Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / d66b9f3d0ca8ffe378b75f694dc84fe6e9ca0386 / . / services / core / java / com / android / server / pm / permission / PermissionManagerService.java
blob: bd30c5bfafe066536cae7ad4c04bbdecd4e07d04 [file] [log] [blame]
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
19import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
20import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]21import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]22import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL;
23import static com.android.server.pm.PackageManagerService.DEBUG_PACKAGE_SCANNING;
24import static com.android.server.pm.PackageManagerService.DEBUG_PERMISSIONS;
25import static com.android.server.pm.PackageManagerService.DEBUG_REMOVE;
26import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;
27import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]28
29import android.Manifest;
30import android.annotation.NonNull;
31import android.annotation.Nullable;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]32import android.content.Context;
33import android.content.pm.PackageManager;
34import android.content.pm.PackageManagerInternal;
35import android.content.pm.PackageParser;
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]36import android.content.pm.PermissionGroupInfo;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]37import android.content.pm.PermissionInfo;
38import android.content.pm.PackageParser.Package;
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]39import android.metrics.LogMaker;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]40import android.os.Binder;
41import android.os.Build;
42import android.os.Handler;
43import android.os.HandlerThread;
44import android.os.Process;
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]45import android.os.Trace;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]46import android.os.UserHandle;
47import android.os.UserManager;
48import android.os.UserManagerInternal;
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]49import android.os.storage.StorageManager;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]50import android.os.storage.StorageManagerInternal;
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]51import android.text.TextUtils;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]52import android.util.ArrayMap;
53import android.util.ArraySet;
54import android.util.Log;
55import android.util.Slog;
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]56import android.util.SparseArray;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]57
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]58import com.android.internal.annotations.GuardedBy;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]59import com.android.internal.logging.MetricsLogger;
60import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]61import com.android.internal.os.RoSystemProperties;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]62import com.android.internal.util.ArrayUtils;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]63import com.android.server.LocalServices;
64import com.android.server.ServiceThread;
65import com.android.server.SystemConfig;
66import com.android.server.Watchdog;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]67import com.android.server.pm.PackageManagerServiceUtils;
68import com.android.server.pm.PackageSetting;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]69import com.android.server.pm.SharedUserSetting;
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]70import com.android.server.pm.UserManagerService;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]71import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback;
72import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;
73import com.android.server.pm.permission.PermissionsState.PermissionState;
74
75import libcore.util.EmptyArray;
76
77import java.util.ArrayList;
78import java.util.Arrays;
79import java.util.Collection;
80import java.util.Iterator;
81import java.util.List;
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]82import java.util.Objects;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]83import java.util.Set;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]84
85/**
86 * Manages all permissions and handles permissions related tasks.
87 */
88public class PermissionManagerService {
89 private static final String TAG = "PackageManager";
90
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]91 /** Permission grant: not grant the permission. */
92 private static final int GRANT_DENIED = 1;
93 /** Permission grant: grant the permission as an install permission. */
94 private static final int GRANT_INSTALL = 2;
95 /** Permission grant: grant the permission as a runtime one. */
96 private static final int GRANT_RUNTIME = 3;
97 /** Permission grant: grant as runtime a permission that was granted as an install time one. */
98 private static final int GRANT_UPGRADE = 4;
99
100 /** Cap the size of permission trees that 3rd party apps can define; in characters of text */
101 private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768;
102 /** Empty array to avoid allocations */
103 private static final int[] EMPTY_INT_ARRAY = new int[0];
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]104
105 /** Lock to protect internal data access */
106 private final Object mLock;
107
108 /** Internal connection to the package manager */
109 private final PackageManagerInternal mPackageManagerInt;
110
111 /** Internal connection to the user manager */
112 private final UserManagerInternal mUserManagerInt;
113
114 /** Default permission policy to provide proper behaviour out-of-the-box */
115 private final DefaultPermissionGrantPolicy mDefaultPermissionGrantPolicy;
116
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]117 /**
118 * Built-in permissions. Read from system configuration files. Mapping is from
119 * UID to permission name.
120 */
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]121 private final SparseArray<ArraySet<String>> mSystemPermissions;
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]122
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]123 /** Built-in group IDs given to all packages. Read from system configuration files. */
124 private final int[] mGlobalGids;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]125
126 private final HandlerThread mHandlerThread;
127 private final Handler mHandler;
128 private final Context mContext;
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]129 private final MetricsLogger mMetricsLogger = new MetricsLogger();
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]130
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]131 /** Internal storage for permissions and related settings */
132 @GuardedBy("mLock")
133 private final PermissionSettings mSettings;
134
135 @GuardedBy("mLock")
136 private ArraySet<String> mPrivappPermissionsViolations;
137
138 @GuardedBy("mLock")
139 private boolean mSystemReady;
140
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]141 PermissionManagerService(Context context,
142 @Nullable DefaultPermissionGrantedCallback defaultGrantCallback,
143 @NonNull Object externalLock) {
144 mContext = context;
145 mLock = externalLock;
146 mPackageManagerInt = LocalServices.getService(PackageManagerInternal.class);
147 mUserManagerInt = LocalServices.getService(UserManagerInternal.class);
148 mSettings = new PermissionSettings(context, mLock);
149
150 mHandlerThread = new ServiceThread(TAG,
151 Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/);
152 mHandlerThread.start();
153 mHandler = new Handler(mHandlerThread.getLooper());
154 Watchdog.getInstance().addThread(mHandler);
155
156 mDefaultPermissionGrantPolicy = new DefaultPermissionGrantPolicy(
157 context, mHandlerThread.getLooper(), defaultGrantCallback, this);
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]158 SystemConfig systemConfig = SystemConfig.getInstance();
159 mSystemPermissions = systemConfig.getSystemPermissions();
160 mGlobalGids = systemConfig.getGlobalGids();
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]161
162 // propagate permission configuration
163 final ArrayMap<String, SystemConfig.PermissionEntry> permConfig =
164 SystemConfig.getInstance().getPermissions();
165 synchronized (mLock) {
166 for (int i=0; i<permConfig.size(); i++) {
167 final SystemConfig.PermissionEntry perm = permConfig.valueAt(i);
168 BasePermission bp = mSettings.getPermissionLocked(perm.name);
169 if (bp == null) {
170 bp = new BasePermission(perm.name, "android", BasePermission.TYPE_BUILTIN);
171 mSettings.putPermissionLocked(perm.name, bp);
172 }
173 if (perm.gids != null) {
174 bp.setGids(perm.gids, perm.perUser);
175 }
176 }
177 }
178
179 LocalServices.addService(
180 PermissionManagerInternal.class, new PermissionManagerInternalImpl());
181 }
182
183 /**
184 * Creates and returns an initialized, internal service for use by other components.
185 * <p>
186 * The object returned is identical to the one returned by the LocalServices class using:
187 * {@code LocalServices.getService(PermissionManagerInternal.class);}
188 * <p>
189 * NOTE: The external lock is temporary and should be removed. This needs to be a
190 * lock created by the permission manager itself.
191 */
192 public static PermissionManagerInternal create(Context context,
193 @Nullable DefaultPermissionGrantedCallback defaultGrantCallback,
194 @NonNull Object externalLock) {
195 final PermissionManagerInternal permMgrInt =
196 LocalServices.getService(PermissionManagerInternal.class);
197 if (permMgrInt != null) {
198 return permMgrInt;
199 }
200 new PermissionManagerService(context, defaultGrantCallback, externalLock);
201 return LocalServices.getService(PermissionManagerInternal.class);
202 }
203
204 @Nullable BasePermission getPermission(String permName) {
205 synchronized (mLock) {
206 return mSettings.getPermissionLocked(permName);
207 }
208 }
209
210 private int checkPermission(String permName, String pkgName, int callingUid, int userId) {
211 if (!mUserManagerInt.exists(userId)) {
212 return PackageManager.PERMISSION_DENIED;
213 }
214
215 final PackageParser.Package pkg = mPackageManagerInt.getPackage(pkgName);
216 if (pkg != null && pkg.mExtras != null) {
217 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
218 return PackageManager.PERMISSION_DENIED;
219 }
220 final PackageSetting ps = (PackageSetting) pkg.mExtras;
221 final boolean instantApp = ps.getInstantApp(userId);
222 final PermissionsState permissionsState = ps.getPermissionsState();
223 if (permissionsState.hasPermission(permName, userId)) {
224 if (instantApp) {
225 synchronized (mLock) {
226 BasePermission bp = mSettings.getPermissionLocked(permName);
227 if (bp != null && bp.isInstant()) {
228 return PackageManager.PERMISSION_GRANTED;
229 }
230 }
231 } else {
232 return PackageManager.PERMISSION_GRANTED;
233 }
234 }
235 // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
236 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
237 .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
238 return PackageManager.PERMISSION_GRANTED;
239 }
240 }
241
242 return PackageManager.PERMISSION_DENIED;
243 }
244
Todd Kennedy3c714492017-10-27 09:12:50 -0700[diff] [blame]245 private int checkUidPermission(String permName, PackageParser.Package pkg, int uid,
246 int callingUid) {
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]247 final int callingUserId = UserHandle.getUserId(callingUid);
248 final boolean isCallerInstantApp =
249 mPackageManagerInt.getInstantAppPackageName(callingUid) != null;
250 final boolean isUidInstantApp =
251 mPackageManagerInt.getInstantAppPackageName(uid) != null;
252 final int userId = UserHandle.getUserId(uid);
253 if (!mUserManagerInt.exists(userId)) {
254 return PackageManager.PERMISSION_DENIED;
255 }
256
Todd Kennedy3c714492017-10-27 09:12:50 -0700[diff] [blame]257 if (pkg != null) {
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]258 if (pkg.mSharedUserId != null) {
259 if (isCallerInstantApp) {
260 return PackageManager.PERMISSION_DENIED;
261 }
Todd Kennedy3c714492017-10-27 09:12:50 -0700[diff] [blame]262 } else if (mPackageManagerInt.filterAppAccess(pkg, callingUid, callingUserId)) {
263 return PackageManager.PERMISSION_DENIED;
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]264 }
265 final PermissionsState permissionsState =
266 ((PackageSetting) pkg.mExtras).getPermissionsState();
267 if (permissionsState.hasPermission(permName, userId)) {
268 if (isUidInstantApp) {
269 if (mSettings.isPermissionInstant(permName)) {
270 return PackageManager.PERMISSION_GRANTED;
271 }
272 } else {
273 return PackageManager.PERMISSION_GRANTED;
274 }
