Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 4dc50527d87a0f5a05a35caf5398eb7aec162213 / . / services / core / java / com / android / server / pm / permission / PermissionManagerService.java
blob: d2d857caa240b8a2f9743c11551c2d5f4dd60dca [file] [log] [blame]
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
19import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
20import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
21
22import android.Manifest;
23import android.annotation.NonNull;
24import android.annotation.Nullable;
25import android.app.AppOpsManager;
26import android.content.Context;
27import android.content.pm.PackageManager;
28import android.content.pm.PackageManagerInternal;
29import android.content.pm.PackageParser;
30import android.content.pm.ParceledListSlice;
31import android.content.pm.PermissionInfo;
32import android.content.pm.PackageParser.Package;
33import android.os.Binder;
34import android.os.Build;
35import android.os.Handler;
36import android.os.HandlerThread;
37import android.os.Process;
38import android.os.UserHandle;
39import android.os.UserManager;
40import android.os.UserManagerInternal;
41import android.os.storage.StorageManagerInternal;
42import android.util.ArrayMap;
43import android.util.ArraySet;
44import android.util.Log;
45import android.util.Slog;
46
47import com.android.internal.R;
48import com.android.internal.logging.MetricsLogger;
49import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
50import com.android.internal.util.ArrayUtils;
51import com.android.server.FgThread;
52import com.android.server.LocalServices;
53import com.android.server.ServiceThread;
54import com.android.server.SystemConfig;
55import com.android.server.Watchdog;
56import com.android.server.pm.PackageManagerService;
57import com.android.server.pm.PackageManagerServiceUtils;
58import com.android.server.pm.PackageSetting;
59import com.android.server.pm.ProcessLoggingHandler;
60import com.android.server.pm.SharedUserSetting;
61import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback;
62import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;
63import com.android.server.pm.permission.PermissionsState.PermissionState;
64
65import libcore.util.EmptyArray;
66
67import java.util.ArrayList;
68import java.util.Arrays;
69import java.util.Collection;
70import java.util.Iterator;
71import java.util.List;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]72import java.util.Set;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]73
74/**
75 * Manages all permissions and handles permissions related tasks.
76 */
77public class PermissionManagerService {
78 private static final String TAG = "PackageManager";
79
80 /** All dangerous permission names in the same order as the events in MetricsEvent */
81 private static final List<String> ALL_DANGEROUS_PERMISSIONS = Arrays.asList(
82 Manifest.permission.READ_CALENDAR,
83 Manifest.permission.WRITE_CALENDAR,
84 Manifest.permission.CAMERA,
85 Manifest.permission.READ_CONTACTS,
86 Manifest.permission.WRITE_CONTACTS,
87 Manifest.permission.GET_ACCOUNTS,
88 Manifest.permission.ACCESS_FINE_LOCATION,
89 Manifest.permission.ACCESS_COARSE_LOCATION,
90 Manifest.permission.RECORD_AUDIO,
91 Manifest.permission.READ_PHONE_STATE,
92 Manifest.permission.CALL_PHONE,
93 Manifest.permission.READ_CALL_LOG,
94 Manifest.permission.WRITE_CALL_LOG,
95 Manifest.permission.ADD_VOICEMAIL,
96 Manifest.permission.USE_SIP,
97 Manifest.permission.PROCESS_OUTGOING_CALLS,
98 Manifest.permission.READ_CELL_BROADCASTS,
99 Manifest.permission.BODY_SENSORS,
100 Manifest.permission.SEND_SMS,
101 Manifest.permission.RECEIVE_SMS,
102 Manifest.permission.READ_SMS,
103 Manifest.permission.RECEIVE_WAP_PUSH,
104 Manifest.permission.RECEIVE_MMS,
105 Manifest.permission.READ_EXTERNAL_STORAGE,
106 Manifest.permission.WRITE_EXTERNAL_STORAGE,
107 Manifest.permission.READ_PHONE_NUMBERS,
108 Manifest.permission.ANSWER_PHONE_CALLS);
109
110 /** Cap the size of permission trees that 3rd party apps can define */
111 private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768; // characters of text
112
113 /** Lock to protect internal data access */
114 private final Object mLock;
115
116 /** Internal connection to the package manager */
117 private final PackageManagerInternal mPackageManagerInt;
118
119 /** Internal connection to the user manager */
120 private final UserManagerInternal mUserManagerInt;
121
122 /** Default permission policy to provide proper behaviour out-of-the-box */
123 private final DefaultPermissionGrantPolicy mDefaultPermissionGrantPolicy;
124
125 /** Internal storage for permissions and related settings */
126 private final PermissionSettings mSettings;
127
128 private final HandlerThread mHandlerThread;
129 private final Handler mHandler;
130 private final Context mContext;
131
132 PermissionManagerService(Context context,
133 @Nullable DefaultPermissionGrantedCallback defaultGrantCallback,
134 @NonNull Object externalLock) {
135 mContext = context;
136 mLock = externalLock;
137 mPackageManagerInt = LocalServices.getService(PackageManagerInternal.class);
138 mUserManagerInt = LocalServices.getService(UserManagerInternal.class);
139 mSettings = new PermissionSettings(context, mLock);
140
141 mHandlerThread = new ServiceThread(TAG,
142 Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/);
143 mHandlerThread.start();
144 mHandler = new Handler(mHandlerThread.getLooper());
145 Watchdog.getInstance().addThread(mHandler);
146
147 mDefaultPermissionGrantPolicy = new DefaultPermissionGrantPolicy(
148 context, mHandlerThread.getLooper(), defaultGrantCallback, this);
149
150 // propagate permission configuration
151 final ArrayMap<String, SystemConfig.PermissionEntry> permConfig =
152 SystemConfig.getInstance().getPermissions();
153 synchronized (mLock) {
154 for (int i=0; i<permConfig.size(); i++) {
155 final SystemConfig.PermissionEntry perm = permConfig.valueAt(i);
156 BasePermission bp = mSettings.getPermissionLocked(perm.name);
157 if (bp == null) {
158 bp = new BasePermission(perm.name, "android", BasePermission.TYPE_BUILTIN);
159 mSettings.putPermissionLocked(perm.name, bp);
160 }
161 if (perm.gids != null) {
162 bp.setGids(perm.gids, perm.perUser);
163 }
164 }
165 }
166
167 LocalServices.addService(
168 PermissionManagerInternal.class, new PermissionManagerInternalImpl());
169 }
170
171 /**
172 * Creates and returns an initialized, internal service for use by other components.
