PermissionManagerService.java revision 4dc50527d87a0f5a05a35caf5398eb7aec162213
1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import static android.Manifest.permission.READ_EXTERNAL_STORAGE; 20import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; 21 22import android.Manifest; 23import android.annotation.NonNull; 24import android.annotation.Nullable; 25import android.app.AppOpsManager; 26import android.content.Context; 27import android.content.pm.PackageManager; 28import android.content.pm.PackageManagerInternal; 29import android.content.pm.PackageParser; 30import android.content.pm.ParceledListSlice; 31import android.content.pm.PermissionInfo; 32import android.content.pm.PackageParser.Package; 33import android.os.Binder; 34import android.os.Build; 35import android.os.Handler; 36import android.os.HandlerThread; 37import android.os.Process; 38import android.os.UserHandle; 39import android.os.UserManager; 40import android.os.UserManagerInternal; 41import android.os.storage.StorageManagerInternal; 42import android.util.ArrayMap; 43import android.util.ArraySet; 44import android.util.Log; 45import android.util.Slog; 46 47import com.android.internal.R; 48import com.android.internal.logging.MetricsLogger; 49import com.android.internal.logging.nano.MetricsProto.MetricsEvent; 50import com.android.internal.util.ArrayUtils; 51import com.android.server.FgThread; 52import com.android.server.LocalServices; 53import com.android.server.ServiceThread; 54import com.android.server.SystemConfig; 55import com.android.server.Watchdog; 56import com.android.server.pm.PackageManagerService; 57import com.android.server.pm.PackageManagerServiceUtils; 58import com.android.server.pm.PackageSetting; 59import com.android.server.pm.ProcessLoggingHandler; 60import com.android.server.pm.SharedUserSetting; 61import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback; 62import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback; 63import com.android.server.pm.permission.PermissionsState.PermissionState; 64 65import libcore.util.EmptyArray; 66 67import java.util.ArrayList; 68import java.util.Arrays; 69import java.util.Collection; 70import java.util.Iterator; 71import java.util.List; 72import java.util.Set; 73 74/** 75 * Manages all permissions and handles permissions related tasks. 76 */ 77public class PermissionManagerService { 78 private static final String TAG = "PackageManager"; 79 80 /** All dangerous permission names in the same order as the events in MetricsEvent */ 81 private static final List<String> ALL_DANGEROUS_PERMISSIONS = Arrays.asList( 82 Manifest.permission.READ_CALENDAR, 83 Manifest.permission.WRITE_CALENDAR, 84 Manifest.permission.CAMERA, 85 Manifest.permission.READ_CONTACTS, 86 Manifest.permission.WRITE_CONTACTS, 87 Manifest.permission.GET_ACCOUNTS, 88 Manifest.permission.ACCESS_FINE_LOCATION, 89 Manifest.permission.ACCESS_COARSE_LOCATION, 90 Manifest.permission.RECORD_AUDIO, 91 Manifest.permission.READ_PHONE_STATE, 92 Manifest.permission.CALL_PHONE, 93 Manifest.permission.READ_CALL_LOG, 94 Manifest.permission.WRITE_CALL_LOG, 95 Manifest.permission.ADD_VOICEMAIL, 96 Manifest.permission.USE_SIP, 97 Manifest.permission.PROCESS_OUTGOING_CALLS, 98 Manifest.permission.READ_CELL_BROADCASTS, 99 Manifest.permission.BODY_SENSORS, 100 Manifest.permission.SEND_SMS, 101 Manifest.permission.RECEIVE_SMS, 102 Manifest.permission.READ_SMS, 103 Manifest.permission.RECEIVE_WAP_PUSH, 104 Manifest.permission.RECEIVE_MMS, 105 Manifest.permission.READ_EXTERNAL_STORAGE, 106 Manifest.permission.WRITE_EXTERNAL_STORAGE, 107 Manifest.permission.READ_PHONE_NUMBERS, 108 Manifest.permission.ANSWER_PHONE_CALLS); 109 110 /** Cap the size of permission trees that 3rd party apps can define */ 111 private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768; // characters of text 112 113 /** Lock to protect internal data access */ 114 private final Object mLock; 115 116 /** Internal connection to the package manager */ 117 private final PackageManagerInternal mPackageManagerInt; 118 119 /** Internal connection to the user manager */ 120 private final UserManagerInternal mUserManagerInt; 121 122 /** Default permission policy to provide proper behaviour out-of-the-box */ 123 private final DefaultPermissionGrantPolicy mDefaultPermissionGrantPolicy; 124 125 /** Internal storage for permissions and related settings */ 126 private final PermissionSettings mSettings; 127 128 private final HandlerThread mHandlerThread; 129 private final Handler mHandler; 130 private final Context mContext; 131 132 PermissionManagerService(Context context, 133 @Nullable DefaultPermissionGrantedCallback defaultGrantCallback, 134 @NonNull Object externalLock) { 135 mContext = context; 136 mLock = externalLock; 137 mPackageManagerInt = LocalServices.getService(PackageManagerInternal.class); 138 mUserManagerInt = LocalServices.getService(UserManagerInternal.class); 139 mSettings = new PermissionSettings(context, mLock); 140 141 mHandlerThread = new ServiceThread(TAG, 142 Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/); 143 mHandlerThread.start(); 144 mHandler = new Handler(mHandlerThread.getLooper()); 145 Watchdog.getInstance().addThread(mHandler); 146 147 mDefaultPermissionGrantPolicy = new DefaultPermissionGrantPolicy( 148 context, mHandlerThread.getLooper(), defaultGrantCallback, this); 149 150 // propagate permission configuration 151 final ArrayMap<String, SystemConfig.PermissionEntry> permConfig = 152 SystemConfig.getInstance().getPermissions(); 153 synchronized (mLock) { 154 for (int i=0; i<permConfig.size(); i++) { 155 final SystemConfig.PermissionEntry perm = permConfig.valueAt(i); 156 BasePermission bp = mSettings.getPermissionLocked(perm.name); 157 if (bp == null) { 158 bp = new BasePermission(perm.name, "android", BasePermission.TYPE_BUILTIN); 159 mSettings.putPermissionLocked(perm.name, bp); 160 } 161 if (perm.gids != null) { 162 bp.setGids(perm.gids, perm.perUser); 163 } 164 } 165 } 166 167 LocalServices.addService( 168 PermissionManagerInternal.class, new PermissionManagerInternalImpl()); 169 } 170 171 /** 172 * Creates and returns an initialized, internal service for use by other components. 