275 }
276 // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
277 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
278 .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
279 return PackageManager.PERMISSION_GRANTED;
280 }
281 } else {
282 ArraySet<String> perms = mSystemPermissions.get(uid);
283 if (perms != null) {
284 if (perms.contains(permName)) {
285 return PackageManager.PERMISSION_GRANTED;
286 }
287 if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms
288 .contains(Manifest.permission.ACCESS_FINE_LOCATION)) {
289 return PackageManager.PERMISSION_GRANTED;
290 }
291 }
292 }
293 return PackageManager.PERMISSION_DENIED;
294 }
295
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]296 private PermissionGroupInfo getPermissionGroupInfo(String groupName, int flags,
297 int callingUid) {
298 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
299 return null;
300 }
301 synchronized (mLock) {
302 return PackageParser.generatePermissionGroupInfo(
303 mSettings.mPermissionGroups.get(groupName), flags);
304 }
305 }
306
307 private List<PermissionGroupInfo> getAllPermissionGroups(int flags, int callingUid) {
308 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
309 return null;
310 }
311 synchronized (mLock) {
312 final int N = mSettings.mPermissionGroups.size();
313 final ArrayList<PermissionGroupInfo> out
314 = new ArrayList<PermissionGroupInfo>(N);
315 for (PackageParser.PermissionGroup pg : mSettings.mPermissionGroups.values()) {
316 out.add(PackageParser.generatePermissionGroupInfo(pg, flags));
317 }
318 return out;
319 }
320 }
321
322 private PermissionInfo getPermissionInfo(String permName, String packageName, int flags,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]323 int callingUid) {
324 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
325 return null;
326 }
327 // reader
328 synchronized (mLock) {
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]329 final BasePermission bp = mSettings.getPermissionLocked(permName);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]330 if (bp == null) {
331 return null;
332 }
333 final int adjustedProtectionLevel = adjustPermissionProtectionFlagsLocked(
334 bp.getProtectionLevel(), packageName, callingUid);
335 return bp.generatePermissionInfo(adjustedProtectionLevel, flags);
336 }
337 }
338
339 private List<PermissionInfo> getPermissionInfoByGroup(
340 String groupName, int flags, int callingUid) {
341 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
342 return null;
343 }
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]344 synchronized (mLock) {
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]345 if (groupName != null && !mSettings.mPermissionGroups.containsKey(groupName)) {
346 return null;
347 }
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]348 final ArrayList<PermissionInfo> out = new ArrayList<PermissionInfo>(10);
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]349 for (BasePermission bp : mSettings.mPermissions.values()) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]350 final PermissionInfo pi = bp.generatePermissionInfo(groupName, flags);
351 if (pi != null) {
352 out.add(pi);
353 }
354 }
355 return out;
356 }
357 }
358
359 private int adjustPermissionProtectionFlagsLocked(
360 int protectionLevel, String packageName, int uid) {
361 // Signature permission flags area always reported
362 final int protectionLevelMasked = protectionLevel
363 & (PermissionInfo.PROTECTION_NORMAL
364 | PermissionInfo.PROTECTION_DANGEROUS
365 | PermissionInfo.PROTECTION_SIGNATURE);
366 if (protectionLevelMasked == PermissionInfo.PROTECTION_SIGNATURE) {
367 return protectionLevel;
368 }
369 // System sees all flags.
370 final int appId = UserHandle.getAppId(uid);
371 if (appId == Process.SYSTEM_UID || appId == Process.ROOT_UID
372 || appId == Process.SHELL_UID) {
373 return protectionLevel;
374 }
375 // Normalize package name to handle renamed packages and static libs
376 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
377 if (pkg == null) {
378 return protectionLevel;
379 }
380 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.O) {
381 return protectionLevelMasked;
382 }
383 // Apps that target O see flags for all protection levels.
384 final PackageSetting ps = (PackageSetting) pkg.mExtras;
385 if (ps == null) {
386 return protectionLevel;
387 }
388 if (ps.getAppId() != appId) {
389 return protectionLevel;
390 }
391 return protectionLevel;
392 }
393
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]394 private void addAllPermissions(PackageParser.Package pkg, boolean chatty) {
395 final int N = pkg.permissions.size();
396 for (int i=0; i<N; i++) {
397 PackageParser.Permission p = pkg.permissions.get(i);
398
399 // Assume by default that we did not install this permission into the system.
400 p.info.flags &= ~PermissionInfo.FLAG_INSTALLED;
401
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]402 synchronized (PermissionManagerService.this.mLock) {
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]403 // Now that permission groups have a special meaning, we ignore permission
404 // groups for legacy apps to prevent unexpected behavior. In particular,
405 // permissions for one app being granted to someone just because they happen
406 // to be in a group defined by another app (before this had no implications).
407 if (pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1) {
408 p.group = mSettings.mPermissionGroups.get(p.info.group);
409 // Warn for a permission in an unknown group.
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]410 if (DEBUG_PERMISSIONS
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]411 && p.info.group != null && p.group == null) {
412 Slog.i(TAG, "Permission " + p.info.name + " from package "
413 + p.info.packageName + " in an unknown group " + p.info.group);
414 }
415 }
416
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]417 if (p.tree) {
418 final BasePermission bp = BasePermission.createOrUpdate(
419 mSettings.getPermissionTreeLocked(p.info.name), p, pkg,
420 mSettings.getAllPermissionTreesLocked(), chatty);
421 mSettings.putPermissionTreeLocked(p.info.name, bp);
422 } else {
423 final BasePermission bp = BasePermission.createOrUpdate(
424 mSettings.getPermissionLocked(p.info.name),
425 p, pkg, mSettings.getAllPermissionTreesLocked(), chatty);
426 mSettings.putPermissionLocked(p.info.name, bp);
427 }
428 }
429 }
430 }
431
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]432 private void addAllPermissionGroups(PackageParser.Package pkg, boolean chatty) {
433 final int N = pkg.permissionGroups.size();
434 StringBuilder r = null;
435 for (int i=0; i<N; i++) {
436 final PackageParser.PermissionGroup pg = pkg.permissionGroups.get(i);
437 final PackageParser.PermissionGroup cur = mSettings.mPermissionGroups.get(pg.info.name);
438 final String curPackageName = (cur == null) ? null : cur.info.packageName;
439 final boolean isPackageUpdate = pg.info.packageName.equals(curPackageName);
440 if (cur == null || isPackageUpdate) {
441 mSettings.mPermissionGroups.put(pg.info.name, pg);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]442 if (chatty && DEBUG_PACKAGE_SCANNING) {
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]443 if (r == null) {
444 r = new StringBuilder(256);
445 } else {
446 r.append(' ');
447 }
448 if (isPackageUpdate) {
449 r.append("UPD:");
450 }
451 r.append(pg.info.name);
452 }
453 } else {
454 Slog.w(TAG, "Permission group " + pg.info.name + " from package "
455 + pg.info.packageName + " ignored: original from "
456 + cur.info.packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]457 if (chatty && DEBUG_PACKAGE_SCANNING) {
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]458 if (r == null) {
459 r = new StringBuilder(256);
460 } else {
461 r.append(' ');
462 }
463 r.append("DUP:");
464 r.append(pg.info.name);
465 }
466 }
467 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]468 if (r != null && DEBUG_PACKAGE_SCANNING) {
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]469 Log.d(TAG, " Permission Groups: " + r);
470 }
471
472 }
473
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]474 private void removeAllPermissions(PackageParser.Package pkg, boolean chatty) {
475 synchronized (mLock) {
476 int N = pkg.permissions.size();
477 StringBuilder r = null;
478 for (int i=0; i<N; i++) {
479 PackageParser.Permission p = pkg.permissions.get(i);
480 BasePermission bp = (BasePermission) mSettings.mPermissions.get(p.info.name);
481 if (bp == null) {
482 bp = mSettings.mPermissionTrees.get(p.info.name);
483 }
484 if (bp != null && bp.isPermission(p)) {
485 bp.setPermission(null);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]486 if (DEBUG_REMOVE && chatty) {
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]487 if (r == null) {
488 r = new StringBuilder(256);
489 } else {
490 r.append(' ');
491 }
492 r.append(p.info.name);
493 }
494 }
495 if (p.isAppOp()) {
496 ArraySet<String> appOpPkgs =
497 mSettings.mAppOpPermissionPackages.get(p.info.name);
498 if (appOpPkgs != null) {
499 appOpPkgs.remove(pkg.packageName);
500 }
501 }
502 }
503 if (r != null) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]504 if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r);
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]505 }
506
507 N = pkg.requestedPermissions.size();
508 r = null;
509 for (int i=0; i<N; i++) {
510 String perm = pkg.requestedPermissions.get(i);
511 if (mSettings.isPermissionAppOp(perm)) {
512 ArraySet<String> appOpPkgs = mSettings.mAppOpPermissionPackages.get(perm);
513 if (appOpPkgs != null) {
514 appOpPkgs.remove(pkg.packageName);
515 if (appOpPkgs.isEmpty()) {
516 mSettings.mAppOpPermissionPackages.remove(perm);
517 }
518 }
519 }
520 }
521 if (r != null) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]522 if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r);
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]523 }
524 }
525 }
526
527 private boolean addDynamicPermission(
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]528 PermissionInfo info, int callingUid, PermissionCallback callback) {
529 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
530 throw new SecurityException("Instant apps can't add permissions");
531 }
532 if (info.labelRes == 0 && info.nonLocalizedLabel == null) {
533 throw new SecurityException("Label must be specified in permission");
534 }
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]535 final BasePermission tree = mSettings.enforcePermissionTree(info.name, callingUid);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]536 final boolean added;
537 final boolean changed;
538 synchronized (mLock) {
539 BasePermission bp = mSettings.getPermissionLocked(info.name);
540 added = bp == null;
541 int fixedLevel = PermissionInfo.fixProtectionLevel(info.protectionLevel);
542 if (added) {
543 enforcePermissionCapLocked(info, tree);
544 bp = new BasePermission(info.name, tree.getSourcePackageName(),
545 BasePermission.TYPE_DYNAMIC);
546 } else if (bp.isDynamic()) {
Jeff Sharkey4dc50522017-10-17 15:29:41 -0600[diff] [blame]547 // TODO: switch this back to SecurityException
548 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]549 + info.name);
550 }
551 changed = bp.addToTree(fixedLevel, info, tree);
552 if (added) {
553 mSettings.putPermissionLocked(info.name, bp);
554 }
555 }
556 if (changed && callback != null) {
557 callback.onPermissionChanged();
558 }
559 return added;
560 }
561
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]562 private void removeDynamicPermission(
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]563 String permName, int callingUid, PermissionCallback callback) {
564 if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
565 throw new SecurityException("Instant applications don't have access to this method");
566 }
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]567 final BasePermission tree = mSettings.enforcePermissionTree(permName, callingUid);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]568 synchronized (mLock) {
569 final BasePermission bp = mSettings.getPermissionLocked(permName);
570 if (bp == null) {
571 return;
572 }
573 if (bp.isDynamic()) {
Jeff Sharkey4dc50522017-10-17 15:29:41 -0600[diff] [blame]574 // TODO: switch this back to SecurityException
575 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]576 + permName);
577 }
578 mSettings.removePermissionLocked(permName);
579 if (callback != null) {
580 callback.onPermissionRemoved();
581 }
582 }
583 }
584
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]585 private void grantPermissions(PackageParser.Package pkg, boolean replace,
586 String packageOfInterest, PermissionCallback callback) {
587 // IMPORTANT: There are two types of permissions: install and runtime.
