| /* |
| * Copyright (C) 2019 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.server.location; |
| |
| import android.annotation.SuppressLint; |
| import android.app.AppOpsManager; |
| import android.content.ActivityNotFoundException; |
| import android.content.BroadcastReceiver; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.IntentFilter; |
| import android.content.pm.PackageManager; |
| import android.os.Handler; |
| import android.os.Looper; |
| import android.os.PowerManager; |
| import android.os.UserHandle; |
| import android.text.TextUtils; |
| import android.util.Log; |
| import android.util.StatsLog; |
| |
| import java.util.Arrays; |
| import java.util.HashMap; |
| import java.util.List; |
| import java.util.Map; |
| |
| /** |
| * Handles GNSS non-framework location access user visibility and control. |
| * |
| * The state of the GnssVisibilityControl object must be accessed/modified through the Handler |
| * thread only. |
| */ |
| class GnssVisibilityControl { |
| private static final String TAG = "GnssVisibilityControl"; |
| private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG); |
| |
| // Constants related to non-framework (NFW) location access permission proxy apps. |
| private static final String NFW_PROXY_APP_PKG_ACTIVITY_NAME_SUFFIX = |
| ".NonFrameworkLocationAccessActivity"; |
| private static final String NFW_INTENT_ACTION_NFW_LOCATION_ACCESS_SUFFIX = |
| ".intent.action.NON_FRAMEWORK_LOCATION_ACCESS"; |
| private static final String NFW_INTENT_TYPE = "text/plain"; |
| |
| private static final String LOCATION_PERMISSION_NAME = |
| "android.permission.ACCESS_FINE_LOCATION"; |
| |
| private static final String[] NO_LOCATION_ENABLED_PROXY_APPS = new String[0]; |
| |
| // Wakelocks |
| private static final String WAKELOCK_KEY = TAG; |
| private static final long WAKELOCK_TIMEOUT_MILLIS = 60 * 1000; |
| private final PowerManager.WakeLock mWakeLock; |
| |
| private final AppOpsManager mAppOps; |
| private final PackageManager mPackageManager; |
| |
| private final Handler mHandler; |
| private final Context mContext; |
| |
| private boolean mIsMasterLocationSettingsEnabled = true; |
| |
| // Number of non-framework location access proxy apps is expected to be small (< 5). |
| private static final int HASH_MAP_INITIAL_CAPACITY_PROXY_APP_TO_LOCATION_PERMISSIONS = 7; |
| private HashMap<String, Boolean> mProxyAppToLocationPermissions = new HashMap<>( |
| HASH_MAP_INITIAL_CAPACITY_PROXY_APP_TO_LOCATION_PERMISSIONS); |
| |
| private PackageManager.OnPermissionsChangedListener mOnPermissionsChangedListener = |
| uid -> runOnHandler(() -> handlePermissionsChanged(uid)); |
| |
| GnssVisibilityControl(Context context, Looper looper) { |
| mContext = context; |
| PowerManager powerManager = (PowerManager) context.getSystemService(Context.POWER_SERVICE); |
| mWakeLock = powerManager.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, WAKELOCK_KEY); |
| mHandler = new Handler(looper); |
| mAppOps = mContext.getSystemService(AppOpsManager.class); |
| mPackageManager = mContext.getPackageManager(); |
| |
| // Set to empty proxy app list initially until the configuration properties are loaded. |
| updateNfwLocationAccessProxyAppsInGnssHal(); |
| |
| // Listen for proxy app package installation, removal events. |
| listenForProxyAppsPackageUpdates(); |
| |
| // TODO(b/122855984): Handle global location settings on/off. |
| } |
| |
| void updateProxyApps(List<String> nfwLocationAccessProxyApps) { |
| // NOTE: This class doesn't explicitly register and listen for SIM_STATE_CHANGED event |
| // but rather piggy backs on the GnssLocationProvider SIM_STATE_CHANGED handling |
| // so that the order of processing is preserved. GnssLocationProvider should |
