) Log.v(TAG, "Dynamic permission: name=" 265 + getName() + " pkg=" + getSourcePackageName() 266 + " info=" + pendingPermissionInfo); 267 if (sourcePackageSetting == null && pendingPermissionInfo != null) { 268 final BasePermission tree = findPermissionTree(permissionTrees, name); 269 if (tree != null && tree.perm != null) { 270 sourcePackageSetting = tree.sourcePackageSetting; 271 perm = new PackageParser.Permission(tree.perm.owner, 272 new PermissionInfo(pendingPermissionInfo)); 273 perm.info.packageName = tree.perm.info.packageName; 274 perm.info.name = name; 275 uid = tree.uid; 276 } 277 } 278 } 279 280 static BasePermission createOrUpdate(@Nullable BasePermission bp, @NonNull Permission p, 281 @NonNull PackageParser.Package pkg, Collection<BasePermission> permissionTrees, 282 boolean chatty) { 283 final PackageSettingBase pkgSetting = (PackageSettingBase) pkg.mExtras; 284 // Allow system apps to redefine non-system permissions 285 if (bp != null && !Objects.equals(bp.sourcePackageName, p.info.packageName)) { 286 final boolean currentOwnerIsSystem = (bp.perm != null 287 && bp.perm.owner.isSystem()); 288 if (p.owner.isSystem()) { 289 if (bp.type == BasePermission.TYPE_BUILTIN && bp.perm == null) { 290 // It's a built-in permission and no owner, take ownership now 291 bp.sourcePackageSetting = pkgSetting; 292 bp.perm = p; 293 bp.uid = pkg.applicationInfo.uid; 294 bp.sourcePackageName = p.info.packageName; 295 p.info.flags |= PermissionInfo.FLAG_INSTALLED; 296 } else if (!currentOwnerIsSystem) { 297 String msg = "New decl " + p.owner + " of permission " 298 + p.info.name + " is system; overriding " + bp.sourcePackageName; 299 PackageManagerService.reportSettingsProblem(Log.WARN, msg); 300 bp = null; 301 } 302 } 303 } 304 if (bp == null) { 305 bp = new BasePermission(p.info.name, p.info.packageName, TYPE_NORMAL); 306 } 307 StringBuilder r = null; 308 if (bp.perm == null) { 309 if (bp.sourcePackageName == null 310 || bp.sourcePackageName.equals(p.info.packageName)) { 311 final BasePermission tree = findPermissionTree(permissionTrees, p.info.name); 312 if (tree == null 313 || tree.sourcePackageName.equals(p.info.packageName)) { 314 bp.sourcePackageSetting = pkgSetting; 315 bp.perm = p; 316 bp.uid = pkg.applicationInfo.uid; 317 bp.sourcePackageName = p.info.packageName; 318 p.info.flags |= PermissionInfo.FLAG_INSTALLED; 319 if (chatty) { 320 if (r == null) { 321 r = new StringBuilder(256); 322 } else { 323 r.append(' '); 324 } 325 r.append(p.info.name); 326 } 327 } else { 328 Slog.w(TAG, "Permission " + p.info.name + " from package " 329 + p.info.packageName + " ignored: base tree " 330 + tree.name + " is from package " 331 + tree.sourcePackageName); 332 } 333 } else { 334 Slog.w(TAG, "Permission " + p.info.name + " from package " 335 + p.info.packageName + " ignored: original from " 336 + bp.sourcePackageName); 337 } 338 } else if (chatty) { 339 if (r == null) { 340 r = new StringBuilder(256); 341 } else { 342 r.append(' '); 343 } 344 r.append("DUP:"); 345 r.append(p.info.name); 346 } 347 if (bp.perm == p) { 348 bp.protectionLevel = p.info.protectionLevel; 349 } 350 if (PackageManagerService.DEBUG_PACKAGE_SCANNING && r != null) { 351 Log.d(TAG, " Permissions: " + r); 352 } 353 return bp; 354 } 355 356 static BasePermission enforcePermissionTree( 357 Collection<BasePermission> permissionTrees, String permName, int callingUid) { 358 if (permName != null) { 359 BasePermission bp = findPermissionTree(permissionTrees, permName); 360 if (bp != null) { 361 if (bp.uid == UserHandle.getAppId(callingUid)) { 362 return bp; 363 } 364 throw new SecurityException("Calling uid " + callingUid 365 + " is not allowed to add to permission tree " 366 + bp.name + " owned by uid " + bp.uid); 367 } 368 } 369 throw new SecurityException("No permission tree