173 * <p> 174 * The object returned is identical to the one returned by the LocalServices class using: 175 * {@code LocalServices.getService(PermissionManagerInternal.class);} 176 * <p> 177 * NOTE: The external lock is temporary and should be removed. This needs to be a 178 * lock created by the permission manager itself. 179 */ 180 public static PermissionManagerInternal create(Context context, 181 @Nullable DefaultPermissionGrantedCallback defaultGrantCallback, 182 @NonNull Object externalLock) { 183 final PermissionManagerInternal permMgrInt = 184 LocalServices.getService(PermissionManagerInternal.class); 185 if (permMgrInt != null) { 186 return permMgrInt; 187 } 188 new PermissionManagerService(context, defaultGrantCallback, externalLock); 189 return LocalServices.getService(PermissionManagerInternal.class); 190 } 191 192 @Nullable BasePermission getPermission(String permName) { 193 synchronized (mLock) { 194 return mSettings.getPermissionLocked(permName); 195 } 196 } 197 198 private int checkPermission(String permName, String pkgName, int callingUid, int userId) { 199 if (!mUserManagerInt.exists(userId)) { 200 return PackageManager.PERMISSION_DENIED; 201 } 202 203 final PackageParser.Package pkg = mPackageManagerInt.getPackage(pkgName); 204 if (pkg != null && pkg.mExtras != null) { 205 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) { 206 return PackageManager.PERMISSION_DENIED; 207 } 208 final PackageSetting ps = (PackageSetting) pkg.mExtras; 209 final boolean instantApp = ps.getInstantApp(userId); 210 final PermissionsState permissionsState = ps.getPermissionsState(); 211 if (permissionsState.hasPermission(permName, userId)) { 212 if (instantApp) { 213 synchronized (mLock) { 214 BasePermission bp = mSettings.getPermissionLocked(permName); 215 if (bp != null && bp.isInstant()) { 216 return PackageManager.PERMISSION_GRANTED; 217 } 218 } 219 } else { 220 return PackageManager.PERMISSION_GRANTED; 221 } 222 } 223 // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION 224 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState 225 .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { 226 return PackageManager.PERMISSION_GRANTED; 227 } 228 } 229 230 return PackageManager.PERMISSION_DENIED; 231 } 232 233 private PermissionInfo getPermissionInfo(String name, String packageName, int flags, 234 int callingUid) { 235 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) { 236 return null; 237 } 238 // reader 239 synchronized (mLock) { 240 final BasePermission bp = mSettings.getPermissionLocked(name); 241 if (bp == null) { 242 return null; 243 } 244 final int adjustedProtectionLevel = adjustPermissionProtectionFlagsLocked( 245 bp.getProtectionLevel(), packageName, callingUid); 246 return bp.generatePermissionInfo(adjustedProtectionLevel, flags); 247 } 248 } 249 250 private List<PermissionInfo> getPermissionInfoByGroup( 251 String groupName, int flags, int callingUid) { 252 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) { 253 return null; 254 } 255 // reader 256 synchronized (mLock) { 257 // TODO Uncomment when mPermissionGroups moves to this class 258// if (groupName != null && !mPermissionGroups.containsKey(groupName)) { 259// // This is thrown as NameNotFoundException 260// return null; 261// } 262 263 final ArrayList<PermissionInfo> out = new ArrayList<PermissionInfo>(10); 264 for (BasePermission bp : mSettings.mPermissions.values()) { 265 final PermissionInfo pi = bp.generatePermissionInfo(groupName, flags); 266 if (pi != null) { 267 out.add(pi); 268 } 269 } 270 return out; 271 } 272 } 273 274 private int adjustPermissionProtectionFlagsLocked( 275 int protectionLevel, String packageName, int uid) { 276 // Signature permission flags area always reported 277 final int protectionLevelMasked = protectionLevel 278 & (PermissionInfo.PROTECTION_NORMAL 279 | PermissionInfo.PROTECTION_DANGEROUS 280 | PermissionInfo.PROTECTION_SIGNATURE); 281 if (protectionLevelMasked == PermissionInfo.PROTECTION_SIGNATURE) { 282 return protectionLevel; 283 } 284 // System sees all flags. 285 final int appId = UserHandle.getAppId(uid); 286 if (appId == Process.SYSTEM_UID || appId == Process.ROOT_UID 287 || appId == Process.SHELL_UID) { 288 return protectionLevel; 289 } 290 // Normalize package name to handle renamed packages and static libs 291 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName); 292 if (pkg == null) { 293 return protectionLevel; 294 } 295 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.O) { 296 return protectionLevelMasked; 297 } 298 // Apps that target O see flags for all protection levels. 299 final PackageSetting ps = (PackageSetting) pkg.mExtras; 300 if (ps == null) { 301 return protectionLevel; 302 } 303 if (ps.getAppId() != appId) { 304 return protectionLevel; 305 } 306 return protectionLevel; 307 } 308 309 private void addAllPermissions(PackageParser.Package pkg, boolean chatty) { 310 final int N = pkg.permissions.size(); 311 for (int i=0; i<N; i++) { 312 PackageParser.Permission p = pkg.permissions.get(i); 313 314 // Assume by default that we did not install this permission into the system. 315 p.info.flags &= ~PermissionInfo.FLAG_INSTALLED; 316 317 // Now that permission groups have a special meaning, we ignore permission 318 // groups for legacy apps to prevent unexpected behavior. In particular, 319 // permissions for one app being granted to someone just because they happen 320 // to be in a group defined by another app (before this had no implications). 321 if (pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1) { 322 p.group = mPackageManagerInt.getPermissionGroupTEMP(p.info.group); 323 // Warn for a permission in an unknown group. 