588 // Install time permissions are granted when the app is installed to
589 // all device users and users added in the future. Runtime permissions
590 // are granted at runtime explicitly to specific users. Normal and signature
591 // protected permissions are install time permissions. Dangerous permissions
592 // are install permissions if the app's target SDK is Lollipop MR1 or older,
593 // otherwise they are runtime permissions. This function does not manage
594 // runtime permissions except for the case an app targeting Lollipop MR1
595 // being upgraded to target a newer SDK, in which case dangerous permissions
596 // are transformed from install time to runtime ones.
597
598 final PackageSetting ps = (PackageSetting) pkg.mExtras;
599 if (ps == null) {
600 return;
601 }
602 final boolean isLegacySystemApp = mPackageManagerInt.isLegacySystemApp(pkg);
603
604 final PermissionsState permissionsState = ps.getPermissionsState();
605 PermissionsState origPermissions = permissionsState;
606
607 final int[] currentUserIds = UserManagerService.getInstance().getUserIds();
608
609 boolean runtimePermissionsRevoked = false;
610 int[] updatedUserIds = EMPTY_INT_ARRAY;
611
612 boolean changedInstallPermission = false;
613
614 if (replace) {
615 ps.setInstallPermissionsFixed(false);
616 if (!ps.isSharedUser()) {
617 origPermissions = new PermissionsState(permissionsState);
618 permissionsState.reset();
619 } else {
620 // We need to know only about runtime permission changes since the
621 // calling code always writes the install permissions state but
622 // the runtime ones are written only if changed. The only cases of
623 // changed runtime permissions here are promotion of an install to
624 // runtime and revocation of a runtime from a shared user.
625 synchronized (mLock) {
626 updatedUserIds = revokeUnusedSharedUserPermissionsLocked(
627 ps.getSharedUser(), UserManagerService.getInstance().getUserIds());
628 if (!ArrayUtils.isEmpty(updatedUserIds)) {
629 runtimePermissionsRevoked = true;
630 }
631 }
632 }
633 }
634
635 permissionsState.setGlobalGids(mGlobalGids);
636
637 synchronized (mLock) {
638 final int N = pkg.requestedPermissions.size();
639 for (int i = 0; i < N; i++) {
640 final String permName = pkg.requestedPermissions.get(i);
641 final BasePermission bp = mSettings.getPermissionLocked(permName);
642 final boolean appSupportsRuntimePermissions =
643 pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M;
644
645 if (DEBUG_INSTALL) {
646 Log.i(TAG, "Package " + pkg.packageName + " checking " + permName + ": " + bp);
647 }
648
649 if (bp == null || bp.getSourcePackageSetting() == null) {
650 if (packageOfInterest == null || packageOfInterest.equals(pkg.packageName)) {
651 if (DEBUG_PERMISSIONS) {
652 Slog.i(TAG, "Unknown permission " + permName
653 + " in package " + pkg.packageName);
654 }
655 }
656 continue;
657 }
658
659 // Limit ephemeral apps to ephemeral allowed permissions.
660 if (pkg.applicationInfo.isInstantApp() && !bp.isInstant()) {
661 if (DEBUG_PERMISSIONS) {
662 Log.i(TAG, "Denying non-ephemeral permission " + bp.getName()
663 + " for package " + pkg.packageName);
664 }
665 continue;
666 }
667
668 if (bp.isRuntimeOnly() && !appSupportsRuntimePermissions) {
669 if (DEBUG_PERMISSIONS) {
670 Log.i(TAG, "Denying runtime-only permission " + bp.getName()
671 + " for package " + pkg.packageName);
672 }
673 continue;
674 }
675
676 final String perm = bp.getName();
677 boolean allowedSig = false;
678 int grant = GRANT_DENIED;
679
680 // Keep track of app op permissions.
681 if (bp.isAppOp()) {
682 mSettings.addAppOpPackage(perm, pkg.packageName);
683 }
684
685 if (bp.isNormal()) {
686 // For all apps normal permissions are install time ones.
687 grant = GRANT_INSTALL;
688 } else if (bp.isRuntime()) {
689 // If a permission review is required for legacy apps we represent
690 // their permissions as always granted runtime ones since we need
691 // to keep the review required permission flag per user while an
692 // install permission's state is shared across all users.
693 if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired) {
694 // For legacy apps dangerous permissions are install time ones.
695 grant = GRANT_INSTALL;
696 } else if (origPermissions.hasInstallPermission(bp.getName())) {
697 // For legacy apps that became modern, install becomes runtime.
698 grant = GRANT_UPGRADE;
699 } else if (isLegacySystemApp) {
700 // For legacy system apps, install becomes runtime.
701 // We cannot check hasInstallPermission() for system apps since those
702 // permissions were granted implicitly and not persisted pre-M.
703 grant = GRANT_UPGRADE;
704 } else {
705 // For modern apps keep runtime permissions unchanged.
706 grant = GRANT_RUNTIME;
707 }
708 } else if (bp.isSignature()) {
709 // For all apps signature permissions are install time ones.
710 allowedSig = grantSignaturePermission(perm, pkg, bp, origPermissions);
711 if (allowedSig) {
712 grant = GRANT_INSTALL;
713 }
714 }
715
716 if (DEBUG_PERMISSIONS) {
717 Slog.i(TAG, "Granting permission " + perm + " to package " + pkg.packageName);
718 }
719
720 if (grant != GRANT_DENIED) {
721 if (!ps.isSystem() && ps.areInstallPermissionsFixed()) {
722 // If this is an existing, non-system package, then
723 // we can't add any new permissions to it.
724 if (!allowedSig && !origPermissions.hasInstallPermission(perm)) {
725 // Except... if this is a permission that was added
726 // to the platform (note: need to only do this when
727 // updating the platform).
728 if (!isNewPlatformPermissionForPackage(perm, pkg)) {
729 grant = GRANT_DENIED;
730 }
731 }
732 }
733
734 switch (grant) {
735 case GRANT_INSTALL: {
736 // Revoke this as runtime permission to handle the case of
737 // a runtime permission being downgraded to an install one.
738 // Also in permission review mode we keep dangerous permissions
739 // for legacy apps
740 for (int userId : UserManagerService.getInstance().getUserIds()) {
741 if (origPermissions.getRuntimePermissionState(
742 perm, userId) != null) {
743 // Revoke the runtime permission and clear the flags.
744 origPermissions.revokeRuntimePermission(bp, userId);
745 origPermissions.updatePermissionFlags(bp, userId,
746 PackageManager.MASK_PERMISSION_FLAGS, 0);
747 // If we revoked a permission permission, we have to write.
748 updatedUserIds = ArrayUtils.appendInt(
749 updatedUserIds, userId);
750 }
751 }
752 // Grant an install permission.
753 if (permissionsState.grantInstallPermission(bp) !=
754 PermissionsState.PERMISSION_OPERATION_FAILURE) {
755 changedInstallPermission = true;
756 }
757 } break;
758
759 case GRANT_RUNTIME: {
760 // Grant previously granted runtime permissions.
761 for (int userId : UserManagerService.getInstance().getUserIds()) {
762 final PermissionState permissionState = origPermissions
763 .getRuntimePermissionState(perm, userId);
764 int flags = permissionState != null
765 ? permissionState.getFlags() : 0;
766 if (origPermissions.hasRuntimePermission(perm, userId)) {
767 // Don't propagate the permission in a permission review
768 // mode if the former was revoked, i.e. marked to not
769 // propagate on upgrade. Note that in a permission review
770 // mode install permissions are represented as constantly
771 // granted runtime ones since we need to keep a per user
772 // state associated with the permission. Also the revoke
773 // on upgrade flag is no longer applicable and is reset.
774 final boolean revokeOnUpgrade = (flags & PackageManager
775 .FLAG_PERMISSION_REVOKE_ON_UPGRADE) != 0;
776 if (revokeOnUpgrade) {
777 flags &= ~PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE;
778 // Since we changed the flags, we have to write.
779 updatedUserIds = ArrayUtils.appendInt(
780 updatedUserIds, userId);
781 }
782 if (!mSettings.mPermissionReviewRequired || !revokeOnUpgrade) {
783 if (permissionsState.grantRuntimePermission(bp, userId) ==
784 PermissionsState.PERMISSION_OPERATION_FAILURE) {
785 // If we cannot put the permission as it was,
786 // we have to write.
787 updatedUserIds = ArrayUtils.appendInt(
788 updatedUserIds, userId);
789 }
790 }
791
792 // If the app supports runtime permissions no need for a review.
793 if (mSettings.mPermissionReviewRequired
794 && appSupportsRuntimePermissions
795 && (flags & PackageManager
796 .FLAG_PERMISSION_REVIEW_REQUIRED) != 0) {
797 flags &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
798 // Since we changed the flags, we have to write.
799 updatedUserIds = ArrayUtils.appendInt(
800 updatedUserIds, userId);
801 }
802 } else if (mSettings.mPermissionReviewRequired
803 && !appSupportsRuntimePermissions) {
804 // For legacy apps that need a permission review, every new
805 // runtime permission is granted but it is pending a review.
806 // We also need to review only platform defined runtime
807 // permissions as these are the only ones the platform knows
808 // how to disable the API to simulate revocation as legacy
809 // apps don't expect to run with revoked permissions.
810 if (PLATFORM_PACKAGE_NAME.equals(bp.getSourcePackageName())) {
811 if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) {
812 flags |= FLAG_PERMISSION_REVIEW_REQUIRED;
813 // We changed the flags, hence have to write.