| // first load the new config parameters for the new SIM and then call this method. |
| runOnHandler(() -> handleUpdateProxyApps(nfwLocationAccessProxyApps)); |
| } |
| |
| void masterLocationSettingsUpdated(boolean enabled) { |
| runOnHandler(() -> handleMasterLocationSettingsUpdated(enabled)); |
| } |
| |
| void reportNfwNotification(String proxyAppPackageName, byte protocolStack, |
| String otherProtocolStackName, byte requestor, String requestorId, byte responseType, |
| boolean inEmergencyMode, boolean isCachedLocation) { |
| runOnHandler(() -> handleNfwNotification( |
| new NfwNotification(proxyAppPackageName, protocolStack, otherProtocolStackName, |
| requestor, requestorId, responseType, inEmergencyMode, isCachedLocation))); |
| } |
| |
| private void listenForProxyAppsPackageUpdates() { |
| IntentFilter intentFilter = new IntentFilter(); |
| intentFilter.addAction(Intent.ACTION_PACKAGE_ADDED); |
| intentFilter.addAction(Intent.ACTION_PACKAGE_REMOVED); |
| intentFilter.addAction(Intent.ACTION_PACKAGE_REPLACED); |
| intentFilter.addDataScheme("package"); |
| mContext.registerReceiverAsUser(new BroadcastReceiver() { |
| @Override |
| public void onReceive(Context context, Intent intent) { |
| String action = intent.getAction(); |
| if (action == null) { |
| return; |
| } |
| |
| switch (action) { |
| case Intent.ACTION_PACKAGE_ADDED: |
| case Intent.ACTION_PACKAGE_REMOVED: |
| case Intent.ACTION_PACKAGE_REPLACED: |
| String pkgName = intent.getData().getEncodedSchemeSpecificPart(); |
| handleProxyAppPackageUpdate(pkgName, action); |
| break; |
| } |
| } |
| }, UserHandle.ALL, intentFilter, null, mHandler); |
| } |
| |
| private void handleProxyAppPackageUpdate(String pkgName, String action) { |
| final Boolean locationPermission = mProxyAppToLocationPermissions.get(pkgName); |
| // pkgName is not one of the proxy apps in our list. |
| if (locationPermission == null) { |
| return; |
| } |
| |
| Log.i(TAG, "Proxy app " + pkgName + " package changed: " + action); |
| final boolean updatedLocationPermission = hasLocationPermission(pkgName); |
| if (locationPermission != updatedLocationPermission) { |
| // Permission changed. So, update the GNSS HAL with the updated list. |
| mProxyAppToLocationPermissions.put(pkgName, updatedLocationPermission); |
| updateNfwLocationAccessProxyAppsInGnssHal(); |
| } |
| } |
| |
| private void handleUpdateProxyApps(List<String> nfwLocationAccessProxyApps) { |
| if (!isProxyAppListUpdated(nfwLocationAccessProxyApps)) { |
| return; |
| } |
| |
| if (nfwLocationAccessProxyApps.isEmpty()) { |
| // Stop listening for app permission changes. Clear the app list in GNSS HAL. |
| if (!mProxyAppToLocationPermissions.isEmpty()) { |
| mPackageManager.removeOnPermissionsChangeListener(mOnPermissionsChangedListener); |
| mProxyAppToLocationPermissions.clear(); |
| updateNfwLocationAccessProxyAppsInGnssHal(); |
| } |
| return; |
| } |
| |
| if (mProxyAppToLocationPermissions.isEmpty()) { |
| mPackageManager.addOnPermissionsChangeListener(mOnPermissionsChangedListener); |
| } else { |
| mProxyAppToLocationPermissions.clear(); |
| } |
| |
| for (String proxApp : nfwLocationAccessProxyApps) { |
| mProxyAppToLocationPermissions.put(proxApp, hasLocationPermission(proxApp)); |
| } |
| |
| updateNfwLocationAccessProxyAppsInGnssHal(); |
| } |
| |
| private boolean isProxyAppListUpdated(List<String> nfwLocationAccessProxyApps) { |
| if (nfwLocationAccessProxyApps.size() != mProxyAppToLocationPermissions.size()) { |
| return true; |
| } |
| |
| for (String nfwLocationAccessProxyApp : nfwLocationAccessProxyApps) { |
| if (!mProxyAppToLocationPermissions.containsKey(nfwLocationAccessProxyApp)) { |
| return true; |
