core/java/android/permission/PermissionManager.java

/*
 * Copyright (C) 2018 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.permission;

import android.Manifest;
import android.annotation.NonNull;
import android.annotation.SystemApi;
import android.annotation.SystemService;
import android.content.Context;

import com.android.internal.annotations.Immutable;

import java.util.Arrays;
import java.util.List;

/**
 * System level service for accessing the permission capabilities of the platform.
 *
 * @hide
 */
@SystemApi
@SystemService(Context.PERMISSION_SERVICE)
public final class PermissionManager {
    /**
     * {@link android.content.pm.PackageParser} needs access without having a {@link Context}.
     *
     * @hide
     */
    public static final SplitPermissionInfo[] SPLIT_PERMISSIONS = new SplitPermissionInfo[]{
            // READ_EXTERNAL_STORAGE is always required when an app requests
            // WRITE_EXTERNAL_STORAGE, because we can't have an app that has
            // write access without read access.  The hack here with the target
            // target SDK version ensures that this grant is always done.
            new SplitPermissionInfo(android.Manifest.permission.WRITE_EXTERNAL_STORAGE,
                    new String[]{android.Manifest.permission.READ_EXTERNAL_STORAGE},
                    android.os.Build.VERSION_CODES.CUR_DEVELOPMENT + 1),
            new SplitPermissionInfo(android.Manifest.permission.READ_CONTACTS,
                    new String[]{android.Manifest.permission.READ_CALL_LOG},
                    android.os.Build.VERSION_CODES.JELLY_BEAN),
            new SplitPermissionInfo(android.Manifest.permission.WRITE_CONTACTS,
                    new String[]{android.Manifest.permission.WRITE_CALL_LOG},
                    android.os.Build.VERSION_CODES.JELLY_BEAN),
            new SplitPermissionInfo(Manifest.permission.ACCESS_FINE_LOCATION,
                    new String[]{android.Manifest.permission.ACCESS_BACKGROUND_LOCATION},
                    android.os.Build.VERSION_CODES.P0),
            new SplitPermissionInfo(Manifest.permission.ACCESS_COARSE_LOCATION,
                    new String[]{android.Manifest.permission.ACCESS_BACKGROUND_LOCATION},
                    android.os.Build.VERSION_CODES.P0)};

    private final @NonNull Context mContext;

    /**
     * Creates a new instance.
     *
     * @param context The current context in which to operate.
     * @hide
     */
    public PermissionManager(@NonNull Context context) {
        mContext = context;
    }

    /**
     * Get list of permissions that have been split into more granular or dependent permissions.
     *
     * <p>E.g. before {@link android.os.Build.VERSION_CODES#P0} an app that was granted
     * {@link Manifest.permission#ACCESS_COARSE_LOCATION} could access he location while it was in
     * foreground and background. On platforms after {@link android.os.Build.VERSION_CODES#P0}
     * the location permission only grants location access while the app is in foreground. This
     * would break apps that target before {@link android.os.Build.VERSION_CODES#P0}. Hence whenever
     * such an old app asks for a location permission (i.e. the
     * {@link SplitPermissionInfo#getRootPermission()}), then the
     * {@link Manifest.permission#ACCESS_BACKGROUND_LOCATION} permission (inside
     * {@{@link SplitPermissionInfo#getNewPermissions}) is added.
     *
     * <p>Note: Regular apps do not have to worry about this. The platform and permission controller
     * automatically add the new permissions where needed.
     *
     * @return All permissions that are split.
     */
    public @NonNull List<SplitPermissionInfo> getSplitPermissions() {
        return Arrays.asList(SPLIT_PERMISSIONS);
    }

    /**
     * A permission that was added in a previous API level might have split into several
     * permissions. This object describes one such split.
     */
    @Immutable
    public static final class SplitPermissionInfo {
        private final @NonNull String mRootPerm;
        private final @NonNull String[] mNewPerms;
        private final int mTargetSdk;

        /**
         * Get the permission that is split.
         */
        public @NonNull String getRootPermission() {
            return mRootPerm;
        }

        /**
         * Get the permissions that are added.
         */
        public @NonNull String[] getNewPermissions() {
            return mNewPerms;
        }

        /**
         * Get the target API level when the permission was split.
         */
        public int getTargetSdk() {
            return mTargetSdk;
        }

        private SplitPermissionInfo(@NonNull String rootPerm, @NonNull String[] newPerms,
                int targetSdk) {
            mRootPerm = rootPerm;
            mNewPerms = newPerms;
            mTargetSdk = targetSdk;
        }
    }
}