814 updatedUserIds = ArrayUtils.appendInt(
815 updatedUserIds, userId);
816 }
817 }
818 if (permissionsState.grantRuntimePermission(bp, userId)
819 != PermissionsState.PERMISSION_OPERATION_FAILURE) {
820 // We changed the permission, hence have to write.
821 updatedUserIds = ArrayUtils.appendInt(
822 updatedUserIds, userId);
823 }
824 }
825 // Propagate the permission flags.
826 permissionsState.updatePermissionFlags(bp, userId, flags, flags);
827 }
828 } break;
829
830 case GRANT_UPGRADE: {
831 // Grant runtime permissions for a previously held install permission.
832 final PermissionState permissionState = origPermissions
833 .getInstallPermissionState(perm);
834 final int flags =
835 (permissionState != null) ? permissionState.getFlags() : 0;
836
837 if (origPermissions.revokeInstallPermission(bp)
838 != PermissionsState.PERMISSION_OPERATION_FAILURE) {
839 // We will be transferring the permission flags, so clear them.
840 origPermissions.updatePermissionFlags(bp, UserHandle.USER_ALL,
841 PackageManager.MASK_PERMISSION_FLAGS, 0);
842 changedInstallPermission = true;
843 }
844
845 // If the permission is not to be promoted to runtime we ignore it and
846 // also its other flags as they are not applicable to install permissions.
847 if ((flags & PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE) == 0) {
848 for (int userId : currentUserIds) {
849 if (permissionsState.grantRuntimePermission(bp, userId) !=
850 PermissionsState.PERMISSION_OPERATION_FAILURE) {
851 // Transfer the permission flags.
852 permissionsState.updatePermissionFlags(bp, userId,
853 flags, flags);
854 // If we granted the permission, we have to write.
855 updatedUserIds = ArrayUtils.appendInt(
856 updatedUserIds, userId);
857 }
858 }
859 }
860 } break;
861
862 default: {
863 if (packageOfInterest == null
864 || packageOfInterest.equals(pkg.packageName)) {
865 if (DEBUG_PERMISSIONS) {
866 Slog.i(TAG, "Not granting permission " + perm
867 + " to package " + pkg.packageName
868 + " because it was previously installed without");
869 }
870 }
871 } break;
872 }
873 } else {
874 if (permissionsState.revokeInstallPermission(bp) !=
875 PermissionsState.PERMISSION_OPERATION_FAILURE) {
876 // Also drop the permission flags.
877 permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
878 PackageManager.MASK_PERMISSION_FLAGS, 0);
879 changedInstallPermission = true;
880 Slog.i(TAG, "Un-granting permission " + perm
881 + " from package " + pkg.packageName
882 + " (protectionLevel=" + bp.getProtectionLevel()
883 + " flags=0x" + Integer.toHexString(pkg.applicationInfo.flags)
884 + ")");
885 } else if (bp.isAppOp()) {
886 // Don't print warning for app op permissions, since it is fine for them
887 // not to be granted, there is a UI for the user to decide.
888 if (DEBUG_PERMISSIONS
889 && (packageOfInterest == null
890 || packageOfInterest.equals(pkg.packageName))) {
891 Slog.i(TAG, "Not granting permission " + perm
892 + " to package " + pkg.packageName
893 + " (protectionLevel=" + bp.getProtectionLevel()
894 + " flags=0x" + Integer.toHexString(pkg.applicationInfo.flags)
895 + ")");
896 }
897 }
898 }
899 }
900
901 if ((changedInstallPermission || replace) && !ps.areInstallPermissionsFixed() &&
902 !ps.isSystem() || ps.isUpdatedSystem()) {
903 // This is the first that we have heard about this package, so the
904 // permissions we have now selected are fixed until explicitly
905 // changed.
906 ps.setInstallPermissionsFixed(true);
907 }
908 }
909
910 // Persist the runtime permissions state for users with changes. If permissions
911 // were revoked because no app in the shared user declares them we have to
912 // write synchronously to avoid losing runtime permissions state.
913 if (callback != null) {
914 callback.onPermissionUpdated(updatedUserIds, runtimePermissionsRevoked);
915 }
916 }
917
918 private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) {
919 boolean allowed = false;
920 final int NP = PackageParser.NEW_PERMISSIONS.length;
921 for (int ip=0; ip<NP; ip++) {
922 final PackageParser.NewPermissionInfo npi
923 = PackageParser.NEW_PERMISSIONS[ip];
924 if (npi.name.equals(perm)
925 && pkg.applicationInfo.targetSdkVersion < npi.sdkVersion) {
926 allowed = true;
927 Log.i(TAG, "Auto-granting " + perm + " to old pkg "
928 + pkg.packageName);
929 break;
930 }
931 }
932 return allowed;
933 }
934
935 /**
936 * Determines whether a package is whitelisted for a particular privapp permission.
937 *
938 * <p>Does NOT check whether the package is a privapp, just whether it's whitelisted.
939 *
940 * <p>This handles parent/child apps.
941 */
942 private boolean hasPrivappWhitelistEntry(String perm, PackageParser.Package pkg) {
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]943 ArraySet<String> wlPermissions = null;
944 if (pkg.isVendor()) {
945 wlPermissions =
946 SystemConfig.getInstance().getVendorPrivAppPermissions(pkg.packageName);
947 } else if (pkg.isProduct()) {
948 wlPermissions =
949 SystemConfig.getInstance().getProductPrivAppPermissions(pkg.packageName);
950 } else {
951 wlPermissions = SystemConfig.getInstance().getPrivAppPermissions(pkg.packageName);
952 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]953 // Let's check if this package is whitelisted...
954 boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm);
955 // If it's not, we'll also tail-recurse to the parent.
956 return whitelisted ||
957 pkg.parentPackage != null && hasPrivappWhitelistEntry(perm, pkg.parentPackage);
958 }
959
960 private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
961 BasePermission bp, PermissionsState origPermissions) {
962 boolean oemPermission = bp.isOEM();
Jiyong Park002fdbd2017-02-13 20:50:31 +0900[diff] [blame]963 boolean vendorPrivilegedPermission = bp.isVendorPrivileged();
964 boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged();
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]965 boolean privappPermissionsDisable =
966 RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_DISABLE;
967 boolean platformPermission = PLATFORM_PACKAGE_NAME.equals(bp.getSourcePackageName());
968 boolean platformPackage = PLATFORM_PACKAGE_NAME.equals(pkg.packageName);
969 if (!privappPermissionsDisable && privilegedPermission && pkg.isPrivileged()
970 && !platformPackage && platformPermission) {
971 if (!hasPrivappWhitelistEntry(perm, pkg)) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]972 // Only report violations for apps on system image
973 if (!mSystemReady && !pkg.isUpdatedSystemApp()) {
974 // it's only a reportable violation if the permission isn't explicitly denied
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]975 ArraySet<String> deniedPermissions = null;
976 if (pkg.isVendor()) {
977 deniedPermissions = SystemConfig.getInstance()
978 .getVendorPrivAppDenyPermissions(pkg.packageName);
979 } else if (pkg.isProduct()) {
980 deniedPermissions = SystemConfig.getInstance()
981 .getProductPrivAppDenyPermissions(pkg.packageName);
982 } else {
983 deniedPermissions = SystemConfig.getInstance()
984 .getPrivAppDenyPermissions(pkg.packageName);
985 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]986 final boolean permissionViolation =
987 deniedPermissions == null || !deniedPermissions.contains(perm);
Fyodor Kupolovf5e600d2017-10-25 17:03:50 -0700[diff] [blame]988 if (permissionViolation) {
989 Slog.w(TAG, "Privileged permission " + perm + " for package "
990 + pkg.packageName + " - not in privapp-permissions whitelist");
991
992 if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
993 if (mPrivappPermissionsViolations == null) {
994 mPrivappPermissionsViolations = new ArraySet<>();
995 }
996 mPrivappPermissionsViolations.add(pkg.packageName + ": " + perm);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]997 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]998 } else {
999 return false;
1000 }
1001 }
1002 if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
1003 return false;
1004 }
1005 }
1006 }
1007 final String systemPackageName = mPackageManagerInt.getKnownPackageName(
1008 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1009 final PackageParser.Package systemPackage =
1010 mPackageManagerInt.getPackage(systemPackageName);
Dan Cashman1dbe6d02018-01-23 11:18:28 -0800[diff] [blame]1011
1012 // check if the package is allow to use this signature permission. A package is allowed to
1013 // use a signature permission if:
1014 // - it has the same set of signing certificates as the source package
1015 // - or its signing certificate was rotated from the source package's certificate
1016 // - or its signing certificate is a previous signing certificate of the defining
1017 // package, and the defining package still trusts the old certificate for permissions
1018 // - or it shares the above relationships with the system package
1019 boolean allowed =
1020 pkg.mSigningDetails.hasAncestorOrSelf(
1021 bp.getSourcePackageSetting().getSigningDetails())
1022 || bp.getSourcePackageSetting().getSigningDetails().checkCapability(
1023 pkg.mSigningDetails,
1024 PackageParser.SigningDetails.CertCapabilities.PERMISSION)
1025 || pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails)
1026 || systemPackage.mSigningDetails.checkCapability(
1027 pkg.mSigningDetails,
1028 PackageParser.SigningDetails.CertCapabilities.PERMISSION);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1029 if (!allowed && (privilegedPermission || oemPermission)) {
1030 if (pkg.isSystem()) {
1031 // For updated system applications, a privileged/oem permission
1032 // is granted only if it had been defined by the original application.
1033 if (pkg.isUpdatedSystemApp()) {
1034 final PackageParser.Package disabledPkg =
1035 mPackageManagerInt.getDisabledPackage(pkg.packageName);
1036 final PackageSetting disabledPs =
1037 (disabledPkg != null) ? (PackageSetting) disabledPkg.mExtras : null;
1038 if (disabledPs != null
1039 && disabledPs.getPermissionsState().hasInstallPermission(perm)) {
1040 // If the original was granted this permission, we take
1041 // that grant decision as read and propagate it to the
1042 // update.
1043 if ((privilegedPermission && disabledPs.isPrivileged())
1044 || (oemPermission && disabledPs.isOem()
1045 && canGrantOemPermission(disabledPs, perm))) {
1046 allowed = true;
1047 }
1048 } else {
1049 // The system apk may have been updated with an older
1050 // version of the one on the data partition, but which
1051 // granted a new system permission that it didn't have
1052 // before. In this case we do want to allow the app to
1053 // now get the new permission if the ancestral apk is
1054 // privileged to get it.