| } |
| } |
| |
| return false; |
| } |
| |
| private void handleMasterLocationSettingsUpdated(boolean enabled) { |
| mIsMasterLocationSettingsEnabled = enabled; |
| Log.i(TAG, "Master location settings switch changed to " |
| + (enabled ? "enabled" : "disabled")); |
| updateNfwLocationAccessProxyAppsInGnssHal(); |
| } |
| |
| // Represents NfwNotification structure in IGnssVisibilityControlCallback.hal |
| private static class NfwNotification { |
| private static final String KEY_PROTOCOL_STACK = "ProtocolStack"; |
| private static final String KEY_OTHER_PROTOCOL_STACK_NAME = "OtherProtocolStackName"; |
| private static final String KEY_REQUESTOR = "Requestor"; |
| private static final String KEY_REQUESTOR_ID = "RequestorId"; |
| private static final String KEY_RESPONSE_TYPE = "ResponseType"; |
| private static final String KEY_IN_EMERGENCY_MODE = "InEmergencyMode"; |
| private static final String KEY_IS_CACHED_LOCATION = "IsCachedLocation"; |
| |
| // This must match with NfwResponseType enum in IGnssVisibilityControlCallback.hal. |
| private static final byte NFW_RESPONSE_TYPE_REJECTED = 0; |
| private static final byte NFW_RESPONSE_TYPE_ACCEPTED_NO_LOCATION_PROVIDED = 1; |
| private static final byte NFW_RESPONSE_TYPE_ACCEPTED_LOCATION_PROVIDED = 2; |
| |
| private final String mProxyAppPackageName; |
| private final byte mProtocolStack; |
| private final String mOtherProtocolStackName; |
| private final byte mRequestor; |
| private final String mRequestorId; |
| private final byte mResponseType; |
| private final boolean mInEmergencyMode; |
| private final boolean mIsCachedLocation; |
| |
| private NfwNotification(String proxyAppPackageName, byte protocolStack, |
| String otherProtocolStackName, byte requestor, String requestorId, |
| byte responseType, boolean inEmergencyMode, boolean isCachedLocation) { |
| mProxyAppPackageName = proxyAppPackageName; |
| mProtocolStack = protocolStack; |
| mOtherProtocolStackName = otherProtocolStackName; |
| mRequestor = requestor; |
| mRequestorId = requestorId; |
| mResponseType = responseType; |
| mInEmergencyMode = inEmergencyMode; |
| mIsCachedLocation = isCachedLocation; |
| } |
| |
| private void copyFieldsToIntent(Intent intent) { |
| intent.putExtra(KEY_PROTOCOL_STACK, mProtocolStack); |
| if (!TextUtils.isEmpty(mOtherProtocolStackName)) { |
| intent.putExtra(KEY_OTHER_PROTOCOL_STACK_NAME, mOtherProtocolStackName); |
| } |
| intent.putExtra(KEY_REQUESTOR, mRequestor); |
| if (!TextUtils.isEmpty(mRequestorId)) { |
| intent.putExtra(KEY_REQUESTOR_ID, mRequestorId); |
| } |
| intent.putExtra(KEY_RESPONSE_TYPE, mResponseType); |
| intent.putExtra(KEY_IN_EMERGENCY_MODE, mInEmergencyMode); |
| if (mResponseType == NFW_RESPONSE_TYPE_ACCEPTED_LOCATION_PROVIDED) { |
| intent.putExtra(KEY_IS_CACHED_LOCATION, mIsCachedLocation); |
| } |
| } |
| |
| @SuppressLint("DefaultLocale") |
| public String toString() { |
| return String.format( |
| "[Notification] proxyAppPackageName: %s, protocolStack: %d" |
| + ", otherProtocolStackName: %s, requestor: %d, requestorId: %s" |
| + ", responseType: %d, inEmergencyMode: %b, isCachedLocation: %b", |
| mProxyAppPackageName, mProtocolStack, mOtherProtocolStackName, |
| mRequestor, mRequestorId, mResponseType, mInEmergencyMode, mIsCachedLocation); |
| } |
| |
| private String getResponseTypeAsString() { |
| switch (mResponseType) { |
| case NFW_RESPONSE_TYPE_REJECTED: |
| return "REJECTED"; |
| case NFW_RESPONSE_TYPE_ACCEPTED_NO_LOCATION_PROVIDED: |
| return "ACCEPTED_NO_LOCATION_PROVIDED"; |
| case NFW_RESPONSE_TYPE_ACCEPTED_LOCATION_PROVIDED: |
| return "ACCEPTED_LOCATION_PROVIDED"; |
| default: |
| return "<Unknown>"; |
| } |
| } |
| } |
| |
| private void handlePermissionsChanged(int uid) { |
