PermissionManagerInternal.java revision fae8a528f1d4a103c644b9d7da6eff3d55cd0b67
1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import android.annotation.NonNull; 20import android.annotation.Nullable; 21import android.content.pm.PackageParser; 22import android.content.pm.PermissionGroupInfo; 23import android.content.pm.PermissionInfo; 24import android.content.pm.PackageManager.NameNotFoundException; 25import android.content.pm.PackageManager.PermissionInfoFlags; 26import android.content.pm.PackageParser.Permission; 27 28import com.android.server.pm.SharedUserSetting; 29import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback; 30 31import java.util.ArrayList; 32import java.util.Collection; 33import java.util.Iterator; 34import java.util.List; 35import java.util.Map; 36import java.util.Set; 37 38/** 39 * Internal interfaces to be used by other components within the system server. 40 */ 41public abstract class PermissionManagerInternal { 42 /** 43 * Callbacks invoked when interesting actions have been taken on a permission. 44 * <p> 45 * NOTE: The current arguments are merely to support the existing use cases. This 46 * needs to be properly thought out with appropriate arguments for each of the 47 * callback methods. 48 */ 49 public static class PermissionCallback { 50 public void onGidsChanged(int appId, int userId) { 51 } 52 public void onPermissionChanged() { 53 } 54 public void onPermissionGranted(int uid, int userId) { 55 } 56 public void onInstallPermissionGranted() { 57 } 58 public void onPermissionRevoked(int uid, int userId) { 59 } 60 public void onInstallPermissionRevoked() { 61 } 62 public void onPermissionUpdated(int[] updatedUserIds, boolean sync) { 63 } 64 public void onPermissionRemoved() { 65 } 66 public void onInstallPermissionUpdated() { 67 } 68 } 69 70 public abstract void systemReady(); 71 72 public abstract boolean isPermissionsReviewRequired(PackageParser.Package pkg, int userId); 73 74 public abstract void grantRuntimePermission( 75 @NonNull String permName, @NonNull String packageName, boolean overridePolicy, 76 int callingUid, int userId, @Nullable PermissionCallback callback); 77 public abstract void grantRuntimePermissionsGrantedToDisabledPackage( 78 @NonNull PackageParser.Package pkg, int callingUid, 79 @Nullable PermissionCallback callback); 80 public abstract void grantRequestedRuntimePermissions( 81 @NonNull PackageParser.Package pkg, @NonNull int[] userIds, 82 @NonNull String[] grantedPermissions, int callingUid, 83 @Nullable PermissionCallback callback); 84 public abstract void revokeRuntimePermission(@NonNull String permName, 85 @NonNull String packageName, boolean overridePolicy, int callingUid, int userId, 86 @Nullable PermissionCallback callback); 87 88 public abstract void updatePermissions(@Nullable String packageName, 89 @Nullable PackageParser.Package pkg, boolean replaceGrant, 90 @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback); 91 public abstract void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdated, 92 @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback); 93 94 /** 95 * We might auto-grant permissions if any permission of the group is already granted. Hence if 96 * the group of a granted permission changes we need to revoke it to avoid having permissions of 97 * the new group auto-granted. 98 * 99 * @param newPackage The new package that was installed 100 * @param oldPackage The old package that was updated 101 * @param allPackageNames All packages 102 * @param permissionCallback Callback for permission changed 103 */ 104 public abstract void revokeRuntimePermissionsIfGroupChanged( 105 @NonNull PackageParser.Package newPackage, 106 @NonNull PackageParser.Package oldPackage, 107 @NonNull ArrayList<String> allPackageNames, 108 @NonNull PermissionCallback permissionCallback); 109 110 /** 111 * Add all permissions in the given package. 112 * <p> 113 * NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to 114 * the permission settings. 115 */ 116 public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); 117 public abstract void addAllPermissionGroups(@NonNull PackageParser.Package pkg, boolean chatty); 118 public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty); 119 public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async, 120 int callingUid, @Nullable PermissionCallback callback); 121 public abstract void removeDynamicPermission(@NonNull String permName, int callingUid, 122 @Nullable PermissionCallback callback); 123 124 public abstract @Nullable String[] getAppOpPermissionPackages(@NonNull String permName); 125 126 public abstract int getPermissionFlags(@NonNull String permName, 127 @NonNull String packageName, int callingUid, int userId); 128 /** 129 * Retrieve all of the information we know about a particular group of permissions. 130 */ 131 public abstract @Nullable PermissionGroupInfo getPermissionGroupInfo( 132 @NonNull String groupName, int flags, int callingUid); 133 /** 134 * Retrieve all of the known permission groups in the system. 135 */ 136 public abstract @Nullable List<PermissionGroupInfo> getAllPermissionGroups(int flags, 137 int callingUid); 138 /** 139 * Retrieve all of the information we know about a particular permission. 140 */ 141 public abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permName, 142 @NonNull String packageName, @PermissionInfoFlags int flags, int callingUid); 143 /** 144 * Retrieve all of the permissions associated with a particular group. 145 */ 146 public abstract @Nullable List<PermissionInfo> getPermissionInfoByGroup(@NonNull String group, 147 @PermissionInfoFlags int flags, int callingUid); 148 149 /** 150 * Updates the flags associated with a permission by replacing the flags in 151 * the specified mask with the provided flag values. 152 */ 153 public abstract void updatePermissionFlags(@NonNull String permName, 154 @NonNull String packageName, int flagMask, int flagValues, int callingUid, int userId, 155 @Nullable PermissionCallback callback); 156 /** 157 * Updates the flags for all applications by replacing the flags in the specified mask 158 * with the provided flag values. 159 */ 160 public abstract boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, 161 int callingUid, int userId, @NonNull Collection<PackageParser.Package> packages, 162 @Nullable PermissionCallback callback); 163 164 public abstract int checkPermission(@NonNull String permName, @NonNull String packageName, 165 int callingUid, int userId); 166 public abstract int checkUidPermission(@NonNull String permName, 167 @Nullable PackageParser.Package pkg, int uid, int callingUid); 168 169 /** 170 * Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS 171 * or INTERACT_ACROSS_USERS_FULL permissions, if the {@code userid} is not for the caller. 172 * @param checkShell whether to prevent shell from access if there's a debugging restriction 173 * @param message the message to log on security exception 174 */ 175 public abstract void enforceCrossUserPermission(int callingUid, int userId, 176 boolean requireFullPermission, boolean checkShell, @NonNull String message); 177 public abstract void enforceGrantRevokeRuntimePermissionPermissions(@NonNull String message); 178 179 public abstract @NonNull PermissionSettings getPermissionSettings(); 180 public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy(); 181 182 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ 183 public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName); 184}