Todd Kennedy1efb8332017-10-25 15:51:36 -0700[diff] [blame]1055 if (disabledPs != null && disabledPkg != null
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1056 && isPackageRequestingPermission(disabledPkg, perm)
1057 && ((privilegedPermission && disabledPs.isPrivileged())
1058 || (oemPermission && disabledPs.isOem()
1059 && canGrantOemPermission(disabledPs, perm)))) {
1060 allowed = true;
1061 }
1062 // Also if a privileged parent package on the system image or any of
1063 // its children requested a privileged/oem permission, the updated child
1064 // packages can also get the permission.
1065 if (pkg.parentPackage != null) {
1066 final PackageParser.Package disabledParentPkg = mPackageManagerInt
1067 .getDisabledPackage(pkg.parentPackage.packageName);
1068 final PackageSetting disabledParentPs = (disabledParentPkg != null)
1069 ? (PackageSetting) disabledParentPkg.mExtras : null;
1070 if (disabledParentPkg != null
1071 && ((privilegedPermission && disabledParentPs.isPrivileged())
1072 || (oemPermission && disabledParentPs.isOem()))) {
1073 if (isPackageRequestingPermission(disabledParentPkg, perm)
1074 && canGrantOemPermission(disabledParentPs, perm)) {
1075 allowed = true;
1076 } else if (disabledParentPkg.childPackages != null) {
1077 for (PackageParser.Package disabledChildPkg
1078 : disabledParentPkg.childPackages) {
1079 final PackageSetting disabledChildPs =
1080 (disabledChildPkg != null)
1081 ? (PackageSetting) disabledChildPkg.mExtras
1082 : null;
1083 if (isPackageRequestingPermission(disabledChildPkg, perm)
1084 && canGrantOemPermission(
1085 disabledChildPs, perm)) {
1086 allowed = true;
1087 break;
1088 }
1089 }
1090 }
1091 }
1092 }
1093 }
1094 } else {
1095 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1096 allowed = (privilegedPermission && pkg.isPrivileged())
1097 || (oemPermission && pkg.isOem()
1098 && canGrantOemPermission(ps, perm));
1099 }
Jiyong Park002fdbd2017-02-13 20:50:31 +0900[diff] [blame]1100 // In any case, don't grant a privileged permission to privileged vendor apps, if
1101 // the permission's protectionLevel does not have the extra 'vendorPrivileged'
1102 // flag.
1103 if (allowed && privilegedPermission &&
1104 !vendorPrivilegedPermission && pkg.isVendor()) {
1105 Slog.w(TAG, "Permission " + perm + " cannot be granted to privileged vendor apk "
1106 + pkg.packageName + " because it isn't a 'vendorPrivileged' permission.");
1107 allowed = false;
1108 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1109 }
1110 }
1111 if (!allowed) {
1112 if (!allowed
1113 && bp.isPre23()
1114 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
1115 // If this was a previously normal/dangerous permission that got moved
1116 // to a system permission as part of the runtime permission redesign, then
1117 // we still want to blindly grant it to old apps.
1118 allowed = true;
1119 }
1120 if (!allowed && bp.isInstaller()
1121 && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(
1122 PackageManagerInternal.PACKAGE_INSTALLER, UserHandle.USER_SYSTEM))) {
1123 // If this permission is to be granted to the system installer and
1124 // this app is an installer, then it gets the permission.
1125 allowed = true;
1126 }
1127 if (!allowed && bp.isVerifier()
1128 && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(
1129 PackageManagerInternal.PACKAGE_VERIFIER, UserHandle.USER_SYSTEM))) {
1130 // If this permission is to be granted to the system verifier and
1131 // this app is a verifier, then it gets the permission.
1132 allowed = true;
1133 }
1134 if (!allowed && bp.isPreInstalled()
1135 && pkg.isSystem()) {
1136 // Any pre-installed system app is allowed to get this permission.
1137 allowed = true;
1138 }
1139 if (!allowed && bp.isDevelopment()) {
1140 // For development permissions, a development permission
1141 // is granted only if it was already granted.
1142 allowed = origPermissions.hasInstallPermission(perm);
1143 }
1144 if (!allowed && bp.isSetup()
1145 && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(
1146 PackageManagerInternal.PACKAGE_SETUP_WIZARD, UserHandle.USER_SYSTEM))) {
1147 // If this permission is to be granted to the system setup wizard and
1148 // this app is a setup wizard, then it gets the permission.
1149 allowed = true;
1150 }
Makoto Onuki700feef2018-02-15 10:59:41 -0800[diff] [blame]1151 if (!allowed && bp.isSystemTextClassifier()
1152 && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(
1153 PackageManagerInternal.PACKAGE_SYSTEM_TEXT_CLASSIFIER,
1154 UserHandle.USER_SYSTEM))) {
1155 // Special permissions for the system default text classifier.
1156 allowed = true;
1157 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1158 }
1159 return allowed;
1160 }
1161
1162 private static boolean canGrantOemPermission(PackageSetting ps, String permission) {
1163 if (!ps.isOem()) {
1164 return false;
1165 }
1166 // all oem permissions must explicitly be granted or denied
1167 final Boolean granted =
1168 SystemConfig.getInstance().getOemPermissions(ps.name).get(permission);
1169 if (granted == null) {
1170 throw new IllegalStateException("OEM permission" + permission + " requested by package "
1171 + ps.name + " must be explicitly declared granted or not");
1172 }
1173 return Boolean.TRUE == granted;
1174 }
1175
1176 private boolean isPermissionsReviewRequired(PackageParser.Package pkg, int userId) {
1177 if (!mSettings.mPermissionReviewRequired) {
1178 return false;
1179 }
1180
1181 // Permission review applies only to apps not supporting the new permission model.
1182 if (pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M) {
1183 return false;
1184 }
1185
1186 // Legacy apps have the permission and get user consent on launch.
1187 if (pkg == null || pkg.mExtras == null) {
1188 return false;
1189 }
1190 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1191 final PermissionsState permissionsState = ps.getPermissionsState();
1192 return permissionsState.isPermissionReviewRequired(userId);
1193 }
1194
1195 private boolean isPackageRequestingPermission(PackageParser.Package pkg, String permission) {
1196 final int permCount = pkg.requestedPermissions.size();
1197 for (int j = 0; j < permCount; j++) {
1198 String requestedPermission = pkg.requestedPermissions.get(j);
1199 if (permission.equals(requestedPermission)) {
1200 return true;
1201 }
1202 }
1203 return false;
1204 }
1205
Andreas Gampea36dc622018-02-05 17:19:22 -0800[diff] [blame]1206 @GuardedBy("mLock")
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1207 private void grantRuntimePermissionsGrantedToDisabledPackageLocked(
1208 PackageParser.Package pkg, int callingUid, PermissionCallback callback) {
1209 if (pkg.parentPackage == null) {
1210 return;
1211 }
1212 if (pkg.requestedPermissions == null) {
1213 return;
1214 }
1215 final PackageParser.Package disabledPkg =
1216 mPackageManagerInt.getDisabledPackage(pkg.parentPackage.packageName);
1217 if (disabledPkg == null || disabledPkg.mExtras == null) {
1218 return;
1219 }
1220 final PackageSetting disabledPs = (PackageSetting) disabledPkg.mExtras;
1221 if (!disabledPs.isPrivileged() || disabledPs.hasChildPackages()) {
1222 return;
1223 }
1224 final int permCount = pkg.requestedPermissions.size();
1225 for (int i = 0; i < permCount; i++) {
1226 String permission = pkg.requestedPermissions.get(i);
1227 BasePermission bp = mSettings.getPermissionLocked(permission);
1228 if (bp == null || !(bp.isRuntime() || bp.isDevelopment())) {
1229 continue;
1230 }
1231 for (int userId : mUserManagerInt.getUserIds()) {
1232 if (disabledPs.getPermissionsState().hasRuntimePermission(permission, userId)) {
1233 grantRuntimePermission(
1234 permission, pkg.packageName, false, callingUid, userId, callback);
1235 }
1236 }
1237 }
1238 }
1239
1240 private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds,
1241 String[] grantedPermissions, int callingUid, PermissionCallback callback) {
1242 for (int userId : userIds) {
1243 grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions, callingUid,
1244 callback);
1245 }
1246 }
1247
1248 private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId,
1249 String[] grantedPermissions, int callingUid, PermissionCallback callback) {
1250 PackageSetting ps = (PackageSetting) pkg.mExtras;
1251 if (ps == null) {
1252 return;
1253 }
1254
1255 PermissionsState permissionsState = ps.getPermissionsState();
1256
1257 final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1258 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1259
1260 final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion
1261 >= Build.VERSION_CODES.M;
1262
1263 final boolean instantApp = mPackageManagerInt.isInstantApp(pkg.packageName, userId);
1264
1265 for (String permission : pkg.requestedPermissions) {
1266 final BasePermission bp;
1267 synchronized (mLock) {
1268 bp = mSettings.getPermissionLocked(permission);
1269 }
1270 if (bp != null && (bp.isRuntime() || bp.isDevelopment())
1271 && (!instantApp || bp.isInstant())
1272 && (supportsRuntimePermissions || !bp.isRuntimeOnly())
1273 && (grantedPermissions == null
1274 || ArrayUtils.contains(grantedPermissions, permission))) {
1275 final int flags = permissionsState.getPermissionFlags(permission, userId);
1276 if (supportsRuntimePermissions) {
1277 // Installer cannot change immutable permissions.
1278 if ((flags & immutableFlags) == 0) {
1279 grantRuntimePermission(permission, pkg.packageName, false, callingUid,
1280 userId, callback);
1281 }
1282 } else if (mSettings.mPermissionReviewRequired) {
1283 // In permission review mode we clear the review flag when we
1284 // are asked to install the app with all permissions granted.