324 if (PackageManagerService.DEBUG_PERMISSIONS 325 && p.info.group != null && p.group == null) { 326 Slog.i(TAG, "Permission " + p.info.name + " from package " 327 + p.info.packageName + " in an unknown group " + p.info.group); 328 } 329 } 330 331 synchronized (PermissionManagerService.this.mLock) { 332 if (p.tree) { 333 final BasePermission bp = BasePermission.createOrUpdate( 334 mSettings.getPermissionTreeLocked(p.info.name), p, pkg, 335 mSettings.getAllPermissionTreesLocked(), chatty); 336 mSettings.putPermissionTreeLocked(p.info.name, bp); 337 } else { 338 final BasePermission bp = BasePermission.createOrUpdate( 339 mSettings.getPermissionLocked(p.info.name), 340 p, pkg, mSettings.getAllPermissionTreesLocked(), chatty); 341 mSettings.putPermissionLocked(p.info.name, bp); 342 } 343 } 344 } 345 } 346 347 private void removeAllPermissions(PackageParser.Package pkg, boolean chatty) { 348 synchronized (mLock) { 349 int N = pkg.permissions.size(); 350 StringBuilder r = null; 351 for (int i=0; i<N; i++) { 352 PackageParser.Permission p = pkg.permissions.get(i); 353 BasePermission bp = (BasePermission) mSettings.mPermissions.get(p.info.name); 354 if (bp == null) { 355 bp = mSettings.mPermissionTrees.get(p.info.name); 356 } 357 if (bp != null && bp.isPermission(p)) { 358 bp.setPermission(null); 359 if (PackageManagerService.DEBUG_REMOVE && chatty) { 360 if (r == null) { 361 r = new StringBuilder(256); 362 } else { 363 r.append(' '); 364 } 365 r.append(p.info.name); 366 } 367 } 368 if (p.isAppOp()) { 369 ArraySet<String> appOpPkgs = 370 mSettings.mAppOpPermissionPackages.get(p.info.name); 371 if (appOpPkgs != null) { 372 appOpPkgs.remove(pkg.packageName); 373 } 374 } 375 } 376 if (r != null) { 377 if (PackageManagerService.DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r); 378 } 379 380 N = pkg.requestedPermissions.size(); 381 r = null; 382 for (int i=0; i<N; i++) { 383 String perm = pkg.requestedPermissions.get(i); 384 if (mSettings.isPermissionAppOp(perm)) { 385 ArraySet<String> appOpPkgs = mSettings.mAppOpPermissionPackages.get(perm); 386 if (appOpPkgs != null) { 387 appOpPkgs.remove(pkg.packageName); 388 if (appOpPkgs.isEmpty()) { 389 mSettings.mAppOpPermissionPackages.remove(perm); 390 } 391 } 392 } 393 } 394 if (r != null) { 395 if (PackageManagerService.DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r); 396 } 397 } 398 } 399 400 private boolean addDynamicPermission( 401 PermissionInfo info, int callingUid, PermissionCallback callback) { 402 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) { 403 throw new SecurityException("Instant apps can't add permissions"); 404 } 405 if (info.labelRes == 0 && info.nonLocalizedLabel == null) { 406 throw new SecurityException("Label must be specified in permission"); 407 } 408 final BasePermission tree = mSettings.enforcePermissionTree(info.name, callingUid); 409 final boolean added; 410 final boolean changed; 411 synchronized (mLock) { 412 BasePermission bp = mSettings.getPermissionLocked(info.name); 413 added = bp == null; 414 int fixedLevel = PermissionInfo.fixProtectionLevel(info.protectionLevel); 415 if (added) { 416 enforcePermissionCapLocked(info, tree); 417 bp = new BasePermission(info.name, tree.getSourcePackageName(), 418 BasePermission.TYPE_DYNAMIC); 419 } else if (bp.isDynamic()) { 420 // TODO: switch this back to SecurityException 421 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission " 422 + info.name); 423 } 424 changed = bp.addToTree(fixedLevel, info, tree); 425 if (added) { 426 mSettings.putPermissionLocked(info.name, bp); 427 } 428 } 429 if (changed && callback != null) { 430 callback.onPermissionChanged(); 431 } 432 return added; 433 } 434 435 private void removeDynamicPermission( 436 String permName, int callingUid, PermissionCallback callback) { 437 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) { 438 throw new SecurityException("Instant applications don't have access to this method"); 439 } 440 final BasePermission tree = mSettings.enforcePermissionTree(permName, callingUid); 441 synchronized (mLock) { 442 final BasePermission bp = mSettings.getPermissionLocked(permName); 443 if (bp == null) { 444 return; 445 } 446 if (bp.isDynamic()) { 447 // TODO: switch this back to SecurityException 448 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission " 449 + permName); 450 } 451 mSettings.removePermissionLocked(permName); 452 if (callback != null) { 453 callback.onPermissionRemoved(); 454 } 455 } 456 } 457 458 private void grantRuntimePermissionsGrantedToDisabledPackageLocked( 459 PackageParser.Package pkg, int callingUid, PermissionCallback callback) { 460 if (pkg.parentPackage == null) { 461 return; 462 } 463 if (pkg.requestedPermissions == null) { 464 return; 465 } 466 final PackageParser.Package disabledPkg = 467 mPackageManagerInt.getDisabledPackage(pkg.parentPackage.packageName); 468 if (disabledPkg == null || disabledPkg.mExtras == null) { 469 return; 470 } 471 final PackageSetting disabledPs = (PackageSetting) disabledPkg.mExtras; 472 if (!disabledPs.isPrivileged() || disabledPs.hasChildPackages()) { 473 return; 474 } 475 final int permCount = pkg.requestedPermissions.size(); 476 for (int i = 0; i < permCount; i++) { 477 String permission = pkg.requestedPermissions.get(i); 478 BasePermission bp = mSettings.getPermissionLocked(permission); 479 if (bp == null || !