found for " + permName); 370 } 371 372 public void enforceDeclaredUsedAndRuntimeOrDevelopment(PackageParser.Package pkg) { 373 int index = pkg.requestedPermissions.indexOf(name); 374 if (index == -1) { 375 throw new SecurityException("Package " + pkg.packageName 376 + " has not requested permission " + name); 377 } 378 if (!isRuntime() && !isDevelopment()) { 379 throw new SecurityException("Permission " + name 380 + " is not a changeable permission type"); 381 } 382 } 383 384 private static BasePermission findPermissionTree( 385 Collection<BasePermission> permissionTrees, String permName) { 386 for (BasePermission bp : permissionTrees) { 387 if (permName.startsWith(bp.name) && 388 permName.length() > bp.name.length() && 389 permName.charAt(bp.name.length()) == '.') { 390 return bp; 391 } 392 } 393 return null; 394 } 395 396 public @Nullable PermissionInfo generatePermissionInfo(@NonNull String groupName, int flags) { 397 if (groupName == null) { 398 if (perm == null || perm.info.group == null) { 399 return generatePermissionInfo(protectionLevel, flags); 400 } 401 } else { 402 if (perm != null && groupName.equals(perm.info.group)) { 403 return PackageParser.generatePermissionInfo(perm, flags); 404 } 405 } 406 return null; 407 } 408 409 public @NonNull PermissionInfo generatePermissionInfo(int adjustedProtectionLevel, int flags) { 410 final boolean protectionLevelChanged = protectionLevel != adjustedProtectionLevel; 411 // if we return different protection level, don't use the cached info 412 if (perm != null && !protectionLevelChanged) { 413 return PackageParser.generatePermissionInfo(perm, flags); 414 } 415 final PermissionInfo pi = new PermissionInfo(); 416 pi.name = name; 417 pi.packageName = sourcePackageName; 418 pi.nonLocalizedLabel = name; 419 pi.protectionLevel = protectionLevelChanged ? adjustedProtectionLevel : protectionLevel; 420 return pi; 421 } 422 423 public static boolean readLPw(@NonNull Map<String, BasePermission> out, 424 @NonNull XmlPullParser parser) { 425 final String tagName = parser.getName(); 426 if (!tagName.equals(TAG_ITEM)) { 427 return false; 428 } 429 final String name = parser.getAttributeValue(null, ATTR_NAME); 430 final String sourcePackage = parser.getAttributeValue(null, ATTR_PACKAGE); 431 final String ptype = parser.getAttributeValue(null, "type"); 432 if (name == null || sourcePackage == null) { 433 PackageManagerService.reportSettingsProblem(Log.WARN, 434 "Error in package manager settings: permissions has" + " no name at " 435 + parser.getPositionDescription()); 436 return false; 437 } 438 final boolean dynamic = "dynamic".equals(ptype); 439 BasePermission bp = out.get(name); 440 // If the permission is builtin, do not clobber it. 441 if (bp == null || bp.type != TYPE_BUILTIN) { 442 bp = new BasePermission(name.intern(), sourcePackage, 443 dynamic ? TYPE_DYNAMIC : TYPE_NORMAL); 444 } 445 bp.protectionLevel = readInt(parser, null, "protection", 446 PermissionInfo.PROTECTION_NORMAL); 447 bp.protectionLevel = PermissionInfo.fixProtectionLevel(bp.protectionLevel); 448 if (dynamic) { 449 final PermissionInfo pi = new PermissionInfo(); 450 pi.packageName = sourcePackage.intern(); 451 pi.name = name.intern(); 452 pi.icon = readInt(parser, null, "icon", 0); 453 pi.nonLocalizedLabel = parser.getAttributeValue(null, "label"); 454 pi.protectionLevel = bp.protectionLevel; 455 bp.pendingPermissionInfo = pi; 456 } 457 out.put(bp.name, bp); 458 return true; 459 } 460 461 private static int readInt(XmlPullParser parser, String ns, String name, int defValue) { 462 String v = parser.getAttributeValue(ns, name); 463 try { 464 if (v == null) { 465 return defValue; 466 } 467 return Integer.parseInt(v); 468 } catch (NumberFormatException e) { 469 PackageManagerService.reportSettingsProblem(Log.WARN, 470 "Error in