services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java

/*
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.server.policy;

import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
import static android.app.AppOpsManager.MODE_ALLOWED;
import static android.app.AppOpsManager.MODE_DEFAULT;
import static android.app.AppOpsManager.MODE_IGNORED;
import static android.app.AppOpsManager.OP_LEGACY_STORAGE;
import static android.app.AppOpsManager.OP_NONE;
import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION;
import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;
import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT;
import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT;

import static java.lang.Integer.min;

import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.AppOpsManager;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.os.Build;
import android.os.UserHandle;

/**
 * The behavior of soft restricted permissions is different for each permission. This class collects
 * the policies in one place.
 *
 * This is the twin of
 * {@link com.android.packageinstaller.permission.utils.SoftRestrictedPermissionPolicy}
 */
public abstract class SoftRestrictedPermissionPolicy {
    private static final int FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT =
            FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT
                    | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT
                    | FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;

    private static final SoftRestrictedPermissionPolicy DUMMY_POLICY =
            new SoftRestrictedPermissionPolicy() {
                @Override
                public int resolveAppOp() {
                    return OP_NONE;
                }

                @Override
                public int getDesiredOpMode() {
                    return MODE_DEFAULT;
                }

                @Override
                public boolean shouldSetAppOpIfNotDefault() {
                    return false;
                }

                @Override
                public boolean canBeGranted() {
                    return true;
                }
            };

    /**
     * TargetSDK is per package. To make sure two apps int the same shared UID do not fight over
     * what to set, always compute the combined targetSDK.
     *
     * @param context A context
     * @param appInfo The app that is changed
     * @param user The user the app belongs to
     *
     * @return The minimum targetSDK of all apps sharing the uid of the app
     */
    private static int getMinimumTargetSDK(@NonNull Context context,
            @NonNull ApplicationInfo appInfo, @NonNull UserHandle user) {
        PackageManager pm = context.getPackageManager();

        int minimumTargetSDK = appInfo.targetSdkVersion;

        String[] uidPkgs = pm.getPackagesForUid(appInfo.uid);
        if (uidPkgs != null) {
            for (String uidPkg : uidPkgs) {
                if (!uidPkg.equals(appInfo.packageName)) {
                    ApplicationInfo uidPkgInfo;
                    try {
                        uidPkgInfo = pm.getApplicationInfoAsUser(uidPkg, 0, user);
                    } catch (PackageManager.NameNotFoundException e) {
                        continue;
                    }

                    minimumTargetSDK = min(minimumTargetSDK, uidPkgInfo.targetSdkVersion);
                }
            }
        }

        return minimumTargetSDK;
    }

    /**
     * Get the policy for a soft restricted permission.
     *
     * @param context A context to use
     * @param appInfo The application the permission belongs to. Can be {@code null}, but then
     *                only {@link #resolveAppOp} will work.
     * @param user The user the app belongs to. Can be {@code null}, but then only
     *             {@link #resolveAppOp} will work.
     * @param permission The name of the permission
     *
     * @return The policy for this permission
     */
    public static @NonNull SoftRestrictedPermissionPolicy forPermission(@NonNull Context context,
            @Nullable ApplicationInfo appInfo, @Nullable UserHandle user,
            @NonNull String permission) {
        switch (permission) {
            // Storage uses a special app op to decide the mount state and supports soft restriction
            // where the restricted state allows the permission but only for accessing the medial
            // collections.
            case READ_EXTERNAL_STORAGE: {
                final int flags;
                final boolean applyRestriction;
                final boolean isWhiteListed;
                final boolean hasRequestedLegacyExternalStorage;
                final int targetSDK;

                if (appInfo != null) {
                    PackageManager pm = context.getPackageManager();
                    flags = pm.getPermissionFlags(permission, appInfo.packageName, user);
                    applyRestriction = (flags & FLAG_PERMISSION_APPLY_RESTRICTION) != 0;
                    isWhiteListed = (flags & FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0;
                    targetSDK = getMinimumTargetSDK(context, appInfo, user);

                    boolean hasAnyRequestedLegacyExternalStorage =
                            appInfo.hasRequestedLegacyExternalStorage();