(bp.isRuntime() || bp.isDevelopment())) { 480 continue; 481 } 482 for (int userId : mUserManagerInt.getUserIds()) { 483 if (disabledPs.getPermissionsState().hasRuntimePermission(permission, userId)) { 484 grantRuntimePermission( 485 permission, pkg.packageName, false, callingUid, userId, callback); 486 } 487 } 488 } 489 } 490 491 private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds, 492 String[] grantedPermissions, int callingUid, PermissionCallback callback) { 493 for (int userId : userIds) { 494 grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions, callingUid, 495 callback); 496 } 497 } 498 499 private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId, 500 String[] grantedPermissions, int callingUid, PermissionCallback callback) { 501 PackageSetting ps = (PackageSetting) pkg.mExtras; 502 if (ps == null) { 503 return; 504 } 505 506 PermissionsState permissionsState = ps.getPermissionsState(); 507 508 final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 509 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 510 511 final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion 512 >= Build.VERSION_CODES.M; 513 514 final boolean instantApp = mPackageManagerInt.isInstantApp(pkg.packageName, userId); 515 516 for (String permission : pkg.requestedPermissions) { 517 final BasePermission bp; 518 synchronized (mLock) { 519 bp = mSettings.getPermissionLocked(permission); 520 } 521 if (bp != null && (bp.isRuntime() || bp.isDevelopment()) 522 && (!instantApp || bp.isInstant()) 523 && (supportsRuntimePermissions || !bp.isRuntimeOnly()) 524 && (grantedPermissions == null 525 || ArrayUtils.contains(grantedPermissions, permission))) { 526 final int flags = permissionsState.getPermissionFlags(permission, userId); 527 if (supportsRuntimePermissions) { 528 // Installer cannot change immutable permissions. 529 if ((flags & immutableFlags) == 0) { 530 grantRuntimePermission(permission, pkg.packageName, false, callingUid, 531 userId, callback); 532 } 533 } else if (mSettings.mPermissionReviewRequired) { 534 // In permission review mode we clear the review flag when we 535 // are asked to install the app with all permissions granted. 536 if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) { 537 updatePermissionFlags(permission, pkg.packageName, 538 PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0, callingUid, 539 userId, callback); 540 } 541 } 542 } 543 } 544 } 545 546 private void grantRuntimePermission(String permName, String packageName, boolean overridePolicy, 547 int callingUid, final int userId, PermissionCallback callback) { 548 if (!mUserManagerInt.exists(userId)) { 549 Log.e(TAG, "No such user:" + userId); 550 return; 551 } 552 553 mContext.enforceCallingOrSelfPermission( 554 android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, 555 "grantRuntimePermission"); 556 557 enforceCrossUserPermission(callingUid, userId, 558 true /* requireFullPermission */, true /* checkShell */, 559 "grantRuntimePermission"); 560 561 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName); 562 if (pkg == null || pkg.mExtras == null) { 563 throw new IllegalArgumentException("Unknown package: " + packageName); 564 } 565 final BasePermission bp; 566 synchronized(mLock) { 567 bp = mSettings.getPermissionLocked(permName); 568 } 569 if (bp == null) { 570 throw new IllegalArgumentException("Unknown permission: " + permName); 571 } 572 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) { 573 throw new IllegalArgumentException("Unknown package: " + packageName); 574 } 575 576 bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg); 577 578 // If a permission review is required for legacy apps we represent 579 // their permissions as always granted runtime ones since we need 580 // to keep the review required permission flag per user while an 581 // install permission's state is shared across all users. 582 if (mSettings.mPermissionReviewRequired 583 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M 584 && bp.isRuntime()) { 585 return; 586 } 587 588 final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid); 589 590 final PackageSetting ps = (PackageSetting) pkg.mExtras; 591 final PermissionsState permissionsState = ps.getPermissionsState(); 592 593 final int flags = permissionsState.getPermissionFlags(permName, userId); 594 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { 595 throw new SecurityException("Cannot grant system fixed permission " 596 + permName + " for package " + packageName); 597 } 598 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 599 throw new SecurityException("Cannot grant policy fixed permission " 600 + permName + " for package " + packageName); 601 } 602 603 if (bp.isDevelopment()) { 604 // Development permissions must be handled specially, since they are not 605 // normal runtime permissions. For now they apply to all users. 606 if (permissionsState.grantInstallPermission(bp) != 607 PermissionsState.PERMISSION_OPERATION_FAILURE) { 608 if (callback != null) { 609 callback.onInstallPermissionGranted(); 610 } 611 } 612 return; 613 } 614 615 if (ps.getInstantApp(userId) && !bp.isInstant()) { 616 throw new SecurityException("Cannot grant non-ephemeral permission" 617 + permName + " for package " + packageName); 618 } 619 620 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) { 621 Slog.w(TAG, "Cannot grant runtime permission to a legacy app"); 622 return; 623 } 624 625 final int result = permissionsState.grantRuntimePermission(bp, userId); 626 switch (result) { 627 case PermissionsState.PERMISSION_OPERATION_FAILURE: { 628 return; 629 } 630 631 case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: { 632 if (callback != null) { 633 callback.onGidsChanged(UserHandle.getAppId(pkg.applicationInfo.uid), userId); 634 } 635 } 636 break; 637 } 638 639 if (bp.isRuntime()) { 640 logPermissionGranted(mContext, permName, packageName); 641 } 642 643 if (callback != null) { 644 callback.onPermissionGranted(uid, userId); 645 } 646 647 // Only need to do this if user is initialized. Otherwise it's a new user 648 // and there are no processes running as the user yet and there's no need 649 // to make an expensive call to remount processes for the changed permissions. 