173 * <p>
174 * The object returned is identical to the one returned by the LocalServices class using:
175 * {@code LocalServices.getService(PermissionManagerInternal.class);}
176 * <p>
177 * NOTE: The external lock is temporary and should be removed. This needs to be a
178 * lock created by the permission manager itself.
179 */
180 public static PermissionManagerInternal create(Context context,
181 @Nullable DefaultPermissionGrantedCallback defaultGrantCallback,
182 @NonNull Object externalLock) {
183 final PermissionManagerInternal permMgrInt =
184 LocalServices.getService(PermissionManagerInternal.class);
185 if (permMgrInt != null) {
186 return permMgrInt;
187 }
188 new PermissionManagerService(context, defaultGrantCallback, externalLock);
189 return LocalServices.getService(PermissionManagerInternal.class);
190 }
191
192 @Nullable BasePermission getPermission(String permName) {
193 synchronized (mLock) {
194 return mSettings.getPermissionLocked(permName);
195 }
196 }
197
198 private int checkPermission(String permName, String pkgName, int callingUid, int userId) {
199 if (!mUserManagerInt.exists(userId)) {
200 return PackageManager.PERMISSION_DENIED;
201 }
202
203 final PackageParser.Package pkg = mPackageManagerInt.getPackage(pkgName);
204 if (pkg != null && pkg.mExtras != null) {
205 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
206 return PackageManager.PERMISSION_DENIED;
207 }
208 final PackageSetting ps = (PackageSetting) pkg.mExtras;
209 final boolean instantApp = ps.getInstantApp(userId);
210 final PermissionsState permissionsState = ps.getPermissionsState();
211 if (permissionsState.hasPermission(permName, userId)) {
212 if (instantApp) {
213 synchronized (mLock) {
214 BasePermission bp = mSettings.getPermissionLocked(permName);
215 if (bp != null && bp.isInstant()) {
216 return PackageManager.PERMISSION_GRANTED;
217 }
218 }
219 } else {
220 return PackageManager.PERMISSION_GRANTED;
221 }
222 }
223 // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
224 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
225 .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
226 return PackageManager.PERMISSION_GRANTED;
227 }
228 }
229
230 return PackageManager.PERMISSION_DENIED;
231 }
232
233 private PermissionInfo getPermissionInfo(String name, String packageName, int flags,
234 int callingUid) {
235 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
236 return null;
237 }
238 // reader
239 synchronized (mLock) {
240 final BasePermission bp = mSettings.getPermissionLocked(name);
241 if (bp == null) {
242 return null;
243 }
244 final int adjustedProtectionLevel = adjustPermissionProtectionFlagsLocked(
245 bp.getProtectionLevel(), packageName, callingUid);
246 return bp.generatePermissionInfo(adjustedProtectionLevel, flags);
247 }
248 }
249
250 private List<PermissionInfo> getPermissionInfoByGroup(
251 String groupName, int flags, int callingUid) {
252 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
253 return null;
254 }
255 // reader
256 synchronized (mLock) {
257 // TODO Uncomment when mPermissionGroups moves to this class
258// if (groupName != null && !mPermissionGroups.containsKey(groupName)) {
259// // This is thrown as NameNotFoundException
260// return null;
261// }
262
263 final ArrayList<PermissionInfo> out = new ArrayList<PermissionInfo>(10);
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]264 for (BasePermission bp : mSettings.mPermissions.values()) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]265 final PermissionInfo pi = bp.generatePermissionInfo(groupName, flags);
266 if (pi != null) {
267 out.add(pi);
268 }
269 }
270 return out;
271 }
272 }
273
274 private int adjustPermissionProtectionFlagsLocked(
275 int protectionLevel, String packageName, int uid) {
276 // Signature permission flags area always reported
277 final int protectionLevelMasked = protectionLevel
278 & (PermissionInfo.PROTECTION_NORMAL
279 | PermissionInfo.PROTECTION_DANGEROUS
280 | PermissionInfo.PROTECTION_SIGNATURE);
281 if (protectionLevelMasked == PermissionInfo.PROTECTION_SIGNATURE) {
282 return protectionLevel;
283 }
284 // System sees all flags.
285 final int appId = UserHandle.getAppId(uid);
286 if (appId == Process.SYSTEM_UID || appId == Process.ROOT_UID
287 || appId == Process.SHELL_UID) {
288 return protectionLevel;
289 }
290 // Normalize package name to handle renamed packages and static libs
291 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
292 if (pkg == null) {
293 return protectionLevel;
294 }
295 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.O) {
296 return protectionLevelMasked;
297 }
298 // Apps that target O see flags for all protection levels.
299 final PackageSetting ps = (PackageSetting) pkg.mExtras;
300 if (ps == null) {
301 return protectionLevel;
302 }
303 if (ps.getAppId() != appId) {
304 return protectionLevel;
305 }
306 return protectionLevel;
307 }
308
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]309 private void addAllPermissions(PackageParser.Package pkg, boolean chatty) {
310 final int N = pkg.permissions.size();
311 for (int i=0; i<N; i++) {
312 PackageParser.Permission p = pkg.permissions.get(i);
313
314 // Assume by default that we did not install this permission into the system.
315 p.info.flags &= ~PermissionInfo.FLAG_INSTALLED;
316
317 // Now that permission groups have a special meaning, we ignore permission
318 // groups for legacy apps to prevent unexpected behavior. In particular,
319 // permissions for one app being granted to someone just because they happen
320 // to be in a group defined by another app (before this had no implications).
321 if (pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1) {
322 p.group = mPackageManagerInt.getPermissionGroupTEMP(p.info.group);
323 // Warn for a permission in an unknown group.