                    // hasRequestedLegacyExternalStorage is per package. To make sure two apps in
                    // the same shared UID do not fight over what to set, always compute the
                    // combined hasRequestedLegacyExternalStorage
                    String[] uidPkgs = pm.getPackagesForUid(appInfo.uid);
                    if (uidPkgs != null) {
                        for (String uidPkg : uidPkgs) {
                            if (!uidPkg.equals(appInfo.packageName)) {
                                ApplicationInfo uidPkgInfo;
                                try {
                                    uidPkgInfo = pm.getApplicationInfoAsUser(uidPkg, 0, user);
                                } catch (PackageManager.NameNotFoundException e) {
                                    continue;
                                }

                                hasAnyRequestedLegacyExternalStorage |=
                                        uidPkgInfo.hasRequestedLegacyExternalStorage();
                            }
                        }
                    }

                    hasRequestedLegacyExternalStorage = hasAnyRequestedLegacyExternalStorage;
                } else {
                    flags = 0;
                    applyRestriction = false;
                    isWhiteListed = false;
                    hasRequestedLegacyExternalStorage = false;
                    targetSDK = 0;
                }

                return new SoftRestrictedPermissionPolicy() {
                    @Override
                    public int resolveAppOp() {
                        return OP_LEGACY_STORAGE;
                    }

                    @Override
                    public int getDesiredOpMode() {
                        if (applyRestriction) {
                            return MODE_DEFAULT;
                        } else if (hasRequestedLegacyExternalStorage) {
                            return MODE_ALLOWED;
                        } else {
                            return MODE_IGNORED;
                        }
                    }

                    @Override
                    public boolean shouldSetAppOpIfNotDefault() {
                        // Do not switch from allowed -> ignored as this would mean to retroactively
                        // turn on isolated storage. This will make the app loose all its files.
                        return getDesiredOpMode() != MODE_IGNORED;
                    }

                    @Override
                    public boolean canBeGranted() {
                        if (isWhiteListed || targetSDK >= Build.VERSION_CODES.Q) {
                            return true;
                        } else {
                            return false;
                        }
                    }
                };
            }
            case WRITE_EXTERNAL_STORAGE: {
                final boolean isWhiteListed;
                final int targetSDK;

                if (appInfo != null) {
                    final int flags = context.getPackageManager().getPermissionFlags(permission,
                            appInfo.packageName, user);
                    isWhiteListed = (flags & FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0;
                    targetSDK = getMinimumTargetSDK(context, appInfo, user);
                } else {
                    isWhiteListed = false;
                    targetSDK = 0;
                }

                return new SoftRestrictedPermissionPolicy() {
                    @Override
                    public int resolveAppOp() {
                        return OP_NONE;
                    }

                    @Override
                    public int getDesiredOpMode() {
                        return MODE_DEFAULT;
                    }

                    @Override
                    public boolean shouldSetAppOpIfNotDefault() {
                        return false;
                    }

                    @Override
                    public boolean canBeGranted() {
                        return isWhiteListed || targetSDK >= Build.VERSION_CODES.Q;
                    }
                };
            }
            default:
                return DUMMY_POLICY;
        }
    }

    /**
     * @return An app op to be changed based on the state of the permission or
     * {@link AppOpsManager#OP_NONE} if not app-op should be set.
     */
    public abstract int resolveAppOp();

    /**
     * @return The mode the {@link #resolveAppOp() app op} should be in.
     */
    public abstract @AppOpsManager.Mode int getDesiredOpMode();

    /**
     * @return If the {@link #resolveAppOp() app op} should be set even if the app-op is currently
     * not {@link AppOpsManager#MODE_DEFAULT}.
     */
    public abstract boolean shouldSetAppOpIfNotDefault();

    /**
     * @return If the permission can be granted
     */
    public abstract boolean canBeGranted();
}