650 if (READ_EXTERNAL_STORAGE.equals(permName) 651 || WRITE_EXTERNAL_STORAGE.equals(permName)) { 652 final long token = Binder.clearCallingIdentity(); 653 try { 654 if (mUserManagerInt.isUserInitialized(userId)) { 655 StorageManagerInternal storageManagerInternal = LocalServices.getService( 656 StorageManagerInternal.class); 657 storageManagerInternal.onExternalStoragePolicyChanged(uid, packageName); 658 } 659 } finally { 660 Binder.restoreCallingIdentity(token); 661 } 662 } 663 664 } 665 666 private void revokeRuntimePermission(String permName, String packageName, 667 boolean overridePolicy, int callingUid, int userId, PermissionCallback callback) { 668 if (!mUserManagerInt.exists(userId)) { 669 Log.e(TAG, "No such user:" + userId); 670 return; 671 } 672 673 mContext.enforceCallingOrSelfPermission( 674 android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, 675 "revokeRuntimePermission"); 676 677 enforceCrossUserPermission(Binder.getCallingUid(), userId, 678 true /* requireFullPermission */, true /* checkShell */, 679 "revokeRuntimePermission"); 680 681 final int appId; 682 683 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName); 684 if (pkg == null || pkg.mExtras == null) { 685 throw new IllegalArgumentException("Unknown package: " + packageName); 686 } 687 if (mPackageManagerInt.filterAppAccess(pkg, Binder.getCallingUid(), userId)) { 688 throw new IllegalArgumentException("Unknown package: " + packageName); 689 } 690 final BasePermission bp = mSettings.getPermissionLocked(permName); 691 if (bp == null) { 692 throw new IllegalArgumentException("Unknown permission: " + permName); 693 } 694 695 bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg); 696 697 // If a permission review is required for legacy apps we represent 698 // their permissions as always granted runtime ones since we need 699 // to keep the review required permission flag per user while an 700 // install permission's state is shared across all users. 701 if (mSettings.mPermissionReviewRequired 702 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M 703 && bp.isRuntime()) { 704 return; 705 } 706 707 final PackageSetting ps = (PackageSetting) pkg.mExtras; 708 final PermissionsState permissionsState = ps.getPermissionsState(); 709 710 final int flags = permissionsState.getPermissionFlags(permName, userId); 711 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) { 712 throw new SecurityException("Cannot revoke system fixed permission " 713 + permName + " for package " + packageName); 714 } 715 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 716 throw new SecurityException("Cannot revoke policy fixed permission " 717 + permName + " for package " + packageName); 718 } 719 720 if (bp.isDevelopment()) { 721 // Development permissions must be handled specially, since they are not 722 // normal runtime permissions. For now they apply to all users. 723 if (permissionsState.revokeInstallPermission(bp) != 724 PermissionsState.PERMISSION_OPERATION_FAILURE) { 725 if (callback != null) { 726 callback.onInstallPermissionRevoked(); 727 } 728 } 729 return; 730 } 731 732 if (permissionsState.revokeRuntimePermission(bp, userId) == 733 PermissionsState.PERMISSION_OPERATION_FAILURE) { 734 return; 735 } 736 737 if (bp.isRuntime()) { 738 logPermissionRevoked(mContext, permName, packageName); 739 } 740 741 if (callback != null) { 742 final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid); 743 callback.onPermissionRevoked(pkg.applicationInfo.uid, userId); 744 } 745 } 746 747 private int[] revokeUnusedSharedUserPermissions(SharedUserSetting suSetting, int[] allUserIds) { 748 // Collect all used permissions in the UID 749 final ArraySet<String> usedPermissions = new ArraySet<>(); 750 final List<PackageParser.Package> pkgList = suSetting.getPackages(); 751 if (pkgList == null || pkgList.size() == 0) { 752 return EmptyArray.INT; 753 } 754 for (PackageParser.Package pkg : pkgList) { 755 final int requestedPermCount = pkg.requestedPermissions.size(); 756 for (int j = 0; j < requestedPermCount; j++) { 757 String permission = pkg.requestedPermissions.get(j); 758 BasePermission bp = mSettings.getPermissionLocked(permission); 759 if (bp != null) { 760 usedPermissions.add(permission); 761 } 762 } 763 } 764 765 PermissionsState permissionsState = suSetting.getPermissionsState(); 766 // Prune install permissions 767 List<PermissionState> installPermStates = permissionsState.getInstallPermissionStates(); 768 final int installPermCount = installPermStates.size(); 769 for (int i = installPermCount - 1; i >= 0; i--) { 770 PermissionState permissionState = installPermStates.get(i); 771 if (!usedPermissions.contains(permissionState.getName())) { 772 BasePermission bp = mSettings.getPermissionLocked(permissionState.getName()); 773 if (bp != null) { 774 permissionsState.revokeInstallPermission(bp); 775 permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL, 776 PackageManager.MASK_PERMISSION_FLAGS, 0); 777 } 778 } 779 } 780 781 int[] runtimePermissionChangedUserIds = EmptyArray.INT; 782 783 // Prune runtime permissions 784 for (int userId : allUserIds) { 785 List<PermissionState> runtimePermStates = permissionsState 786 .getRuntimePermissionStates(userId); 787 final int runtimePermCount = runtimePermStates.size(); 788 for (int i = runtimePermCount - 1; i >= 0; i--) { 789 PermissionState permissionState = runtimePermStates.get(i); 790 if (!usedPermissions.contains(permissionState.getName())) { 791 BasePermission bp = mSettings.getPermissionLocked(permissionState.getName()); 792 if (bp != null) { 793 permissionsState.revokeRuntimePermission(bp, userId); 794 permissionsState.updatePermissionFlags(bp, userId, 795 PackageManager.MASK_PERMISSION_FLAGS, 0); 796 runtimePermissionChangedUserIds = ArrayUtils.appendInt( 797 runtimePermissionChangedUserIds, userId); 798 } 799 } 800 } 801 } 802 803 return runtimePermissionChangedUserIds; 804 } 805 806 private String[] getAppOpPermissionPackages(String permName) { 807 if (mPackageManagerInt.getInstantAppPackageName(Binder.getCallingUid()) != null) { 808 return null; 809 } 810 synchronized (mLock) { 811 final ArraySet<String> pkgs = mSettings.mAppOpPermissionPackages.get(permName); 812 if (pkgs == null) { 813 return null; 814 } 815 return pkgs.toArray(new String[pkgs.size()]); 816 } 817 } 818 819 private int getPermissionFlags( 820 String permName, String packageName, int callingUid, int userId) { 821 if (!mUserManagerInt.exists(userId)) { 822 return 0; 823 } 824 825 enforceGrantRevokeRuntimePermissionPermissions("getPermissionFlags"); 826 827 enforceCrossUserPermission(callingUid, userId, 828 