PermissionManagerInternal.java revision c842393bc55509b094d3a71f164fcdbadf5c7997 
1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
19import android.annotation.NonNull;
20import android.annotation.Nullable;
21import android.content.pm.PackageParser;
22import android.content.pm.PermissionInfo;
23import android.content.pm.PackageManager.NameNotFoundException;
24import android.content.pm.PackageManager.PermissionInfoFlags;
25import android.content.pm.PackageParser.Permission;
26
27import com.android.server.pm.SharedUserSetting;
28import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;
29
30import java.util.Collection;
31import java.util.Iterator;
32import java.util.List;
33import java.util.Map;
34import java.util.Set;
35
36/**
37 * Internal interfaces to be used by other components within the system server.
38 */
39public abstract class PermissionManagerInternal {
40    /**
41     * Callbacks invoked when interesting actions have been taken on a permission.
42     * <p>
43     * NOTE: The current arguments are merely to support the existing use cases. This
44     * needs to be properly thought out with appropriate arguments for each of the
45     * callback methods.
46     */
47    public static class PermissionCallback {
48        public void onGidsChanged(int appId, int userId) {
49        }
50        public void onPermissionChanged() {
51        }
52        public void onPermissionGranted(int uid, int userId) {
53        }
54        public void onInstallPermissionGranted() {
55        }
56        public void onPermissionRevoked(int uid, int userId) {
57        }
58        public void onInstallPermissionRevoked() {
59        }
60        public void onPermissionUpdated(int userId) {
61        }
62        public void onPermissionRemoved() {
63        }
64        public void onInstallPermissionUpdated() {
65        }
66    }
67
68    public abstract void grantRuntimePermission(
69            @NonNull String permName, @NonNull String packageName, boolean overridePolicy,
70            int callingUid, int userId, @Nullable PermissionCallback callback);
71    public abstract void grantRuntimePermissionsGrantedToDisabledPackage(
72            @NonNull PackageParser.Package pkg, int callingUid,
73            @Nullable PermissionCallback callback);
74    public abstract void grantRequestedRuntimePermissions(
75            @NonNull PackageParser.Package pkg, @NonNull int[] userIds,
76            @NonNull String[] grantedPermissions, int callingUid,
77            @Nullable PermissionCallback callback);
78    public abstract void revokeRuntimePermission(@NonNull String permName,
79            @NonNull String packageName, boolean overridePolicy, int callingUid, int userId,
80            @Nullable PermissionCallback callback);
81    public abstract int[] revokeUnusedSharedUserPermissions(@NonNull SharedUserSetting suSetting,
82            @NonNull int[] allUserIds);
83
84
85    /**
86     * Add all permissions in the given package.
87     * <p>
88     * NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to
89     * the permission settings.
90     */
91    public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty);
92    public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty);
93    public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async,
94            int callingUid, @Nullable PermissionCallback callback);
95    public abstract void removeDynamicPermission(@NonNull String permName, int callingUid,
96            @Nullable PermissionCallback callback);
97
98    public abstract int updatePermissions(@Nullable String changingPkg,
99            @Nullable PackageParser.Package pkgInfo, int flags);
100    public abstract int updatePermissionTrees(@Nullable String changingPkg,
101            @Nullable PackageParser.Package pkgInfo, int flags);
102
103    public abstract @Nullable String[] getAppOpPermissionPackages(@NonNull String permName);
104
105    public abstract int getPermissionFlags(@NonNull String permName,
106            @NonNull String packageName, int callingUid, int userId);
107    /**
108     * Retrieve all of the information we know about a particular permission.
109     */
110    public abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permName,
111            @NonNull String packageName, @PermissionInfoFlags int flags, int callingUid);
112    /**
113     * Retrieve all of the permissions associated with a particular group.
114     */
115    public abstract @Nullable List<PermissionInfo> getPermissionInfoByGroup(@NonNull String group,
116            @PermissionInfoFlags int flags, int callingUid);
117
118    /**
119     * Updates the flags associated with a permission by replacing the flags in
120     * the specified mask with the provided flag values.
121     */
122    public abstract void updatePermissionFlags(@NonNull String permName,
123            @NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId,
124            @Nullable PermissionCallback callback);
125    /**
126     * Updates the flags for all applications by replacing the flags in the specified mask
127     * with the provided flag values.
128     */
129    public abstract boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues,
130            int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages,
131            @Nullable PermissionCallback callback);
132
133    public abstract int checkPermission(@NonNull String permName, @NonNull String packageName,
134            int callingUid, int userId);
135
136    /**
137     * Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS
138     * or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller.
139     * @param checkShell whether to prevent shell from access if there's a debugging restriction
140     * @param message the message to log on security exception
141     */
142    public abstract void enforceCrossUserPermission(int callingUid, int userId,
143            boolean requireFullPermission, boolean checkShell, @NonNull String message);
144    public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message);
145
146    public abstract @NonNull PermissionSettings getPermissionSettings();
147    public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy();
148
149    /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */
150    public abstract Iterator<BasePermission> getPermissionIteratorTEMP();
151    public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName);
152    public abstract void putPermissionTEMP(@NonNull String permName,
153            @NonNull BasePermission permission);
154}