324 if (PackageManagerService.DEBUG_PERMISSIONS
325 && p.info.group != null && p.group == null) {
326 Slog.i(TAG, "Permission " + p.info.name + " from package "
327 + p.info.packageName + " in an unknown group " + p.info.group);
328 }
329 }
330
331 synchronized (PermissionManagerService.this.mLock) {
332 if (p.tree) {
333 final BasePermission bp = BasePermission.createOrUpdate(
334 mSettings.getPermissionTreeLocked(p.info.name), p, pkg,
335 mSettings.getAllPermissionTreesLocked(), chatty);
336 mSettings.putPermissionTreeLocked(p.info.name, bp);
337 } else {
338 final BasePermission bp = BasePermission.createOrUpdate(
339 mSettings.getPermissionLocked(p.info.name),
340 p, pkg, mSettings.getAllPermissionTreesLocked(), chatty);
341 mSettings.putPermissionLocked(p.info.name, bp);
342 }
343 }
344 }
345 }
346
347 private void removeAllPermissions(PackageParser.Package pkg, boolean chatty) {
348 synchronized (mLock) {
349 int N = pkg.permissions.size();
350 StringBuilder r = null;
351 for (int i=0; i<N; i++) {
352 PackageParser.Permission p = pkg.permissions.get(i);
353 BasePermission bp = (BasePermission) mSettings.mPermissions.get(p.info.name);
354 if (bp == null) {
355 bp = mSettings.mPermissionTrees.get(p.info.name);
356 }
357 if (bp != null && bp.isPermission(p)) {
358 bp.setPermission(null);
359 if (PackageManagerService.DEBUG_REMOVE && chatty) {
360 if (r == null) {
361 r = new StringBuilder(256);
362 } else {
363 r.append(' ');
364 }
365 r.append(p.info.name);
366 }
367 }
368 if (p.isAppOp()) {
369 ArraySet<String> appOpPkgs =
370 mSettings.mAppOpPermissionPackages.get(p.info.name);
371 if (appOpPkgs != null) {
372 appOpPkgs.remove(pkg.packageName);
373 }
374 }
375 }
376 if (r != null) {
377 if (PackageManagerService.DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r);
378 }
379
380 N = pkg.requestedPermissions.size();
381 r = null;
382 for (int i=0; i<N; i++) {
383 String perm = pkg.requestedPermissions.get(i);
384 if (mSettings.isPermissionAppOp(perm)) {
385 ArraySet<String> appOpPkgs = mSettings.mAppOpPermissionPackages.get(perm);
386 if (appOpPkgs != null) {
387 appOpPkgs.remove(pkg.packageName);
388 if (appOpPkgs.isEmpty()) {
389 mSettings.mAppOpPermissionPackages.remove(perm);
390 }
391 }
392 }
393 }
394 if (r != null) {
395 if (PackageManagerService.DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r);
396 }
397 }
398 }
399
400 private boolean addDynamicPermission(
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]401 PermissionInfo info, int callingUid, PermissionCallback callback) {
402 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
403 throw new SecurityException("Instant apps can't add permissions");
404 }
405 if (info.labelRes == 0 && info.nonLocalizedLabel == null) {
406 throw new SecurityException("Label must be specified in permission");
407 }
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]408 final BasePermission tree = mSettings.enforcePermissionTree(info.name, callingUid);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]409 final boolean added;
410 final boolean changed;
411 synchronized (mLock) {
412 BasePermission bp = mSettings.getPermissionLocked(info.name);
413 added = bp == null;
414 int fixedLevel = PermissionInfo.fixProtectionLevel(info.protectionLevel);
415 if (added) {
416 enforcePermissionCapLocked(info, tree);
417 bp = new BasePermission(info.name, tree.getSourcePackageName(),
418 BasePermission.TYPE_DYNAMIC);
419 } else if (bp.isDynamic()) {
Jeff Sharkey4dc50522017-10-17 15:29:41 -0600[diff] [blame^]420 // TODO: switch this back to SecurityException
421 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]422 + info.name);
423 }
424 changed = bp.addToTree(fixedLevel, info, tree);
425 if (added) {
426 mSettings.putPermissionLocked(info.name, bp);
427 }
428 }
429 if (changed && callback != null) {
430 callback.onPermissionChanged();
431 }
432 return added;
433 }
434
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]435 private void removeDynamicPermission(
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]436 String permName, int callingUid, PermissionCallback callback) {
437 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
438 throw new SecurityException("Instant applications don't have access to this method");
439 }
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]440 final BasePermission tree = mSettings.enforcePermissionTree(permName, callingUid);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]441 synchronized (mLock) {
442 final BasePermission bp = mSettings.getPermissionLocked(permName);
443 if (bp == null) {
444 return;
445 }
446 if (bp.isDynamic()) {
Jeff Sharkey4dc50522017-10-17 15:29:41 -0600[diff] [blame^]447 // TODO: switch this back to SecurityException
448 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]449 + permName);
450 }
451 mSettings.removePermissionLocked(permName);
452 if (callback != null) {
453 callback.onPermissionRemoved();
454 }
455 }
456 }
457
458 private void grantRuntimePermissionsGrantedToDisabledPackageLocked(
459 PackageParser.Package pkg, int callingUid, PermissionCallback callback) {
460 if (pkg.parentPackage == null) {
461 return;
462 }
463 if (pkg.requestedPermissions == null) {
464 return;
465 }
466 final PackageParser.Package disabledPkg =
467 mPackageManagerInt.getDisabledPackage(pkg.parentPackage.packageName);
468 if (disabledPkg == null || disabledPkg.mExtras == null) {
469 return;
470 }
471 final PackageSetting disabledPs = (PackageSetting) disabledPkg.mExtras;
472 if (!disabledPs.isPrivileged() || disabledPs.hasChildPackages()) {
473 return;
474 }
475 final int permCount = pkg.requestedPermissions.size();
476 for (int i = 0; i < permCount; i++) {
477 String permission = pkg.requestedPermissions.get(i);
478 BasePermission bp = mSettings.getPermissionLocked(permission);
479 if (bp == null || !(bp.isRuntime() || bp.isDevelopment())) {
480 continue;
481 }
482 for (int userId : mUserManagerInt.getUserIds()) {
483 if (disabledPs.getPermissionsState().hasRuntimePermission(permission, userId)) {
484 grantRuntimePermission(
485 permission, pkg.packageName, false, callingUid, userId, callback);
486 }
487 }
488 }
489 }
490
491 private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds,
492 String[] grantedPermissions, int callingUid, PermissionCallback callback) {
493 for (int userId : userIds) {
494 grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions, callingUid,
495 callback);
496 }
497 }
498
499 private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId,
500 String[] grantedPermissions, int callingUid, PermissionCallback callback) {
501 PackageSetting ps = (PackageSetting) pkg.mExtras;
502 if (ps == null) {
503 return;
504 }
505
506 PermissionsState permissionsState = ps.getPermissionsState();
507
508 final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
509 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
510
511 final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion
512 >= Build.VERSION_CODES.M;
513
514 final boolean instantApp = mPackageManagerInt.isInstantApp(pkg.packageName, userId);
515
516 for (String permission : pkg.requestedPermissions) {
517 final BasePermission bp;
518 synchronized (mLock) {
519 bp = mSettings.getPermissionLocked(permission);
520 }
521 if (bp != null && (bp.isRuntime() || bp.isDevelopment())
522 && (!instantApp || bp.isInstant())
523 && (supportsRuntimePermissions || !bp.isRuntimeOnly())
524 && (grantedPermissions == null
525 || ArrayUtils.contains(grantedPermissions, permission))) {
526 final int flags = permissionsState.getPermissionFlags(permission, userId);
527 if (supportsRuntimePermissions) {
528 // Installer cannot change immutable permissions.