package manager settings: attribute " + name 471 + " has bad integer value " + v + " at " 472 + parser.getPositionDescription()); 473 } 474 return defValue; 475 } 476 477 public void writeLPr(@NonNull XmlSerializer serializer) throws IOException { 478 if (sourcePackageName == null) { 479 return; 480 } 481 serializer.startTag(null, TAG_ITEM); 482 serializer.attribute(null, ATTR_NAME, name); 483 serializer.attribute(null, ATTR_PACKAGE, sourcePackageName); 484 if (protectionLevel != PermissionInfo.PROTECTION_NORMAL) { 485 serializer.attribute(null, "protection", Integer.toString(protectionLevel)); 486 } 487 if (type == BasePermission.TYPE_DYNAMIC) { 488 final PermissionInfo pi = perm != null ? perm.info : pendingPermissionInfo; 489 if (pi != null) { 490 serializer.attribute(null, "type", "dynamic"); 491 if (pi.icon != 0) { 492 serializer.attribute(null, "icon", Integer.toString(pi.icon)); 493 } 494 if (pi.nonLocalizedLabel != null) { 495 serializer.attribute(null, "label", pi.nonLocalizedLabel.toString()); 496 } 497 } 498 } 499 serializer.endTag(null, TAG_ITEM); 500 } 501 502 private static boolean compareStrings(CharSequence s1, CharSequence s2) { 503 if (s1 == null) { 504 return s2 == null; 505 } 506 if (s2 == null) { 507 return false; 508 } 509 if (s1.getClass() != s2.getClass()) { 510 return false; 511 } 512 return s1.equals(s2); 513 } 514 515 private static boolean comparePermissionInfos(PermissionInfo pi1, PermissionInfo pi2) { 516 if (pi1.icon != pi2.icon) return false; 517 if (pi1.logo != pi2.logo) return false; 518 if (pi1.protectionLevel != pi2.protectionLevel) return false; 519 if (!compareStrings(pi1.name, pi2.name)) return false; 520 if (!compareStrings(pi1.nonLocalizedLabel, pi2.nonLocalizedLabel)) return false; 521 // We'll take care of setting this one. 522 if (!compareStrings(pi1.packageName, pi2.packageName)) return false; 523 // These are not currently stored in settings. 524 //if (!compareStrings(pi1.group, pi2.group)) return false; 525 //if (!compareStrings(pi1.nonLocalizedDescription, pi2.nonLocalizedDescription)) return false; 526 //if (pi1.labelRes != pi2.labelRes) return false; 527 //if (pi1.descriptionRes != pi2.descriptionRes) return false; 528 return true; 529 } 530 531 public boolean dumpPermissionsLPr(@NonNull PrintWriter pw, @NonNull String packageName, 532 @NonNull Set<String> permissionNames, boolean readEnforced, 533 boolean printedSomething, @NonNull DumpState dumpState) { 534 if (packageName != null && !packageName.equals(sourcePackageName)) { 535 return false; 536 } 537 if (permissionNames != null && !permissionNames.contains(name)) { 538 return false; 539 } 540 if (!printedSomething) { 541 if (dumpState.onTitlePrinted()) 542 pw.println(); 543 pw.println("Permissions:"); 544 printedSomething = true; 545 } 546 pw.print(" Permission ["); pw.print(name); pw.print("] ("); 547 pw.print(Integer.toHexString(System.identityHashCode(this))); 548 pw.println("):"); 549 pw.print(" sourcePackage="); pw.println(sourcePackageName); 550 pw.print(" uid="); pw.print(uid); 551 pw.print(" gids="); pw.print(Arrays.toString( 552 computeGids(UserHandle.USER_SYSTEM))); 553 pw.print(" type="); pw.print(type); 554 pw.print(" prot="); 555 pw.println(PermissionInfo.protectionToString(protectionLevel)); 556 if (perm != null) { 557 pw.print(" perm="); pw.println(perm); 558 if ((perm.info.flags & PermissionInfo.FLAG_INSTALLED) == 0 559 || (perm.info.flags & PermissionInfo.FLAG_REMOVED) != 0) { 560 pw.print(" flags=0x"); pw.println(Integer.toHexString(perm.info.flags)); 561 } 562 } 563 if (sourcePackageSetting != null) { 564 pw.print(" packageSetting="); pw.println(sourcePackageSetting); 565 } 566 if (READ_EXTERNAL_STORAGE.equals(name)) { 567 pw.print(" enforced="); 568 pw.println(readEnforced); 569 } 570 return true; 571 } 572} 573