| if (mProxyAppToLocationPermissions.isEmpty()) { |
| return; |
| } |
| |
| for (Map.Entry<String, Boolean> entry : mProxyAppToLocationPermissions.entrySet()) { |
| // Cannot cache uid since the application could be uninstalled and reinstalled. |
| final String proxyApp = entry.getKey(); |
| final Integer nfwProxyAppUid = getApplicationUid(proxyApp); |
| if (nfwProxyAppUid == null || nfwProxyAppUid != uid) { |
| continue; |
| } |
| |
| final boolean isLocationPermissionEnabled = hasLocationPermission(proxyApp); |
| if (isLocationPermissionEnabled != entry.getValue()) { |
| Log.i(TAG, "Location permission setting is changed to " |
| + (isLocationPermissionEnabled ? "enabled" : "disabled") |
| + " for non-framework location access proxy app " |
| + proxyApp); |
| entry.setValue(isLocationPermissionEnabled); |
| updateNfwLocationAccessProxyAppsInGnssHal(); |
| return; |
| } |
| } |
| } |
| |
| private Integer getApplicationUid(String pkgName) { |
| try { |
| return mPackageManager.getApplicationInfo(pkgName, 0).uid; |
| } catch (PackageManager.NameNotFoundException e) { |
| if (DEBUG) { |
| Log.d(TAG, "Non-framework location access proxy app " |
| + pkgName + " is not found."); |
| } |
| return null; |
| } |
| } |
| |
| private boolean hasLocationPermission(String pkgName) { |
| return mPackageManager.checkPermission(LOCATION_PERMISSION_NAME, pkgName) |
| == PackageManager.PERMISSION_GRANTED; |
| } |
| |
| private void updateNfwLocationAccessProxyAppsInGnssHal() { |
| final String[] locationPermissionEnabledProxyApps = shouldDisableNfwLocationAccess() |
| ? NO_LOCATION_ENABLED_PROXY_APPS : getLocationPermissionEnabledProxyApps(); |
| final String proxyAppsStr = Arrays.toString(locationPermissionEnabledProxyApps); |
| Log.i(TAG, "Updating non-framework location access proxy apps in the GNSS HAL to: " |
| + proxyAppsStr); |
| boolean result = native_enable_nfw_location_access(locationPermissionEnabledProxyApps); |
| if (!result) { |
| Log.e(TAG, "Failed to update non-framework location access proxy apps in the" |
| + " GNSS HAL to: " + proxyAppsStr); |
| } |
| } |
| |
| private boolean shouldDisableNfwLocationAccess() { |
| return !mIsMasterLocationSettingsEnabled; |
| } |
| |
| private String[] getLocationPermissionEnabledProxyApps() { |
| // Get a count of proxy apps with location permission enabled to array creation size. |
| int countLocationPermissionEnabledProxyApps = 0; |
| for (Boolean hasLocationPermissionEnabled : mProxyAppToLocationPermissions.values()) { |
| if (hasLocationPermissionEnabled) { |
| ++countLocationPermissionEnabledProxyApps; |
| } |
| } |
| |
| int i = 0; |
| String[] locationPermissionEnabledProxyApps = |
| new String[countLocationPermissionEnabledProxyApps]; |
| for (Map.Entry<String, Boolean> entry : mProxyAppToLocationPermissions.entrySet()) { |
| final String proxyApp = entry.getKey(); |
| final boolean hasLocationPermissionEnabled = entry.getValue(); |
| if (hasLocationPermissionEnabled) { |
| locationPermissionEnabledProxyApps[i++] = proxyApp; |
| } |
| } |
| return locationPermissionEnabledProxyApps; |
| } |
| |
| private void handleNfwNotification(NfwNotification nfwNotification) { |
| if (DEBUG) Log.d(TAG, nfwNotification.toString()); |
| |
| final String proxyAppPackageName = nfwNotification.mProxyAppPackageName; |
| Boolean isLocationPermissionEnabled = mProxyAppToLocationPermissions.get( |
| proxyAppPackageName); |
| boolean isLocationRequestAccepted = |
| nfwNotification.mResponseType != NfwNotification.NFW_RESPONSE_TYPE_REJECTED; |
| boolean isPermissionMismatched; |
| if (isLocationPermissionEnabled == null) { |
| isPermissionMismatched = isLocationRequestAccepted; |
| } else { |