529 if ((flags & immutableFlags) == 0) {
530 grantRuntimePermission(permission, pkg.packageName, false, callingUid,
531 userId, callback);
532 }
533 } else if (mSettings.mPermissionReviewRequired) {
534 // In permission review mode we clear the review flag when we
535 // are asked to install the app with all permissions granted.
536 if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) {
537 updatePermissionFlags(permission, pkg.packageName,
538 PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0, callingUid,
539 userId, callback);
540 }
541 }
542 }
543 }
544 }
545
546 private void grantRuntimePermission(String permName, String packageName, boolean overridePolicy,
547 int callingUid, final int userId, PermissionCallback callback) {
548 if (!mUserManagerInt.exists(userId)) {
549 Log.e(TAG, "No such user:" + userId);
550 return;
551 }
552
553 mContext.enforceCallingOrSelfPermission(
554 android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
555 "grantRuntimePermission");
556
557 enforceCrossUserPermission(callingUid, userId,
558 true /* requireFullPermission */, true /* checkShell */,
559 "grantRuntimePermission");
560
561 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
562 if (pkg == null || pkg.mExtras == null) {
563 throw new IllegalArgumentException("Unknown package: " + packageName);
564 }
565 final BasePermission bp;
566 synchronized(mLock) {
567 bp = mSettings.getPermissionLocked(permName);
568 }
569 if (bp == null) {
570 throw new IllegalArgumentException("Unknown permission: " + permName);
571 }
572 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
573 throw new IllegalArgumentException("Unknown package: " + packageName);
574 }
575
576 bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg);
577
578 // If a permission review is required for legacy apps we represent
579 // their permissions as always granted runtime ones since we need
580 // to keep the review required permission flag per user while an
581 // install permission's state is shared across all users.
582 if (mSettings.mPermissionReviewRequired
583 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
584 && bp.isRuntime()) {
585 return;
586 }
587
588 final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
589
590 final PackageSetting ps = (PackageSetting) pkg.mExtras;
591 final PermissionsState permissionsState = ps.getPermissionsState();
592
593 final int flags = permissionsState.getPermissionFlags(permName, userId);
594 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
595 throw new SecurityException("Cannot grant system fixed permission "
596 + permName + " for package " + packageName);
597 }
598 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
599 throw new SecurityException("Cannot grant policy fixed permission "
600 + permName + " for package " + packageName);
601 }
602
603 if (bp.isDevelopment()) {
604 // Development permissions must be handled specially, since they are not
605 // normal runtime permissions. For now they apply to all users.
606 if (permissionsState.grantInstallPermission(bp) !=
607 PermissionsState.PERMISSION_OPERATION_FAILURE) {
608 if (callback != null) {
609 callback.onInstallPermissionGranted();
610 }
611 }
612 return;
613 }
614
615 if (ps.getInstantApp(userId) && !bp.isInstant()) {
616 throw new SecurityException("Cannot grant non-ephemeral permission"
617 + permName + " for package " + packageName);
618 }
619
620 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
621 Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
622 return;
623 }
624
625 final int result = permissionsState.grantRuntimePermission(bp, userId);
626 switch (result) {
627 case PermissionsState.PERMISSION_OPERATION_FAILURE: {
628 return;
629 }
630
631 case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
632 if (callback != null) {
633 callback.onGidsChanged(UserHandle.getAppId(pkg.applicationInfo.uid), userId);
634 }
635 }
636 break;
637 }
638
639 if (bp.isRuntime()) {
640 logPermissionGranted(mContext, permName, packageName);
641 }
642
643 if (callback != null) {
644 callback.onPermissionGranted(uid, userId);
645 }
646
647 // Only need to do this if user is initialized. Otherwise it's a new user
648 // and there are no processes running as the user yet and there's no need
649 // to make an expensive call to remount processes for the changed permissions.