true /* requireFullPermission */, false /* checkShell */, 829 "getPermissionFlags"); 830 831 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName); 832 if (pkg == null || pkg.mExtras == null) { 833 return 0; 834 } 835 synchronized (mLock) { 836 if (mSettings.getPermissionLocked(permName) == null) { 837 return 0; 838 } 839 } 840 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) { 841 return 0; 842 } 843 final PackageSetting ps = (PackageSetting) pkg.mExtras; 844 PermissionsState permissionsState = ps.getPermissionsState(); 845 return permissionsState.getPermissionFlags(permName, userId); 846 } 847 848 private int updatePermissions(String packageName, PackageParser.Package pkgInfo, int flags) { 849 Set<BasePermission> needsUpdate = null; 850 synchronized (mLock) { 851 final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator(); 852 while (it.hasNext()) { 853 final BasePermission bp = it.next(); 854 if (bp.isDynamic()) { 855 bp.updateDynamicPermission(mSettings.mPermissionTrees.values()); 856 } 857 if (bp.getSourcePackageSetting() != null) { 858 if (packageName != null && packageName.equals(bp.getSourcePackageName()) 859 && (pkgInfo == null || !hasPermission(pkgInfo, bp.getName()))) { 860 Slog.i(TAG, "Removing old permission tree: " + bp.getName() 861 + " from package " + bp.getSourcePackageName()); 862 flags |= PackageManagerService.UPDATE_PERMISSIONS_ALL; 863 it.remove(); 864 } 865 continue; 866 } 867 if (needsUpdate == null) { 868 needsUpdate = new ArraySet<>(mSettings.mPermissions.size()); 869 } 870 needsUpdate.add(bp); 871 } 872 } 873 if (needsUpdate != null) { 874 for (final BasePermission bp : needsUpdate) { 875 final PackageParser.Package pkg = 876 mPackageManagerInt.getPackage(bp.getSourcePackageName()); 877 synchronized (mLock) { 878 if (pkg != null && pkg.mExtras != null) { 879 final PackageSetting ps = (PackageSetting) pkg.mExtras; 880 if (bp.getSourcePackageSetting() == null) { 881 bp.setSourcePackageSetting(ps); 882 } 883 continue; 884 } 885 Slog.w(TAG, "Removing dangling permission: " + bp.getName() 886 + " from package " + bp.getSourcePackageName()); 887 mSettings.removePermissionLocked(bp.getName()); 888 } 889 } 890 } 891 return flags; 892 } 893 894 private int updatePermissionTrees(String packageName, PackageParser.Package pkgInfo, 895 int flags) { 896 Set<BasePermission> needsUpdate = null; 897 synchronized (mLock) { 898 final Iterator<BasePermission> it = mSettings.mPermissionTrees.values().iterator(); 899 while (it.hasNext()) { 900 final BasePermission bp = it.next(); 901 if (bp.getSourcePackageSetting() != null) { 902 if (packageName != null && packageName.equals(bp.getSourcePackageName()) 903 && (pkgInfo == null || !hasPermission(pkgInfo, bp.getName()))) { 904 Slog.i(TAG, "Removing old permission tree: " + bp.getName() 905 + " from package " + bp.getSourcePackageName()); 906 flags |= PackageManagerService.UPDATE_PERMISSIONS_ALL; 907 it.remove(); 908 } 909 continue; 910 } 911 if (needsUpdate == null) { 912 needsUpdate = new ArraySet<>(mSettings.mPermissionTrees.size()); 913 } 914 needsUpdate.add(bp); 915 } 916 } 917 if (needsUpdate != null) { 918 for (final BasePermission bp : needsUpdate) { 919 final PackageParser.Package pkg = 920 mPackageManagerInt.getPackage(bp.getSourcePackageName()); 921 synchronized (mLock) { 922 if (pkg != null && pkg.mExtras != null) { 923 final PackageSetting ps = (PackageSetting) pkg.mExtras; 924 if (bp.getSourcePackageSetting() == null) { 925 bp.setSourcePackageSetting(ps); 926 } 927 continue; 928 } 929 Slog.w(TAG, "Removing dangling permission tree: " + bp.getName() 930 + " from package " + bp.getSourcePackageName()); 931 mSettings.removePermissionLocked(bp.getName()); 932 } 933 } 934 } 935 return flags; 936 } 937 938 private void updatePermissionFlags(String permName, String packageName, int flagMask, 939 int flagValues, int callingUid, int userId, PermissionCallback callback) { 940 if (!mUserManagerInt.exists(userId)) { 941 return; 942 } 943 944 enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags"); 945 946 enforceCrossUserPermission(callingUid, userId, 947 true /* requireFullPermission */, true /* checkShell */, 948 "updatePermissionFlags"); 949 950 // Only the system can change these flags and nothing else. 951 if (callingUid != Process.SYSTEM_UID) { 952 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 953 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 954 flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 955 flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 956 flagValues &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; 957 } 958 959 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName); 960 if (pkg == null || pkg.mExtras == null) { 961 throw new IllegalArgumentException("Unknown package: " + packageName); 962 } 963 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) { 964 throw new IllegalArgumentException("Unknown package: " + packageName); 965 } 966 967 final BasePermission bp; 968 synchronized (mLock) { 969 bp = mSettings.getPermissionLocked(permName); 970 } 971 if (bp == null) { 972 throw new IllegalArgumentException("Unknown permission: " + permName); 973 } 974 975 final PackageSetting ps = (PackageSetting) pkg.mExtras; 976 final PermissionsState permissionsState = ps.getPermissionsState(); 977 final boolean hadState = 978 permissionsState.getRuntimePermissionState(permName, userId) != null; 979 final boolean permissionUpdated = 980 permissionsState.updatePermissionFlags(bp, userId, flagMask, flagValues); 981 if (permissionUpdated && callback != null) { 982 // Install and runtime permissions are stored in different places, 983 // so figure out what permission changed and persist the change. 