1285 if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) {
1286 updatePermissionFlags(permission, pkg.packageName,
1287 PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0, callingUid,
1288 userId, callback);
1289 }
1290 }
1291 }
1292 }
1293 }
1294
1295 private void grantRuntimePermission(String permName, String packageName, boolean overridePolicy,
1296 int callingUid, final int userId, PermissionCallback callback) {
1297 if (!mUserManagerInt.exists(userId)) {
1298 Log.e(TAG, "No such user:" + userId);
1299 return;
1300 }
1301
1302 mContext.enforceCallingOrSelfPermission(
1303 android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
1304 "grantRuntimePermission");
1305
1306 enforceCrossUserPermission(callingUid, userId,
1307 true /* requireFullPermission */, true /* checkShell */,
1308 "grantRuntimePermission");
1309
1310 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
1311 if (pkg == null || pkg.mExtras == null) {
1312 throw new IllegalArgumentException("Unknown package: " + packageName);
1313 }
1314 final BasePermission bp;
1315 synchronized(mLock) {
1316 bp = mSettings.getPermissionLocked(permName);
1317 }
1318 if (bp == null) {
1319 throw new IllegalArgumentException("Unknown permission: " + permName);
1320 }
1321 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
1322 throw new IllegalArgumentException("Unknown package: " + packageName);
1323 }
1324
1325 bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg);
1326
1327 // If a permission review is required for legacy apps we represent
1328 // their permissions as always granted runtime ones since we need
1329 // to keep the review required permission flag per user while an
1330 // install permission's state is shared across all users.
1331 if (mSettings.mPermissionReviewRequired
1332 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
1333 && bp.isRuntime()) {
1334 return;
1335 }
1336
1337 final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
1338
1339 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1340 final PermissionsState permissionsState = ps.getPermissionsState();
1341
1342 final int flags = permissionsState.getPermissionFlags(permName, userId);
1343 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
1344 throw new SecurityException("Cannot grant system fixed permission "
1345 + permName + " for package " + packageName);
1346 }
1347 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1348 throw new SecurityException("Cannot grant policy fixed permission "
1349 + permName + " for package " + packageName);
1350 }
1351
1352 if (bp.isDevelopment()) {
1353 // Development permissions must be handled specially, since they are not
1354 // normal runtime permissions. For now they apply to all users.
1355 if (permissionsState.grantInstallPermission(bp) !=
1356 PermissionsState.PERMISSION_OPERATION_FAILURE) {
1357 if (callback != null) {
1358 callback.onInstallPermissionGranted();
1359 }
1360 }
1361 return;
1362 }
1363
1364 if (ps.getInstantApp(userId) && !bp.isInstant()) {
1365 throw new SecurityException("Cannot grant non-ephemeral permission"
1366 + permName + " for package " + packageName);
1367 }
1368
1369 if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
1370 Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
1371 return;
1372 }
1373
1374 final int result = permissionsState.grantRuntimePermission(bp, userId);
1375 switch (result) {
1376 case PermissionsState.PERMISSION_OPERATION_FAILURE: {
1377 return;
1378 }
1379
1380 case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
1381 if (callback != null) {
1382 callback.onGidsChanged(UserHandle.getAppId(pkg.applicationInfo.uid), userId);
1383 }
1384 }
1385 break;
1386 }
1387
1388 if (bp.isRuntime()) {
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1389 logPermission(MetricsEvent.ACTION_PERMISSION_GRANTED, permName, packageName);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1390 }
1391
1392 if (callback != null) {
1393 callback.onPermissionGranted(uid, userId);
1394 }
1395
1396 // Only need to do this if user is initialized. Otherwise it's a new user
1397 // and there are no processes running as the user yet and there's no need
1398 // to make an expensive call to remount processes for the changed permissions.
1399 if (READ_EXTERNAL_STORAGE.equals(permName)
1400 || WRITE_EXTERNAL_STORAGE.equals(permName)) {
1401 final long token = Binder.clearCallingIdentity();
1402 try {
1403 if (mUserManagerInt.isUserInitialized(userId)) {
1404 StorageManagerInternal storageManagerInternal = LocalServices.getService(
1405 StorageManagerInternal.class);
1406 storageManagerInternal.onExternalStoragePolicyChanged(uid, packageName);
1407 }
1408 } finally {
1409 Binder.restoreCallingIdentity(token);
1410 }
1411 }
1412
1413 }
1414
1415 private void revokeRuntimePermission(String permName, String packageName,
1416 boolean overridePolicy, int callingUid, int userId, PermissionCallback callback) {
1417 if (!mUserManagerInt.exists(userId)) {
1418 Log.e(TAG, "No such user:" + userId);
1419 return;
1420 }
1421
1422 mContext.enforceCallingOrSelfPermission(
1423 android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS,
1424 "revokeRuntimePermission");
1425
1426 enforceCrossUserPermission(Binder.getCallingUid(), userId,
1427 true /* requireFullPermission */, true /* checkShell */,
1428 "revokeRuntimePermission");
1429
1430 final int appId;
1431
1432 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
1433 if (pkg == null || pkg.mExtras == null) {
1434 throw new IllegalArgumentException("Unknown package: " + packageName);
1435 }
1436 if (mPackageManagerInt.filterAppAccess(pkg, Binder.getCallingUid(), userId)) {
1437 throw new IllegalArgumentException("Unknown package: " + packageName);
1438 }
1439 final BasePermission bp = mSettings.getPermissionLocked(permName);
1440 if (bp == null) {
1441 throw new IllegalArgumentException("Unknown permission: " + permName);
1442 }
1443
1444 bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg);
1445
1446 // If a permission review is required for legacy apps we represent
1447 // their permissions as always granted runtime ones since we need
1448 // to keep the review required permission flag per user while an
1449 // install permission's state is shared across all users.
1450 if (mSettings.mPermissionReviewRequired
1451 && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
1452 && bp.isRuntime()) {
1453 return;
1454 }
1455
1456 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1457 final PermissionsState permissionsState = ps.getPermissionsState();
1458
1459 final int flags = permissionsState.getPermissionFlags(permName, userId);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame^]1460 // Only the system may revoke SYSTEM_FIXED permissions.
1461 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1462 && UserHandle.getCallingAppId() != Process.SYSTEM_UID) {
1463 throw new SecurityException("Non-System UID cannot revoke system fixed permission "
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1464 + permName + " for package " + packageName);
1465 }
1466 if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1467 throw new SecurityException("Cannot revoke policy fixed permission "
1468 + permName + " for package " + packageName);
1469 }
1470
1471 if (bp.isDevelopment()) {
1472 // Development permissions must be handled specially, since they are not
1473 // normal runtime permissions. For now they apply to all users.
1474 if (permissionsState.revokeInstallPermission(bp) !=
1475 PermissionsState.PERMISSION_OPERATION_FAILURE) {
1476 if (callback != null) {
1477 callback.onInstallPermissionRevoked();
1478 }
1479 }
1480 return;
1481 }
1482
1483 if (permissionsState.revokeRuntimePermission(bp, userId) ==
1484 PermissionsState.PERMISSION_OPERATION_FAILURE) {
1485 return;
1486 }
1487
1488 if (bp.isRuntime()) {
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1489 logPermission(MetricsEvent.ACTION_PERMISSION_REVOKED, permName, packageName);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1490 }
1491
1492 if (callback != null) {
1493 final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
1494 callback.onPermissionRevoked(pkg.applicationInfo.uid, userId);
1495 }
1496 }
1497
Andreas Gampea36dc622018-02-05 17:19:22 -0800[diff] [blame]1498 @GuardedBy("mLock")
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1499 private int[] revokeUnusedSharedUserPermissionsLocked(
1500 SharedUserSetting suSetting, int[] allUserIds) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1501 // Collect all used permissions in the UID
1502 final ArraySet<String> usedPermissions = new ArraySet<>();
1503 final List<PackageParser.Package> pkgList = suSetting.getPackages();
1504 if (pkgList == null || pkgList.size() == 0) {
1505 return EmptyArray.INT;
1506 }
1507 for (PackageParser.Package pkg : pkgList) {
1508 final int requestedPermCount = pkg.requestedPermissions.size();
1509 for (int j = 0; j < requestedPermCount; j++) {
1510 String permission = pkg.requestedPermissions.get(j);
1511 BasePermission bp = mSettings.getPermissionLocked(permission);
1512 if (bp != null) {
1513 usedPermissions.add(permission);
1514 }
1515 }
1516 }
1517
1518 PermissionsState permissionsState = suSetting.getPermissionsState();
1519 // Prune install permissions
1520 List<PermissionState> installPermStates = permissionsState.getInstallPermissionStates();
1521 final int installPermCount = installPermStates.size();
1522 for (int i = installPermCount - 1; i >= 0; i--) {
1523 PermissionState permissionState = installPermStates.get(i);
1524 if (!usedPermissions.contains(permissionState.getName())) {
1525 BasePermission bp = mSettings.getPermissionLocked(permissionState.getName());
1526 if (bp != null) {
1527 permissionsState.revokeInstallPermission(bp);
1528 permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
1529 PackageManager.MASK_PERMISSION_FLAGS, 0);
1530 }
1531 }
1532 }
1533
1534 int[] runtimePermissionChangedUserIds = EmptyArray.INT;
1535
1536 // Prune runtime permissions
1537 for (int userId : allUserIds) {
1538 List<PermissionState> runtimePermStates = permissionsState
1539 .getRuntimePermissionStates(userId);
1540 final int runtimePermCount = runtimePermStates.size();
1541 for (int i = runtimePermCount - 1; i >= 0; i--) {
1542 PermissionState permissionState = runtimePermStates.get(i);
1543 if (!usedPermissions.contains(permissionState.getName())) {
1544 BasePermission bp = mSettings.getPermissionLocked(permissionState.getName());
1545 if (bp != null) {
1546 permissionsState.revokeRuntimePermission(bp, userId);
1547 permissionsState.updatePermissionFlags(bp, userId,
1548 PackageManager.MASK_PERMISSION_FLAGS, 0);
1549 runtimePermissionChangedUserIds = ArrayUtils.appendInt(
1550 runtimePermissionChangedUserIds, userId);
1551 }
1552 }
1553 }
1554 }
1555
1556 return runtimePermissionChangedUserIds;
1557 }
1558
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1559 private String[] getAppOpPermissionPackages(String permName) {
1560 if (mPackageManagerInt.getInstantAppPackageName(Binder.getCallingUid()) != null) {
1561 return null;
1562 }
1563 synchronized (mLock) {
1564 final ArraySet<String> pkgs = mSettings.mAppOpPermissionPackages.get(permName);
1565 if (pkgs == null) {
1566 return null;
1567 }
1568 return pkgs.toArray(new String[pkgs.size()]);
1569 }
1570 }
1571
1572 private int getPermissionFlags(
1573 String permName, String packageName, int callingUid, int userId) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1574 if (!mUserManagerInt.exists(userId)) {
1575 return 0;
1576 }
1577
1578 enforceGrantRevokeRuntimePermissionPermissions("getPermissionFlags");
1579
1580 enforceCrossUserPermission(callingUid, userId,
1581 true /* requireFullPermission */, false /* checkShell */,
1582 "getPermissionFlags");
1583
1584 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
1585 if (pkg == null || pkg.mExtras == null) {
1586 return 0;
1587 }
1588 synchronized (mLock) {
1589 if (mSettings.getPermissionLocked(permName) == null) {
1590 return 0;
1591 }
1592 }
1593 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
1594 return 0;
1595 }
1596 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1597 PermissionsState permissionsState = ps.getPermissionsState();
1598 return permissionsState.getPermissionFlags(permName, userId);
1599 }
1600
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1601 private static final int UPDATE_PERMISSIONS_ALL = 1<<0;
1602 private static final int UPDATE_PERMISSIONS_REPLACE_PKG = 1<<1;
1603 private static final int UPDATE_PERMISSIONS_REPLACE_ALL = 1<<2;
1604
1605 private void updatePermissions(String packageName, PackageParser.Package pkg,
1606 boolean replaceGrant, Collection<PackageParser.Package> allPackages,
1607 PermissionCallback callback) {
1608 final int flags = (pkg != null ? UPDATE_PERMISSIONS_ALL : 0) |
1609 (replaceGrant ? UPDATE_PERMISSIONS_REPLACE_PKG : 0);
1610 updatePermissions(
1611 packageName, pkg, getVolumeUuidForPackage(pkg), flags, allPackages, callback);
1612 if (pkg != null && pkg.childPackages != null) {
1613 for (PackageParser.Package childPkg : pkg.childPackages) {
1614 updatePermissions(childPkg.packageName, childPkg,
1615 getVolumeUuidForPackage(childPkg), flags, allPackages, callback);
1616 }
1617 }
1618 }
1619
1620 private void updateAllPermissions(String volumeUuid, boolean sdkUpdated,
1621 Collection<PackageParser.Package> allPackages, PermissionCallback callback) {
1622 final int flags = UPDATE_PERMISSIONS_ALL |
1623 (sdkUpdated
1624 ? UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL
1625 : 0);
1626 updatePermissions(null, null, volumeUuid, flags, allPackages, callback);
1627 }
1628
1629 private void updatePermissions(String changingPkgName, PackageParser.Package changingPkg,
1630 String replaceVolumeUuid, int flags, Collection<PackageParser.Package> allPackages,
1631 PermissionCallback callback) {
1632 // TODO: Most of the methods exposing BasePermission internals [source package name,
1633 // etc..] shouldn't be needed. Instead, when we've parsed a permission that doesn't
1634 // have package settings, we should make note of it elsewhere [map between
1635 // source package name and BasePermission] and cycle through that here. Then we
1636 // define a single method on BasePermission that takes a PackageSetting, changing
1637 // package name and a package.