650 if (READ_EXTERNAL_STORAGE.equals(permName)
651 || WRITE_EXTERNAL_STORAGE.equals(permName)) {
652 final long token = Binder.clearCallingIdentity();
653 try {
654 if (mUserManagerInt.isUserInitialized(userId)) {
655 StorageManagerInternal storageManagerInternal = LocalServices.getService(
656 StorageManagerInternal.class);
657 storageManagerInternal.onExternalStoragePolicyChanged(uid, packageName);
658 }
659 } finally {
660 Binder.restoreCallingIdentity(token);
661 }
662 }
663
664 }
665
666 private void revokeRuntimePermission(String permName, String packageName,
667 boolean overridePolicy, int callingUid, int userId, PermissionCallback callback) {
668 if (!mUserManagerInt.exists(userId)) {
669 Log.e(TAG, "No such user:" + userId);
670 return;
671 }
672
673 mContext.enforceCallingOrSelfPermission(
674 android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS,
675 "revokeRuntimePermission");
676
677 enforceCrossUserPermission(Binder.getCallingUid(), userId,
678 true /* requireFullPermission */, true /* checkShell */,
679 "revokeRuntimePermission");
680
681 final int appId;
682
683 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
684 if (pkg == null || pkg.mExtras == null) {
685 throw new IllegalArgumentException("Unknown package: " + packageName);
686 }
687 if (mPackageManagerInt.filterAppAccess(pkg, Binder.getCallingUid(), userId)) {
688 throw new IllegalArgumentException("Unknown package: " + packageName);
689 }
690 final BasePermission bp = mSettings.getPermissionLocked(permName);
691 if (bp == null) {
692 throw new IllegalArgumentException("Unknown permission: " + permName);
693 }
694
695 bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg);
696
697 // If a permission review is required for legacy apps we represent
698 // their permissions as always granted runtime ones since we need
699 // to keep the review required permission flag per user while an
700 // install permission's state is shared across all users.
701 if (mSettings.mPermissionReviewRequired
702 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
703 && bp.isRuntime()) {
704 return;
705 }
706
707 final PackageSetting ps = (PackageSetting) pkg.mExtras;
708 final PermissionsState permissionsState = ps.getPermissionsState();
709
710 final int flags = permissionsState.getPermissionFlags(permName, userId);
711 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
712 throw new SecurityException("Cannot revoke system fixed permission "
713 + permName + " for package " + packageName);
714 }
715 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
716 throw new SecurityException("Cannot revoke policy fixed permission "
717 + permName + " for package " + packageName);
718 }
719
720 if (bp.isDevelopment()) {
721 // Development permissions must be handled specially, since they are not
722 // normal runtime permissions. For now they apply to all users.
723 if (permissionsState.revokeInstallPermission(bp) !=
724 PermissionsState.PERMISSION_OPERATION_FAILURE) {
725 if (callback != null) {
726 callback.onInstallPermissionRevoked();
727 }
728 }
729 return;
730 }
731
732 if (permissionsState.revokeRuntimePermission(bp, userId) ==
733 PermissionsState.PERMISSION_OPERATION_FAILURE) {
734 return;
735 }
736
737 if (bp.isRuntime()) {
738 logPermissionRevoked(mContext, permName, packageName);
739 }
740
741 if (callback != null) {
742 final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
743 callback.onPermissionRevoked(pkg.applicationInfo.uid, userId);
744 }
745 }
746
747 private int[] revokeUnusedSharedUserPermissions(SharedUserSetting suSetting, int[] allUserIds) {
748 // Collect all used permissions in the UID
749 final ArraySet<String> usedPermissions = new ArraySet<>();
750 final List<PackageParser.Package> pkgList = suSetting.getPackages();
751 if (pkgList == null || pkgList.size() == 0) {
752 return EmptyArray.INT;
753 }
754 for (PackageParser.Package pkg : pkgList) {
755 final int requestedPermCount = pkg.requestedPermissions.size();
756 for (int j = 0; j < requestedPermCount; j++) {
757 String permission = pkg.requestedPermissions.get(j);
758 BasePermission bp = mSettings.getPermissionLocked(permission);
759 if (bp != null) {
760 usedPermissions.add(permission);
761 }
762 }
763 }
764
765 PermissionsState permissionsState = suSetting.getPermissionsState();
766 // Prune install permissions
767 List<PermissionState> installPermStates = permissionsState.getInstallPermissionStates();
768 final int installPermCount = installPermStates.size();
769 for (int i = installPermCount - 1; i >= 0; i--) {
770 PermissionState permissionState = installPermStates.get(i);
771 if (!usedPermissions.contains(permissionState.getName())) {
772 BasePermission bp = mSettings.getPermissionLocked(permissionState.getName());
773 if (bp != null) {
774 permissionsState.revokeInstallPermission(bp);
775 permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
776 PackageManager.MASK_PERMISSION_FLAGS, 0);
777 }
778 }
779 }
780
781 int[] runtimePermissionChangedUserIds = EmptyArray.INT;
782
783 // Prune runtime permissions
784 for (int userId : allUserIds) {
785 List<PermissionState> runtimePermStates = permissionsState
786 .getRuntimePermissionStates(userId);
787 final int runtimePermCount = runtimePermStates.size();
788 for (int i = runtimePermCount - 1; i >= 0; i--) {
789 PermissionState permissionState = runtimePermStates.get(i);
790 if (!usedPermissions.contains(permissionState.getName())) {
791 BasePermission bp = mSettings.getPermissionLocked(permissionState.getName());
792 if (bp != null) {
793 permissionsState.revokeRuntimePermission(bp, userId);
794 permissionsState.updatePermissionFlags(bp, userId,
795 PackageManager.MASK_PERMISSION_FLAGS, 0);
796 runtimePermissionChangedUserIds = ArrayUtils.appendInt(
797 runtimePermissionChangedUserIds, userId);
798 }
799 }
800 }
801 }
802
803 return runtimePermissionChangedUserIds;
804 }
805
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]806 private String[] getAppOpPermissionPackages(String permName) {
807 if (mPackageManagerInt.getInstantAppPackageName(Binder.getCallingUid()) != null) {
808 return null;
809 }
810 synchronized (mLock) {
811 final ArraySet<String> pkgs = mSettings.mAppOpPermissionPackages.get(permName);
812 if (pkgs == null) {