| isPermissionMismatched = (isLocationPermissionEnabled != isLocationRequestAccepted); |
| } |
| logEvent(nfwNotification, isPermissionMismatched); |
| |
| if (TextUtils.isEmpty(proxyAppPackageName)) { |
| Log.e(TAG, "ProxyAppPackageName field is not set. Not sending intent to proxy app for " |
| + nfwNotification); |
| return; |
| } |
| |
| if (isLocationPermissionEnabled == null) { |
| // App is not in the configured list. |
| Log.e(TAG, "Could not find proxy app with name: " + proxyAppPackageName + " in the " |
| + "value specified for config parameter: " |
| + GnssConfiguration.CONFIG_NFW_PROXY_APPS + ". Not sending intent to proxy app" |
| + " for " + nfwNotification); |
| return; |
| } |
| |
| // Send intent to non-framework location proxy app with notification information. |
| final Intent intent = new Intent( |
| proxyAppPackageName + NFW_INTENT_ACTION_NFW_LOCATION_ACCESS_SUFFIX); |
| final String proxAppActivityName = |
| proxyAppPackageName + NFW_PROXY_APP_PKG_ACTIVITY_NAME_SUFFIX; |
| intent.setClassName(proxyAppPackageName, proxAppActivityName); |
| intent.setType(NFW_INTENT_TYPE); |
| nfwNotification.copyFieldsToIntent(intent); |
| |
| // Check if the proxy app is still installed. |
| final Integer clsAppUid = getApplicationUid(proxyAppPackageName); |
| if (clsAppUid == null || intent.resolveActivity(mPackageManager) == null) { |
| Log.i(TAG, "Proxy application " + proxyAppPackageName + " and/or activity " |
| + proxAppActivityName + " is not found. Not sending" |
| + " intent to proxy app for " + nfwNotification); |
| return; |
| } |
| |
| // Display location icon attributed to this proxy app. |
| mAppOps.noteOpNoThrow(AppOpsManager.OP_FINE_LOCATION, clsAppUid, proxyAppPackageName); |
| |
| // Log proxy app permission mismatch between framework and GNSS HAL. |
| if (isPermissionMismatched) { |
| Log.w(TAG, "Permission mismatch. Framework proxy app " + proxyAppPackageName |
| + " location permission is set to " + isLocationPermissionEnabled |
| + " but GNSS non-framework location access response type is " |
| + nfwNotification.getResponseTypeAsString() + " for " + nfwNotification); |
| } |
| |
| // Notify proxy app. |
| try { |
| if (DEBUG) { |
| Log.d(TAG, "Sending non-framework location access notification intent: " + intent); |
| } |
| mContext.startActivityAsUser(intent, UserHandle.getUserHandleForUid(clsAppUid)); |
| } catch (ActivityNotFoundException e) { |
| Log.w(TAG, "Activity not found. Failed to send non-framework location access" |
| + " notification intent to proxy app activity: " + proxAppActivityName); |
| } |
| } |
| |
| private void logEvent(NfwNotification notification, boolean isPermissionMismatched) { |
| StatsLog.write(StatsLog.GNSS_NFW_NOTIFICATION_REPORTED, |
| notification.mProxyAppPackageName, |
| notification.mProtocolStack, |
| notification.mOtherProtocolStackName, |
| notification.mRequestor, |
| notification.mRequestorId, |
| notification.mResponseType, |
| notification.mInEmergencyMode, |
| notification.mIsCachedLocation, |
| isPermissionMismatched); |
| } |
| |
| private void runOnHandler(Runnable event) { |
| // Hold a wake lock until this message is delivered. |
| // Note that this assumes the message will not be removed from the queue before |
| // it is handled (otherwise the wake lock would be leaked). |
| mWakeLock.acquire(WAKELOCK_TIMEOUT_MILLIS); |
| if (!mHandler.post(runEventAndReleaseWakeLock(event))) { |
| mWakeLock.release(); |
| } |
| } |
| |
| private Runnable runEventAndReleaseWakeLock(Runnable event) { |
| return () -> { |
| try { |
| event.run(); |
| } finally { |
| mWakeLock.release(); |
| } |
| }; |
| } |
| |
| private native boolean native_enable_nfw_location_access(String[] proxyApps); |
| } |