1638 // NOTE: With this approach, we also don't need to tree trees differently than
1639 // normal permissions. Today, we need two separate loops because these BasePermission
1640 // objects are stored separately.
1641 // Make sure there are no dangling permission trees.
1642 flags = updatePermissionTrees(changingPkgName, changingPkg, flags);
1643
1644 // Make sure all dynamic permissions have been assigned to a package,
1645 // and make sure there are no dangling permissions.
1646 flags = updatePermissions(changingPkgName, changingPkg, flags);
1647
1648 Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "grantPermissions");
1649 // Now update the permissions for all packages, in particular
1650 // replace the granted permissions of the system packages.
1651 if ((flags & UPDATE_PERMISSIONS_ALL) != 0) {
1652 for (PackageParser.Package pkg : allPackages) {
1653 if (pkg != changingPkg) {
1654 // Only replace for packages on requested volume
1655 final String volumeUuid = getVolumeUuidForPackage(pkg);
1656 final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_ALL) != 0)
1657 && Objects.equals(replaceVolumeUuid, volumeUuid);
1658 grantPermissions(pkg, replace, changingPkgName, callback);
1659 }
1660 }
1661 }
1662
1663 if (changingPkg != null) {
1664 // Only replace for packages on requested volume
1665 final String volumeUuid = getVolumeUuidForPackage(changingPkg);
1666 final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_PKG) != 0)
1667 && Objects.equals(replaceVolumeUuid, volumeUuid);
1668 grantPermissions(changingPkg, replace, changingPkgName, callback);
1669 }
1670 Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
1671 }
1672
1673 private int updatePermissions(String packageName, PackageParser.Package pkg, int flags) {
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1674 Set<BasePermission> needsUpdate = null;
1675 synchronized (mLock) {
1676 final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator();
1677 while (it.hasNext()) {
1678 final BasePermission bp = it.next();
1679 if (bp.isDynamic()) {
1680 bp.updateDynamicPermission(mSettings.mPermissionTrees.values());
1681 }
1682 if (bp.getSourcePackageSetting() != null) {
1683 if (packageName != null && packageName.equals(bp.getSourcePackageName())
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1684 && (pkg == null || !hasPermission(pkg, bp.getName()))) {
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1685 Slog.i(TAG, "Removing old permission tree: " + bp.getName()
1686 + " from package " + bp.getSourcePackageName());
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1687 flags |= UPDATE_PERMISSIONS_ALL;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1688 it.remove();
1689 }
1690 continue;
1691 }
1692 if (needsUpdate == null) {
1693 needsUpdate = new ArraySet<>(mSettings.mPermissions.size());
1694 }
1695 needsUpdate.add(bp);
1696 }
1697 }
1698 if (needsUpdate != null) {
1699 for (final BasePermission bp : needsUpdate) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1700 final PackageParser.Package sourcePkg =
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1701 mPackageManagerInt.getPackage(bp.getSourcePackageName());
1702 synchronized (mLock) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1703 if (sourcePkg != null && sourcePkg.mExtras != null) {
1704 final PackageSetting sourcePs = (PackageSetting) sourcePkg.mExtras;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1705 if (bp.getSourcePackageSetting() == null) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1706 bp.setSourcePackageSetting(sourcePs);
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1707 }
1708 continue;
1709 }
1710 Slog.w(TAG, "Removing dangling permission: " + bp.getName()
1711 + " from package " + bp.getSourcePackageName());
1712 mSettings.removePermissionLocked(bp.getName());
1713 }
1714 }
1715 }
1716 return flags;
1717 }
1718
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1719 private int updatePermissionTrees(String packageName, PackageParser.Package pkg,
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1720 int flags) {
1721 Set<BasePermission> needsUpdate = null;
1722 synchronized (mLock) {
1723 final Iterator<BasePermission> it = mSettings.mPermissionTrees.values().iterator();
1724 while (it.hasNext()) {
1725 final BasePermission bp = it.next();
1726 if (bp.getSourcePackageSetting() != null) {
1727 if (packageName != null && packageName.equals(bp.getSourcePackageName())
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1728 && (pkg == null || !hasPermission(pkg, bp.getName()))) {
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1729 Slog.i(TAG, "Removing old permission tree: " + bp.getName()
1730 + " from package " + bp.getSourcePackageName());
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1731 flags |= UPDATE_PERMISSIONS_ALL;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1732 it.remove();
1733 }
1734 continue;
1735 }
1736 if (needsUpdate == null) {
1737 needsUpdate = new ArraySet<>(mSettings.mPermissionTrees.size());
1738 }
1739 needsUpdate.add(bp);
1740 }
1741 }
1742 if (needsUpdate != null) {
1743 for (final BasePermission bp : needsUpdate) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1744 final PackageParser.Package sourcePkg =
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1745 mPackageManagerInt.getPackage(bp.getSourcePackageName());
1746 synchronized (mLock) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1747 if (sourcePkg != null && sourcePkg.mExtras != null) {
1748 final PackageSetting sourcePs = (PackageSetting) sourcePkg.mExtras;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1749 if (bp.getSourcePackageSetting() == null) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1750 bp.setSourcePackageSetting(sourcePs);
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1751 }
1752 continue;
1753 }
1754 Slog.w(TAG, "Removing dangling permission tree: " + bp.getName()
1755 + " from package " + bp.getSourcePackageName());
1756 mSettings.removePermissionLocked(bp.getName());
1757 }
1758 }
1759 }
1760 return flags;
1761 }
1762
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1763 private void updatePermissionFlags(String permName, String packageName, int flagMask,
1764 int flagValues, int callingUid, int userId, PermissionCallback callback) {
1765 if (!mUserManagerInt.exists(userId)) {
1766 return;
1767 }
1768
1769 enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags");
1770
1771 enforceCrossUserPermission(callingUid, userId,
1772 true /* requireFullPermission */, true /* checkShell */,
1773 "updatePermissionFlags");
1774
1775 // Only the system can change these flags and nothing else.
1776 if (callingUid != Process.SYSTEM_UID) {
1777 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1778 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1779 flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1780 flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1781 flagValues &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
1782 }
1783
1784 final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
1785 if (pkg == null || pkg.mExtras == null) {
1786 throw new IllegalArgumentException("Unknown package: " + packageName);
1787 }
1788 if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
1789 throw new IllegalArgumentException("Unknown package: " + packageName);
1790 }
1791
1792 final BasePermission bp;
1793 synchronized (mLock) {
1794 bp = mSettings.getPermissionLocked(permName);
1795 }
1796 if (bp == null) {
1797 throw new IllegalArgumentException("Unknown permission: " + permName);
1798 }
1799
1800 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1801 final PermissionsState permissionsState = ps.getPermissionsState();
1802 final boolean hadState =
1803 permissionsState.getRuntimePermissionState(permName, userId) != null;
1804 final boolean permissionUpdated =
1805 permissionsState.updatePermissionFlags(bp, userId, flagMask, flagValues);
1806 if (permissionUpdated && callback != null) {
1807 // Install and runtime permissions are stored in different places,
1808 // so figure out what permission changed and persist the change.
1809 if (permissionsState.getInstallPermissionState(permName) != null) {
1810 callback.onInstallPermissionUpdated();
1811 } else if (permissionsState.getRuntimePermissionState(permName, userId) != null
1812 || hadState) {
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1813 callback.onPermissionUpdated(new int[] { userId }, false);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1814 }
1815 }
1816 }
1817
1818 private boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid,
1819 int userId, Collection<Package> packages, PermissionCallback callback) {
1820 if (!mUserManagerInt.exists(userId)) {
1821 return false;
1822 }
1823
1824 enforceGrantRevokeRuntimePermissionPermissions(
1825 "updatePermissionFlagsForAllApps");
1826 enforceCrossUserPermission(callingUid, userId,
1827 true /* requireFullPermission */, true /* checkShell */,
1828 "updatePermissionFlagsForAllApps");
1829
1830 // Only the system can change system fixed flags.