813 return null;
814 }
815 return pkgs.toArray(new String[pkgs.size()]);
816 }
817 }
818
819 private int getPermissionFlags(
820 String permName, String packageName, int callingUid, int userId) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]821 if (!mUserManagerInt.exists(userId)) {
822 return 0;
823 }
824
825 enforceGrantRevokeRuntimePermissionPermissions("getPermissionFlags");
826
827 enforceCrossUserPermission(callingUid, userId,
828 true /* requireFullPermission */, false /* checkShell */,
829 "getPermissionFlags");
830
831 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
832 if (pkg == null || pkg.mExtras == null) {
833 return 0;
834 }
835 synchronized (mLock) {
836 if (mSettings.getPermissionLocked(permName) == null) {
837 return 0;
838 }
839 }
840 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
841 return 0;
842 }
843 final PackageSetting ps = (PackageSetting) pkg.mExtras;
844 PermissionsState permissionsState = ps.getPermissionsState();
845 return permissionsState.getPermissionFlags(permName, userId);
846 }
847
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]848 private int updatePermissions(String packageName, PackageParser.Package pkgInfo, int flags) {
849 Set<BasePermission> needsUpdate = null;
850 synchronized (mLock) {
851 final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator();
852 while (it.hasNext()) {
853 final BasePermission bp = it.next();
854 if (bp.isDynamic()) {
855 bp.updateDynamicPermission(mSettings.mPermissionTrees.values());
856 }
857 if (bp.getSourcePackageSetting() != null) {
858 if (packageName != null && packageName.equals(bp.getSourcePackageName())
859 && (pkgInfo == null || !hasPermission(pkgInfo, bp.getName()))) {
860 Slog.i(TAG, "Removing old permission tree: " + bp.getName()
861 + " from package " + bp.getSourcePackageName());
862 flags |= PackageManagerService.UPDATE_PERMISSIONS_ALL;
863 it.remove();
864 }
865 continue;
866 }
867 if (needsUpdate == null) {
868 needsUpdate = new ArraySet<>(mSettings.mPermissions.size());
869 }
870 needsUpdate.add(bp);
871 }
872 }
873 if (needsUpdate != null) {
874 for (final BasePermission bp : needsUpdate) {
875 final PackageParser.Package pkg =
876 mPackageManagerInt.getPackage(bp.getSourcePackageName());
877 synchronized (mLock) {
878 if (pkg != null && pkg.mExtras != null) {
879 final PackageSetting ps = (PackageSetting) pkg.mExtras;
880 if (bp.getSourcePackageSetting() == null) {
881 bp.setSourcePackageSetting(ps);
882 }
883 continue;
884 }
885 Slog.w(TAG, "Removing dangling permission: " + bp.getName()
886 + " from package " + bp.getSourcePackageName());
887 mSettings.removePermissionLocked(bp.getName());
888 }
889 }
890 }
891 return flags;
892 }
893
894 private int updatePermissionTrees(String packageName, PackageParser.Package pkgInfo,
895 int flags) {
896 Set<BasePermission> needsUpdate = null;
897 synchronized (mLock) {
898 final Iterator<BasePermission> it = mSettings.mPermissionTrees.values().iterator();
899 while (it.hasNext()) {
900 final BasePermission bp = it.next();
901 if (bp.getSourcePackageSetting() != null) {
902 if (packageName != null && packageName.equals(bp.getSourcePackageName())
903 && (pkgInfo == null || !hasPermission(pkgInfo, bp.getName()))) {
904 Slog.i(TAG, "Removing old permission tree: " + bp.getName()
905 + " from package " + bp.getSourcePackageName());
906 flags |= PackageManagerService.UPDATE_PERMISSIONS_ALL;
907 it.remove();
908 }
909 continue;
910 }
911 if (needsUpdate == null) {
912 needsUpdate = new ArraySet<>(mSettings.mPermissionTrees.size());
913 }
914 needsUpdate.add(bp);
915 }
916 }
917 if (needsUpdate != null) {
918 for (final BasePermission bp : needsUpdate) {
919 final PackageParser.Package pkg =
920 mPackageManagerInt.getPackage(bp.getSourcePackageName());
921 synchronized (mLock) {
922 if (pkg != null && pkg.mExtras != null) {
923 final PackageSetting ps = (PackageSetting) pkg.mExtras;
924 if (bp.getSourcePackageSetting() == null) {
925 bp.setSourcePackageSetting(ps);
926 }
927 continue;
928 }
929 Slog.w(TAG, "Removing dangling permission tree: " + bp.getName()
930 + " from package " + bp.getSourcePackageName());
931 mSettings.removePermissionLocked(bp.getName());
932 }
933 }
934 }
935 return flags;
936 }
937
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]938 private void updatePermissionFlags(String permName, String packageName, int flagMask,
939 int flagValues, int callingUid, int userId, PermissionCallback callback) {
940 if (!mUserManagerInt.exists(userId)) {
941 return;
942 }
943
944 enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags");
945
946 enforceCrossUserPermission(callingUid, userId,
947 true /* requireFullPermission */, true /* checkShell */,
948 "updatePermissionFlags");
949
950 // Only the system can change these flags and nothing else.
951 if (callingUid != Process.SYSTEM_UID) {
952 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
953 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
954 flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
955 flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
956 flagValues &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
957 }
958
959 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
960 if (pkg == null || pkg.mExtras == null) {
961 throw new IllegalArgumentException("Unknown package: " + packageName);
962 }
963 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
964 throw new IllegalArgumentException("Unknown package: " + packageName);
965 }
966
967 final BasePermission bp;
968 synchronized (mLock) {
969 bp = mSettings.getPermissionLocked(permName);
970 }
971 if (bp == null) {
972 throw new IllegalArgumentException("Unknown permission: " + permName);
973 }
974
975 final PackageSetting ps = (PackageSetting) pkg.mExtras;
976 final PermissionsState permissionsState = ps.getPermissionsState();
977 final boolean hadState =
978 permissionsState.getRuntimePermissionState(permName, userId) != null;
979 final boolean permissionUpdated =
980 permissionsState.updatePermissionFlags(bp, userId, flagMask, flagValues);
981 if (permissionUpdated && callback != null) {
982 // Install and runtime permissions are stored in different places,
983 // so figure out what permission changed and persist the change.
