PermissionManagerInternal.java revision c29b11a5f65829dc87b5f234c4d3c1fff7ef5a36
1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import android.annotation.NonNull; 20import android.annotation.Nullable; 21import android.content.pm.PackageParser; 22import android.content.pm.PermissionGroupInfo; 23import android.content.pm.PermissionInfo; 24import android.content.pm.PackageManager.NameNotFoundException; 25import android.content.pm.PackageManager.PermissionInfoFlags; 26import android.content.pm.PackageParser.Permission; 27 28import com.android.server.pm.SharedUserSetting; 29import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback; 30 31import java.util.Collection; 32import java.util.Iterator; 33import java.util.List; 34import java.util.Map; 35import java.util.Set; 36 37/** 38 * Internal interfaces to be used by other components within the system server. 39 */ 40public abstract class PermissionManagerInternal { 41 /** 42 * Callbacks invoked when interesting actions have been taken on a permission. 43 * <p> 44 * NOTE: The current arguments are merely to support the existing use cases. This 45 * needs to be properly thought out with appropriate arguments for each of the 46 * callback methods. 47 */ 48 public static class PermissionCallback { 49 public void onGidsChanged(int appId, int userId) { 50 } 51 public void onPermissionChanged() { 52 } 53 public void onPermissionGranted(int uid, int userId) { 54 } 55 public void onInstallPermissionGranted() { 56 } 57 public void onPermissionRevoked(int uid, int userId) { 58 } 59 public void onInstallPermissionRevoked() { 60 } 61 public void onPermissionUpdated(int[] updatedUserIds, boolean sync) { 62 } 63 public void onPermissionRemoved() { 64 } 65 public void onInstallPermissionUpdated() { 66 } 67 } 68 69 public abstract void systemReady(); 70 71 public abstract boolean isPermissionsReviewRequired(PackageParser.Package pkg, int userId); 72 73 public abstract void grantRuntimePermission( 74 @NonNull String permName, @NonNull String packageName, boolean overridePolicy, 75 int callingUid, int userId, @Nullable PermissionCallback callback); 76 public abstract void grantRuntimePermissionsGrantedToDisabledPackage( 77 @NonNull PackageParser.Package pkg, int callingUid, 78 @Nullable PermissionCallback callback); 79 public abstract void grantRequestedRuntimePermissions( 80 @NonNull PackageParser.Package pkg, @NonNull int[] userIds, 81 @NonNull String[] grantedPermissions, int callingUid, 82 @Nullable PermissionCallback callback); 83 public abstract void revokeRuntimePermission(@NonNull String permName, 84 @NonNull String packageName, boolean overridePolicy, int callingUid, int userId, 85 @Nullable PermissionCallback callback); 86 87 public abstract void updatePermissions(@Nullable String packageName, 88 @Nullable PackageParser.Package pkg, boolean replaceGrant, 89 @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback); 90 public abstract void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdated, 91 @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback); 92 93 /** 94 * Add all permissions in the given package. 95 * <p> 96 * NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to 97 * the permission settings. 98 */ 99 public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); 100 public abstract void addAllPermissionGroups(@NonNull PackageParser.Package pkg, boolean chatty); 101 public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); 102 public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async, 103 int callingUid, @Nullable PermissionCallback callback); 104 public abstract void removeDynamicPermission(@NonNull String permName, int callingUid, 105 @Nullable PermissionCallback callback); 106 107 public abstract @Nullable String[] getAppOpPermissionPackages(@NonNull String permName); 108 109 public abstract int getPermissionFlags(@NonNull String permName, 110 @NonNull String packageName, int callingUid, int userId); 111 /** 112 * Retrieve all of the information we know about a particular group of permissions. 113 */ 114 public abstract @Nullable PermissionGroupInfo getPermissionGroupInfo( 115 @NonNull String groupName, int flags, int callingUid); 116 /** 117 * Retrieve all of the known permission groups in the system. 118 */ 119 public abstract @Nullable List<PermissionGroupInfo> getAllPermissionGroups(int flags, 120 int callingUid); 121 /** 122 * Retrieve all of the information we know about a particular permission. 123 */ 124 public abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permName, 125 @NonNull String packageName, @PermissionInfoFlags int flags, int callingUid); 126 /** 127 * Retrieve all of the permissions associated with a particular group. 128 */ 129 public abstract @Nullable List<PermissionInfo> getPermissionInfoByGroup(@NonNull String group, 130 @PermissionInfoFlags int flags, int callingUid); 131 132 /** 133 * Updates the flags associated with a permission by replacing the flags in 134 * the specified mask with the provided flag values. 135 */ 136 public abstract void updatePermissionFlags(@NonNull String permName, 137 @NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId, 138 @Nullable PermissionCallback callback); 139 /** 140 * Updates the flags for all applications by replacing the flags in the specified mask 141 * with the provided flag values. 142 */ 143 public abstract boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, 144 int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages, 145 @Nullable PermissionCallback callback); 146 147 public abstract int checkPermission(@NonNull String permName, @NonNull String packageName, 148 int callingUid, int userId); 149 public abstract int checkUidPermission(String permName, int uid, int callingUid); 150 151 /** 152 * Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS 153 * or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller. 154 * @param checkShell whether to prevent shell from access if there's a debugging restriction 155 * @param message the message to log on security exception 156 */ 157 public abstract void enforceCrossUserPermission(int callingUid, int userId, 158 boolean requireFullPermission, boolean checkShell, @NonNull String message); 159 public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message); 160 161 public abstract @NonNull PermissionSettings getPermissionSettings(); 162 public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy(); 163 164 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ 165 public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName); 166}