984 if (permissionsState.getInstallPermissionState(permName) != null) { 985 callback.onInstallPermissionUpdated(); 986 } else if (permissionsState.getRuntimePermissionState(permName, userId) != null 987 || hadState) { 988 callback.onPermissionUpdated(userId); 989 } 990 } 991 } 992 993 private boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid, 994 int userId, Collection<Package> packages, PermissionCallback callback) { 995 if (!mUserManagerInt.exists(userId)) { 996 return false; 997 } 998 999 enforceGrantRevokeRuntimePermissionPermissions( 1000 "updatePermissionFlagsForAllApps"); 1001 enforceCrossUserPermission(callingUid, userId, 1002 true /* requireFullPermission */, true /* checkShell */, 1003 "updatePermissionFlagsForAllApps"); 1004 1005 // Only the system can change system fixed flags. 1006 if (callingUid != Process.SYSTEM_UID) { 1007 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1008 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1009 } 1010 1011 boolean changed = false; 1012 for (PackageParser.Package pkg : packages) { 1013 final PackageSetting ps = (PackageSetting) pkg.mExtras; 1014 if (ps == null) { 1015 continue; 1016 } 1017 PermissionsState permissionsState = ps.getPermissionsState(); 1018 changed |= permissionsState.updatePermissionFlagsForAllPermissions( 1019 userId, flagMask, flagValues); 1020 } 1021 return changed; 1022 } 1023 1024 private void enforceGrantRevokeRuntimePermissionPermissions(String message) { 1025 if (mContext.checkCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS) 1026 != PackageManager.PERMISSION_GRANTED 1027 && mContext.checkCallingOrSelfPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) 1028 != PackageManager.PERMISSION_GRANTED) { 1029 throw new SecurityException(message + " requires " 1030 + Manifest.permission.GRANT_RUNTIME_PERMISSIONS + " or " 1031 + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS); 1032 } 1033 } 1034 1035 /** 1036 * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS 1037 * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller. 1038 * @param checkShell whether to prevent shell from access if there's a debugging restriction 1039 * @param message the message to log on security exception 1040 */ 1041 private void enforceCrossUserPermission(int callingUid, int userId, 1042 boolean requireFullPermission, boolean checkShell, String message) { 1043 if (userId < 0) { 1044 throw new IllegalArgumentException("Invalid userId " + userId); 1045 } 1046 if (checkShell) { 1047 PackageManagerServiceUtils.enforceShellRestriction( 1048 UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId); 1049 } 1050 if (userId == UserHandle.getUserId(callingUid)) return; 1051 if (callingUid != Process.SYSTEM_UID && callingUid != 0) { 1052 if (requireFullPermission) { 1053 mContext.enforceCallingOrSelfPermission( 1054 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); 1055 } else { 1056 try { 1057 mContext.enforceCallingOrSelfPermission( 1058 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); 1059 } catch (SecurityException se) { 1060 mContext.enforceCallingOrSelfPermission( 1061 android.Manifest.permission.INTERACT_ACROSS_USERS, message); 1062 } 1063 } 1064 } 1065 } 1066 1067 private int calculateCurrentPermissionFootprintLocked(BasePermission tree) { 1068 int size = 0; 1069 for (BasePermission perm : mSettings.mPermissions.values()) { 1070 size += tree.calculateFootprint(perm); 1071 } 1072 return size; 1073 } 1074 1075 private void enforcePermissionCapLocked(PermissionInfo info, BasePermission tree) { 1076 // We calculate the max size of permissions defined by this uid and throw 1077 // if that plus the size of 'info' would exceed our stated maximum. 1078 if (tree.getUid() != Process.SYSTEM_UID) { 1079 final int curTreeSize = calculateCurrentPermissionFootprintLocked(tree); 1080 if (curTreeSize + info.calculateFootprint() > MAX_PERMISSION_TREE_FOOTPRINT) { 1081 throw new SecurityException("Permission tree size cap exceeded"); 1082 } 1083 } 1084 } 1085 1086 private static boolean hasPermission(PackageParser.Package pkgInfo, String permName) { 1087 for (int i=pkgInfo.permissions.size()-1; i>=0; i--) { 1088 if (pkgInfo.permissions.get(i).info.name.equals(permName)) { 1089 return true; 1090 } 1091 } 1092 return false; 1093 } 1094 1095 /** 1096 * Get the first event id for the permission. 1097 * 1098 * <p>There are four events for each permission: <ul> 1099 * <li>Request permission: first id + 0</li> 1100 * <li>Grant permission: first id + 1</li> 1101 * <li>Request for permission denied: first id + 2</li> 1102 * <li>Revoke permission: first id + 3</li> 1103 * </ul></p> 1104 * 1105 * @param name name of the permission 1106 * 1107 * @return The first event id for the permission 1108 */ 1109 private static int getBaseEventId(@NonNull String name) { 1110 int eventIdIndex = ALL_DANGEROUS_PERMISSIONS.indexOf(name); 1111 1112 if (eventIdIndex == -1) { 1113 if (AppOpsManager.permissionToOpCode(name) == AppOpsManager.OP_NONE 1114 || Build.IS_USER) { 1115 Log.i(TAG, "Unknown permission " + name); 1116 1117 return MetricsEvent.ACTION_PERMISSION_REQUEST_UNKNOWN; 1118 } else { 1119 // Most likely #ALL_DANGEROUS_PERMISSIONS needs to be updated. 1120 // 1121 // Also update 1122 // - EventLogger#ALL_DANGEROUS_PERMISSIONS 1123 // - metrics_constants.proto 1124 throw new IllegalStateException("Unknown permission " + name); 1125 } 1126 } 1127 1128 return MetricsEvent.ACTION_PERMISSION_REQUEST_READ_CALENDAR + eventIdIndex * 4; 1129 } 1130 1131 /** 1132 * Log that a permission was revoked. 1133 * 1134 * @param context Context of the caller 1135 * @param name name of the permission 1136 * @param packageName package permission if for 1137 */ 1138 private static void logPermissionRevoked(@NonNull Context context, @NonNull String name, 1139 @NonNull String packageName) { 1140 MetricsLogger.action(context, getBaseEventId(name) + 3, packageName); 1141 } 1142 1143 /** 1144 * Log that a permission request was granted. 