984 if (permissionsState.getInstallPermissionState(permName) != null) {
985 callback.onInstallPermissionUpdated();
986 } else if (permissionsState.getRuntimePermissionState(permName, userId) != null
987 || hadState) {
988 callback.onPermissionUpdated(userId);
989 }
990 }
991 }
992
993 private boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid,
994 int userId, Collection<Package> packages, PermissionCallback callback) {
995 if (!mUserManagerInt.exists(userId)) {
996 return false;
997 }
998
999 enforceGrantRevokeRuntimePermissionPermissions(
1000 "updatePermissionFlagsForAllApps");
1001 enforceCrossUserPermission(callingUid, userId,
1002 true /* requireFullPermission */, true /* checkShell */,
1003 "updatePermissionFlagsForAllApps");
1004
1005 // Only the system can change system fixed flags.
1006 if (callingUid != Process.SYSTEM_UID) {
1007 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1008 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1009 }
1010
1011 boolean changed = false;
1012 for (PackageParser.Package pkg : packages) {
1013 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1014 if (ps == null) {
1015 continue;
1016 }
1017 PermissionsState permissionsState = ps.getPermissionsState();
1018 changed |= permissionsState.updatePermissionFlagsForAllPermissions(
1019 userId, flagMask, flagValues);
1020 }
1021 return changed;
1022 }
1023
1024 private void enforceGrantRevokeRuntimePermissionPermissions(String message) {
1025 if (mContext.checkCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS)
1026 != PackageManager.PERMISSION_GRANTED
1027 && mContext.checkCallingOrSelfPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS)
1028 != PackageManager.PERMISSION_GRANTED) {
1029 throw new SecurityException(message + " requires "
1030 + Manifest.permission.GRANT_RUNTIME_PERMISSIONS + " or "
1031 + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS);
1032 }
1033 }
1034
1035 /**
1036 * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS
1037 * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller.
1038 * @param checkShell whether to prevent shell from access if there's a debugging restriction
1039 * @param message the message to log on security exception
1040 */
1041 private void enforceCrossUserPermission(int callingUid, int userId,
1042 boolean requireFullPermission, boolean checkShell, String message) {
1043 if (userId < 0) {
1044 throw new IllegalArgumentException("Invalid userId " + userId);
1045 }
1046 if (checkShell) {
1047 PackageManagerServiceUtils.enforceShellRestriction(
1048 UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId);
1049 }
1050 if (userId == UserHandle.getUserId(callingUid)) return;
1051 if (callingUid != Process.SYSTEM_UID && callingUid != 0) {
1052 if (requireFullPermission) {
1053 mContext.enforceCallingOrSelfPermission(
1054 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message);
1055 } else {
1056 try {
1057 mContext.enforceCallingOrSelfPermission(
1058 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message);
1059 } catch (SecurityException se) {
1060 mContext.enforceCallingOrSelfPermission(
1061 android.Manifest.permission.INTERACT_ACROSS_USERS, message);
1062 }
1063 }
1064 }
1065 }
1066
1067 private int calculateCurrentPermissionFootprintLocked(BasePermission tree) {
1068 int size = 0;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1069 for (BasePermission perm : mSettings.mPermissions.values()) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1070 size += tree.calculateFootprint(perm);
1071 }
1072 return size;
1073 }
1074
1075 private void enforcePermissionCapLocked(PermissionInfo info, BasePermission tree) {
1076 // We calculate the max size of permissions defined by this uid and throw
1077 // if that plus the size of 'info' would exceed our stated maximum.
1078 if (tree.getUid() != Process.SYSTEM_UID) {
1079 final int curTreeSize = calculateCurrentPermissionFootprintLocked(tree);
1080 if (curTreeSize + info.calculateFootprint() > MAX_PERMISSION_TREE_FOOTPRINT) {
1081 throw new SecurityException("Permission tree size cap exceeded");
1082 }
1083 }
1084 }
1085
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1086 private static boolean hasPermission(PackageParser.Package pkgInfo, String permName) {
1087 for (int i=pkgInfo.permissions.size()-1; i>=0; i--) {
1088 if (pkgInfo.permissions.get(i).info.name.equals(permName)) {
1089 return true;
1090 }
1091 }
1092 return false;
1093 }
1094
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1095 /**
1096 * Get the first event id for the permission.
1097 *
1098 * <p>There are four events for each permission: <ul>
1099 * <li>Request permission: first id + 0</li>
1100 * <li>Grant permission: first id + 1</li>
1101 * <li>Request for permission denied: first id + 2</li>
1102 * <li>Revoke permission: first id + 3</li>
1103 * </ul></p>
1104 *
1105 * @param name name of the permission
1106 *
1107 * @return The first event id for the permission
1108 */
1109 private static int getBaseEventId(@NonNull String name) {
1110 int eventIdIndex = ALL_DANGEROUS_PERMISSIONS.indexOf(name);
1111
1112 if (eventIdIndex == -1) {
1113 if (AppOpsManager.permissionToOpCode(name) == AppOpsManager.OP_NONE
1114 || Build.IS_USER) {
1115 Log.i(TAG, "Unknown permission " + name);
1116
1117 return MetricsEvent.ACTION_PERMISSION_REQUEST_UNKNOWN;
1118 } else {
1119 // Most likely #ALL_DANGEROUS_PERMISSIONS needs to be updated.
1120 //
1121 // Also update
1122 // - EventLogger#ALL_DANGEROUS_PERMISSIONS
1123 // - metrics_constants.proto
1124 throw new IllegalStateException("Unknown permission " + name);
1125 }
1126 }
1127
1128 return MetricsEvent.ACTION_PERMISSION_REQUEST_READ_CALENDAR + eventIdIndex * 4;
1129 }
1130
1131 /**
1132 * Log that a permission was revoked.
1133 *
1134 * @param context Context of the caller
1135 * @param name name of the permission
1136 * @param packageName package permission if for
1137 */
1138 private static void logPermissionRevoked(@NonNull Context context, @NonNull String name,
1139 @NonNull String packageName) {
1140 MetricsLogger.action(context, getBaseEventId(name) + 3, packageName);
1141 }
1142
1143 /**
1144 * Log that a permission request was granted.
