PermissionManagerInternal.java revision c842393bc55509b094d3a71f164fcdbadf5c7997
1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import android.annotation.NonNull; 20import android.annotation.Nullable; 21import android.content.pm.PackageParser; 22import android.content.pm.PermissionInfo; 23import android.content.pm.PackageManager.NameNotFoundException; 24import android.content.pm.PackageManager.PermissionInfoFlags; 25import android.content.pm.PackageParser.Permission; 26 27import com.android.server.pm.SharedUserSetting; 28import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback; 29 30import java.util.Collection; 31import java.util.Iterator; 32import java.util.List; 33import java.util.Map; 34import java.util.Set; 35 36/** 37 * Internal interfaces to be used by other components within the system server. 38 */ 39public abstract class PermissionManagerInternal { 40 /** 41 * Callbacks invoked when interesting actions have been taken on a permission. 42 * <p> 43 * NOTE: The current arguments are merely to support the existing use cases. This 44 * needs to be properly thought out with appropriate arguments for each of the 45 * callback methods. 46 */ 47 public static class PermissionCallback { 48 public void onGidsChanged(int appId, int userId) { 49 } 50 public void onPermissionChanged() { 51 } 52 public void onPermissionGranted(int uid, int userId) { 53 } 54 public void onInstallPermissionGranted() { 55 } 56 public void onPermissionRevoked(int uid, int userId) { 57 } 58 public void onInstallPermissionRevoked() { 59 } 60 public void onPermissionUpdated(int userId) { 61 } 62 public void onPermissionRemoved() { 63 } 64 public void onInstallPermissionUpdated() { 65 } 66 } 67 68 public abstract void grantRuntimePermission( 69 @NonNull String permName, @NonNull String packageName, boolean overridePolicy, 70 int callingUid, int userId, @Nullable PermissionCallback callback); 71 public abstract void grantRuntimePermissionsGrantedToDisabledPackage( 72 @NonNull PackageParser.Package pkg, int callingUid, 73 @Nullable PermissionCallback callback); 74 public abstract void grantRequestedRuntimePermissions( 75 @NonNull PackageParser.Package pkg, @NonNull int[] userIds, 76 @NonNull String[] grantedPermissions, int callingUid, 77 @Nullable PermissionCallback callback); 78 public abstract void revokeRuntimePermission(@NonNull String permName, 79 @NonNull String packageName, boolean overridePolicy, int callingUid, int userId, 80 @Nullable PermissionCallback callback); 81 public abstract int[] revokeUnusedSharedUserPermissions(@NonNull SharedUserSetting suSetting, 82 @NonNull int[] allUserIds); 83 84 85 /** 86 * Add all permissions in the given package. 87 * <p> 88 * NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to 89 * the permission settings. 90 */ 91 public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); 92 public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); 93 public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async, 94 int callingUid, @Nullable PermissionCallback callback); 95 public abstract void removeDynamicPermission(@NonNull String permName, int callingUid, 96 @Nullable PermissionCallback callback); 97 98 public abstract int updatePermissions(@Nullable String changingPkg, 99 @Nullable PackageParser.Package pkgInfo, int flags); 100 public abstract int updatePermissionTrees(@Nullable String changingPkg, 101 @Nullable PackageParser.Package pkgInfo, int flags); 102 103 public abstract @Nullable String[] getAppOpPermissionPackages(@NonNull String permName); 104 105 public abstract int getPermissionFlags(@NonNull String permName, 106 @NonNull String packageName, int callingUid, int userId); 107 /** 108 * Retrieve all of the information we know about a particular permission. 109 */ 110 public abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permName, 111 @NonNull String packageName, @PermissionInfoFlags int flags, int callingUid); 112 /** 113 * Retrieve all of the permissions associated with a particular group. 114 */ 115 public abstract @Nullable List<PermissionInfo> getPermissionInfoByGroup(@NonNull String group, 116 @PermissionInfoFlags int flags, int callingUid); 117 118 /** 119 * Updates the flags associated with a permission by replacing the flags in 120 * the specified mask with the provided flag values. 121 */ 122 public abstract void updatePermissionFlags(@NonNull String permName, 123 @NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId, 124 @Nullable PermissionCallback callback); 125 /** 126 * Updates the flags for all applications by replacing the flags in the specified mask 127 * with the provided flag values. 128 */ 129 public abstract boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, 130 int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages, 131 @Nullable PermissionCallback callback); 132 133 public abstract int checkPermission(@NonNull String permName, @NonNull String packageName, 134 int callingUid, int userId); 135 136 /** 137 * Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS 138 * or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller. 139 * @param checkShell whether to prevent shell from access if there's a debugging restriction 140 * @param message the message to log on security exception 141 */ 142 public abstract void enforceCrossUserPermission(int callingUid, int userId, 143 boolean requireFullPermission, boolean checkShell, @NonNull String message); 144 public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message); 145 146 public abstract @NonNull PermissionSettings getPermissionSettings(); 147 public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy(); 148 149 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ 150 public abstract Iterator<BasePermission> getPermissionIteratorTEMP(); 151 public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName); 152 public abstract void putPermissionTEMP(@NonNull String permName, 153 @NonNull BasePermission permission); 154}