1145 * 1146 * @param context Context of the caller 1147 * @param name name of the permission 1148 * @param packageName package permission if for 1149 */ 1150 private static void logPermissionGranted(@NonNull Context context, @NonNull String name, 1151 @NonNull String packageName) { 1152 MetricsLogger.action(context, getBaseEventId(name) + 1, packageName); 1153 } 1154 1155 private class PermissionManagerInternalImpl extends PermissionManagerInternal { 1156 @Override 1157 public void addAllPermissions(Package pkg, boolean chatty) { 1158 PermissionManagerService.this.addAllPermissions(pkg, chatty); 1159 } 1160 @Override 1161 public void removeAllPermissions(Package pkg, boolean chatty) { 1162 PermissionManagerService.this.removeAllPermissions(pkg, chatty); 1163 } 1164 @Override 1165 public boolean addDynamicPermission(PermissionInfo info, boolean async, int callingUid, 1166 PermissionCallback callback) { 1167 return PermissionManagerService.this.addDynamicPermission(info, callingUid, callback); 1168 } 1169 @Override 1170 public void removeDynamicPermission(String permName, int callingUid, 1171 PermissionCallback callback) { 1172 PermissionManagerService.this.removeDynamicPermission(permName, callingUid, callback); 1173 } 1174 @Override 1175 public void grantRuntimePermission(String permName, String packageName, 1176 boolean overridePolicy, int callingUid, int userId, 1177 PermissionCallback callback) { 1178 PermissionManagerService.this.grantRuntimePermission( 1179 permName, packageName, overridePolicy, callingUid, userId, callback); 1180 } 1181 @Override 1182 public void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds, 1183 String[] grantedPermissions, int callingUid, PermissionCallback callback) { 1184 PermissionManagerService.this.grantRequestedRuntimePermissions( 1185 pkg, userIds, grantedPermissions, callingUid, callback); 1186 } 1187 @Override 1188 public void grantRuntimePermissionsGrantedToDisabledPackage(PackageParser.Package pkg, 1189 int callingUid, PermissionCallback callback) { 1190 PermissionManagerService.this.grantRuntimePermissionsGrantedToDisabledPackageLocked( 1191 pkg, callingUid, callback); 1192 } 1193 @Override 1194 public void revokeRuntimePermission(String permName, String packageName, 1195 boolean overridePolicy, int callingUid, int userId, 1196 PermissionCallback callback) { 1197 PermissionManagerService.this.revokeRuntimePermission(permName, packageName, 1198 overridePolicy, callingUid, userId, callback); 1199 } 1200 @Override 1201 public int[] revokeUnusedSharedUserPermissions(SharedUserSetting suSetting, 1202 int[] allUserIds) { 1203 return PermissionManagerService.this.revokeUnusedSharedUserPermissions( 1204 (SharedUserSetting) suSetting, allUserIds); 1205 } 1206 @Override 1207 public String[] getAppOpPermissionPackages(String permName) { 1208 return PermissionManagerService.this.getAppOpPermissionPackages(permName); 1209 } 1210 @Override 1211 public int getPermissionFlags(String permName, String packageName, int callingUid, 1212 int userId) { 1213 return PermissionManagerService.this.getPermissionFlags(permName, packageName, 1214 callingUid, userId); 1215 } 1216 @Override 1217 public int updatePermissions(String packageName, 1218 PackageParser.Package pkgInfo, int flags) { 1219 return PermissionManagerService.this.updatePermissions(packageName, pkgInfo, flags); 1220 } 1221 @Override 1222 public int updatePermissionTrees(String packageName, 1223 PackageParser.Package pkgInfo, int flags) { 1224 return PermissionManagerService.this.updatePermissionTrees(packageName, pkgInfo, flags); 1225 } 1226 @Override 1227 public void updatePermissionFlags(String permName, String packageName, int flagMask, 1228 int flagValues, int callingUid, int userId, PermissionCallback callback) { 1229 PermissionManagerService.this.updatePermissionFlags( 1230 permName, packageName, flagMask, flagValues, callingUid, userId, callback); 1231 } 1232 @Override 1233 public boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid, 1234 int userId, Collection<Package> packages, PermissionCallback callback) { 1235 return PermissionManagerService.this.updatePermissionFlagsForAllApps( 1236 flagMask, flagValues, callingUid, userId, packages, callback); 1237 } 1238 @Override 1239 public void enforceCrossUserPermission(int callingUid, int userId, 1240 boolean requireFullPermission, boolean checkShell, String message) { 1241 PermissionManagerService.this.enforceCrossUserPermission(callingUid, userId, 1242 requireFullPermission, checkShell, message); 1243 } 1244 @Override 1245 public void enforceGrantRevokeRuntimePermissionPermissions(String message) { 1246 PermissionManagerService.this.enforceGrantRevokeRuntimePermissionPermissions(message); 1247 } 1248 @Override 1249 public int checkPermission(String permName, String packageName, int callingUid, 1250 int userId) { 1251 return PermissionManagerService.this.checkPermission( 1252 permName, packageName, callingUid, userId); 1253 } 1254 @Override 1255 public PermissionInfo getPermissionInfo(String permName, String packageName, int flags, 1256 int callingUid) { 1257 return PermissionManagerService.this.getPermissionInfo( 1258 permName, packageName, flags, callingUid); 1259 } 1260 @Override 1261 public List<PermissionInfo> getPermissionInfoByGroup(String group, int flags, 1262 int callingUid) { 1263 return PermissionManagerService.this.getPermissionInfoByGroup(group, flags, callingUid); 1264 } 1265 @Override 1266 public PermissionSettings getPermissionSettings() { 1267 return mSettings; 1268 } 1269 @Override 1270 public DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy() { 1271 return mDefaultPermissionGrantPolicy; 1272 } 1273 @Override 1274 public BasePermission getPermissionTEMP(String permName) { 1275 synchronized (PermissionManagerService.this.mLock) { 1276 return mSettings.getPermissionLocked(permName); 1277 } 1278 } 1279 @Override 1280 public void putPermissionTEMP(String permName, BasePermission permission) { 1281 synchronized (PermissionManagerService.this.mLock) { 1282 mSettings.putPermissionLocked(permName, (BasePermission) permission); 1283 } 1284 } 1285 @Override 1286 public Iterator<BasePermission> getPermissionIteratorTEMP() { 1287 synchronized (PermissionManagerService.this.mLock) { 1288 return mSettings.getAllPermissionsLocked().iterator(); 1289 } 1290 } 1291 } 1292} 1293