1145 *
1146 * @param context Context of the caller
1147 * @param name name of the permission
1148 * @param packageName package permission if for
1149 */
1150 private static void logPermissionGranted(@NonNull Context context, @NonNull String name,
1151 @NonNull String packageName) {
1152 MetricsLogger.action(context, getBaseEventId(name) + 1, packageName);
1153 }
1154
1155 private class PermissionManagerInternalImpl extends PermissionManagerInternal {
1156 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1157 public void addAllPermissions(Package pkg, boolean chatty) {
1158 PermissionManagerService.this.addAllPermissions(pkg, chatty);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1159 }
1160 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1161 public void removeAllPermissions(Package pkg, boolean chatty) {
1162 PermissionManagerService.this.removeAllPermissions(pkg, chatty);
1163 }
1164 @Override
1165 public boolean addDynamicPermission(PermissionInfo info, boolean async, int callingUid,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1166 PermissionCallback callback) {
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1167 return PermissionManagerService.this.addDynamicPermission(info, callingUid, callback);
1168 }
1169 @Override
1170 public void removeDynamicPermission(String permName, int callingUid,
1171 PermissionCallback callback) {
1172 PermissionManagerService.this.removeDynamicPermission(permName, callingUid, callback);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1173 }
1174 @Override
1175 public void grantRuntimePermission(String permName, String packageName,
1176 boolean overridePolicy, int callingUid, int userId,
1177 PermissionCallback callback) {
1178 PermissionManagerService.this.grantRuntimePermission(
1179 permName, packageName, overridePolicy, callingUid, userId, callback);
1180 }
1181 @Override
1182 public void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds,
1183 String[] grantedPermissions, int callingUid, PermissionCallback callback) {
1184 PermissionManagerService.this.grantRequestedRuntimePermissions(
1185 pkg, userIds, grantedPermissions, callingUid, callback);
1186 }
1187 @Override
1188 public void grantRuntimePermissionsGrantedToDisabledPackage(PackageParser.Package pkg,
1189 int callingUid, PermissionCallback callback) {
1190 PermissionManagerService.this.grantRuntimePermissionsGrantedToDisabledPackageLocked(
1191 pkg, callingUid, callback);
1192 }
1193 @Override
1194 public void revokeRuntimePermission(String permName, String packageName,
1195 boolean overridePolicy, int callingUid, int userId,
1196 PermissionCallback callback) {
1197 PermissionManagerService.this.revokeRuntimePermission(permName, packageName,
1198 overridePolicy, callingUid, userId, callback);
1199 }
1200 @Override
1201 public int[] revokeUnusedSharedUserPermissions(SharedUserSetting suSetting,
1202 int[] allUserIds) {
1203 return PermissionManagerService.this.revokeUnusedSharedUserPermissions(
1204 (SharedUserSetting) suSetting, allUserIds);
1205 }
1206 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1207 public String[] getAppOpPermissionPackages(String permName) {
1208 return PermissionManagerService.this.getAppOpPermissionPackages(permName);
1209 }
1210 @Override
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1211 public int getPermissionFlags(String permName, String packageName, int callingUid,
1212 int userId) {
1213 return PermissionManagerService.this.getPermissionFlags(permName, packageName,
1214 callingUid, userId);
1215 }
1216 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1217 public int updatePermissions(String packageName,
1218 PackageParser.Package pkgInfo, int flags) {
1219 return PermissionManagerService.this.updatePermissions(packageName, pkgInfo, flags);
1220 }
1221 @Override
1222 public int updatePermissionTrees(String packageName,
1223 PackageParser.Package pkgInfo, int flags) {
1224 return PermissionManagerService.this.updatePermissionTrees(packageName, pkgInfo, flags);
1225 }
1226 @Override
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1227 public void updatePermissionFlags(String permName, String packageName, int flagMask,
1228 int flagValues, int callingUid, int userId, PermissionCallback callback) {
1229 PermissionManagerService.this.updatePermissionFlags(
1230 permName, packageName, flagMask, flagValues, callingUid, userId, callback);
1231 }
1232 @Override
1233 public boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid,
1234 int userId, Collection<Package> packages, PermissionCallback callback) {
1235 return PermissionManagerService.this.updatePermissionFlagsForAllApps(
1236 flagMask, flagValues, callingUid, userId, packages, callback);
1237 }
1238 @Override
1239 public void enforceCrossUserPermission(int callingUid, int userId,
1240 boolean requireFullPermission, boolean checkShell, String message) {
1241 PermissionManagerService.this.enforceCrossUserPermission(callingUid, userId,
1242 requireFullPermission, checkShell, message);
1243 }
1244 @Override
1245 public void enforceGrantRevokeRuntimePermissionPermissions(String message) {
1246 PermissionManagerService.this.enforceGrantRevokeRuntimePermissionPermissions(message);
1247 }
1248 @Override
1249 public int checkPermission(String permName, String packageName, int callingUid,
1250 int userId) {
1251 return PermissionManagerService.this.checkPermission(
1252 permName, packageName, callingUid, userId);
1253 }
1254 @Override
1255 public PermissionInfo getPermissionInfo(String permName, String packageName, int flags,
1256 int callingUid) {
1257 return PermissionManagerService.this.getPermissionInfo(
1258 permName, packageName, flags, callingUid);
1259 }
1260 @Override
1261 public List<PermissionInfo> getPermissionInfoByGroup(String group, int flags,
1262 int callingUid) {
1263 return PermissionManagerService.this.getPermissionInfoByGroup(group, flags, callingUid);
1264 }
1265 @Override
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1266 public PermissionSettings getPermissionSettings() {
1267 return mSettings;
1268 }
1269 @Override
1270 public DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy() {
1271 return mDefaultPermissionGrantPolicy;
1272 }
1273 @Override
1274 public BasePermission getPermissionTEMP(String permName) {
1275 synchronized (PermissionManagerService.this.mLock) {
1276 return mSettings.getPermissionLocked(permName);
1277 }
1278 }
1279 @Override
1280 public void putPermissionTEMP(String permName, BasePermission permission) {
1281 synchronized (PermissionManagerService.this.mLock) {
1282 mSettings.putPermissionLocked(permName, (BasePermission) permission);
1283 }
1284 }
1285 @Override
1286 public Iterator<BasePermission> getPermissionIteratorTEMP() {
1287 synchronized (PermissionManagerService.this.mLock) {
1288 return mSettings.getAllPermissionsLocked().iterator();
1289 }
1290 }
1291 }
1292}