1831 if (callingUid != Process.SYSTEM_UID) {
1832 flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1833 flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1834 }
1835
1836 boolean changed = false;
1837 for (PackageParser.Package pkg : packages) {
1838 final PackageSetting ps = (PackageSetting) pkg.mExtras;
1839 if (ps == null) {
1840 continue;
1841 }
1842 PermissionsState permissionsState = ps.getPermissionsState();
1843 changed |= permissionsState.updatePermissionFlagsForAllPermissions(
1844 userId, flagMask, flagValues);
1845 }
1846 return changed;
1847 }
1848
1849 private void enforceGrantRevokeRuntimePermissionPermissions(String message) {
1850 if (mContext.checkCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS)
1851 != PackageManager.PERMISSION_GRANTED
1852 && mContext.checkCallingOrSelfPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS)
1853 != PackageManager.PERMISSION_GRANTED) {
1854 throw new SecurityException(message + " requires "
1855 + Manifest.permission.GRANT_RUNTIME_PERMISSIONS + " or "
1856 + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS);
1857 }
1858 }
1859
1860 /**
1861 * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS
1862 * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller.
1863 * @param checkShell whether to prevent shell from access if there's a debugging restriction
1864 * @param message the message to log on security exception
1865 */
1866 private void enforceCrossUserPermission(int callingUid, int userId,
1867 boolean requireFullPermission, boolean checkShell, String message) {
1868 if (userId < 0) {
1869 throw new IllegalArgumentException("Invalid userId " + userId);
1870 }
1871 if (checkShell) {
1872 PackageManagerServiceUtils.enforceShellRestriction(
1873 UserManager.DISALLOW_DEBUGGING_FEATURES, callingUid, userId);
1874 }
1875 if (userId == UserHandle.getUserId(callingUid)) return;
1876 if (callingUid != Process.SYSTEM_UID && callingUid != 0) {
1877 if (requireFullPermission) {
1878 mContext.enforceCallingOrSelfPermission(
1879 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message);
1880 } else {
1881 try {
1882 mContext.enforceCallingOrSelfPermission(
1883 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message);
1884 } catch (SecurityException se) {
1885 mContext.enforceCallingOrSelfPermission(
1886 android.Manifest.permission.INTERACT_ACROSS_USERS, message);
1887 }
1888 }
1889 }
1890 }
1891
1892 private int calculateCurrentPermissionFootprintLocked(BasePermission tree) {
1893 int size = 0;
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1894 for (BasePermission perm : mSettings.mPermissions.values()) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1895 size += tree.calculateFootprint(perm);
1896 }
1897 return size;
1898 }
1899
1900 private void enforcePermissionCapLocked(PermissionInfo info, BasePermission tree) {
1901 // We calculate the max size of permissions defined by this uid and throw
1902 // if that plus the size of 'info' would exceed our stated maximum.
1903 if (tree.getUid() != Process.SYSTEM_UID) {
1904 final int curTreeSize = calculateCurrentPermissionFootprintLocked(tree);
1905 if (curTreeSize + info.calculateFootprint() > MAX_PERMISSION_TREE_FOOTPRINT) {
1906 throw new SecurityException("Permission tree size cap exceeded");
1907 }
1908 }
1909 }
1910
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1911 private void systemReady() {
1912 mSystemReady = true;
1913 if (mPrivappPermissionsViolations != null) {
1914 throw new IllegalStateException("Signature|privileged permissions not in "
1915 + "privapp-permissions whitelist: " + mPrivappPermissionsViolations);
1916 }
1917 }
1918
1919 private static String getVolumeUuidForPackage(PackageParser.Package pkg) {
1920 if (pkg == null) {
1921 return StorageManager.UUID_PRIVATE_INTERNAL;
1922 }
1923 if (pkg.isExternal()) {
1924 if (TextUtils.isEmpty(pkg.volumeUuid)) {
1925 return StorageManager.UUID_PRIMARY_PHYSICAL;
1926 } else {
1927 return pkg.volumeUuid;
1928 }
1929 } else {
1930 return StorageManager.UUID_PRIVATE_INTERNAL;
1931 }
1932 }
1933
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1934 private static boolean hasPermission(PackageParser.Package pkgInfo, String permName) {
1935 for (int i=pkgInfo.permissions.size()-1; i>=0; i--) {
1936 if (pkgInfo.permissions.get(i).info.name.equals(permName)) {
1937 return true;
1938 }
1939 }
1940 return false;
1941 }
1942
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1943 /**
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1944 * Log that a permission request was granted/revoked.
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1945 *
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1946 * @param action the action performed
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1947 * @param name name of the permission
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1948 * @param packageName package permission is for
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1949 */
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1950 private void logPermission(int action, @NonNull String name, @NonNull String packageName) {
1951 final LogMaker log = new LogMaker(action);
1952 log.setPackageName(packageName);
1953 log.addTaggedData(MetricsEvent.FIELD_PERMISSION, name);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1954
Philip P. Moltmann8cff8b92017-10-25 14:32:41 -0700[diff] [blame]1955 mMetricsLogger.write(log);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1956 }
1957
1958 private class PermissionManagerInternalImpl extends PermissionManagerInternal {
1959 @Override
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1960 public void systemReady() {
1961 PermissionManagerService.this.systemReady();
1962 }
1963 @Override
1964 public boolean isPermissionsReviewRequired(Package pkg, int userId) {
1965 return PermissionManagerService.this.isPermissionsReviewRequired(pkg, userId);
1966 }
1967 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1968 public void addAllPermissions(Package pkg, boolean chatty) {
1969 PermissionManagerService.this.addAllPermissions(pkg, chatty);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1970 }
1971 @Override
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]1972 public void addAllPermissionGroups(Package pkg, boolean chatty) {
1973 PermissionManagerService.this.addAllPermissionGroups(pkg, chatty);
1974 }
1975 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1976 public void removeAllPermissions(Package pkg, boolean chatty) {
1977 PermissionManagerService.this.removeAllPermissions(pkg, chatty);
1978 }
1979 @Override
1980 public boolean addDynamicPermission(PermissionInfo info, boolean async, int callingUid,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1981 PermissionCallback callback) {
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]1982 return PermissionManagerService.this.addDynamicPermission(info, callingUid, callback);
1983 }
1984 @Override
1985 public void removeDynamicPermission(String permName, int callingUid,
1986 PermissionCallback callback) {
1987 PermissionManagerService.this.removeDynamicPermission(permName, callingUid, callback);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]1988 }
1989 @Override
1990 public void grantRuntimePermission(String permName, String packageName,
1991 boolean overridePolicy, int callingUid, int userId,
1992 PermissionCallback callback) {
1993 PermissionManagerService.this.grantRuntimePermission(
1994 permName, packageName, overridePolicy, callingUid, userId, callback);
1995 }
1996 @Override
1997 public void grantRequestedRuntimePermissions(PackageParser.Package pkg, int[] userIds,
1998 String[] grantedPermissions, int callingUid, PermissionCallback callback) {
1999 PermissionManagerService.this.grantRequestedRuntimePermissions(
2000 pkg, userIds, grantedPermissions, callingUid, callback);
2001 }
2002 @Override
2003 public void grantRuntimePermissionsGrantedToDisabledPackage(PackageParser.Package pkg,
2004 int callingUid, PermissionCallback callback) {
2005 PermissionManagerService.this.grantRuntimePermissionsGrantedToDisabledPackageLocked(
2006 pkg, callingUid, callback);
2007 }
2008 @Override
2009 public void revokeRuntimePermission(String permName, String packageName,
2010 boolean overridePolicy, int callingUid, int userId,
2011 PermissionCallback callback) {
2012 PermissionManagerService.this.revokeRuntimePermission(permName, packageName,
2013 overridePolicy, callingUid, userId, callback);
2014 }
2015 @Override
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]2016 public void updatePermissions(String packageName, Package pkg, boolean replaceGrant,
2017 Collection<PackageParser.Package> allPackages, PermissionCallback callback) {
2018 PermissionManagerService.this.updatePermissions(
2019 packageName, pkg, replaceGrant, allPackages, callback);
2020 }
2021 @Override
2022 public void updateAllPermissions(String volumeUuid, boolean sdkUpdated,
2023 Collection<PackageParser.Package> allPackages, PermissionCallback callback) {
2024 PermissionManagerService.this.updateAllPermissions(
2025 volumeUuid, sdkUpdated, allPackages, callback);
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]2026 }
2027 @Override
Todd Kennedyc8423932017-10-05 08:58:36 -0700[diff] [blame]2028 public String[] getAppOpPermissionPackages(String permName) {
2029 return PermissionManagerService.this.getAppOpPermissionPackages(permName);
2030 }
2031 @Override
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]2032 public int getPermissionFlags(String permName, String packageName, int callingUid,
2033 int userId) {
2034 return PermissionManagerService.this.getPermissionFlags(permName, packageName,
2035 callingUid, userId);
2036 }
2037 @Override
2038 public void updatePermissionFlags(String permName, String packageName, int flagMask,
2039 int flagValues, int callingUid, int userId, PermissionCallback callback) {
2040 PermissionManagerService.this.updatePermissionFlags(
2041 permName, packageName, flagMask, flagValues, callingUid, userId, callback);
2042 }
2043 @Override
2044 public boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid,
2045 int userId, Collection<Package> packages, PermissionCallback callback) {
2046 return PermissionManagerService.this.updatePermissionFlagsForAllApps(
2047 flagMask, flagValues, callingUid, userId, packages, callback);
2048 }
2049 @Override
2050 public void enforceCrossUserPermission(int callingUid, int userId,
2051 boolean requireFullPermission, boolean checkShell, String message) {
2052 PermissionManagerService.this.enforceCrossUserPermission(callingUid, userId,
2053 requireFullPermission, checkShell, message);
2054 }
2055 @Override
2056 public void enforceGrantRevokeRuntimePermissionPermissions(String message) {
2057 PermissionManagerService.this.enforceGrantRevokeRuntimePermissionPermissions(message);
2058 }
2059 @Override
2060 public int checkPermission(String permName, String packageName, int callingUid,
2061 int userId) {
2062 return PermissionManagerService.this.checkPermission(
2063 permName, packageName, callingUid, userId);
2064 }
2065 @Override
Todd Kennedy3c714492017-10-27 09:12:50 -0700[diff] [blame]2066 public int checkUidPermission(String permName, PackageParser.Package pkg, int uid,
2067 int callingUid) {
2068 return PermissionManagerService.this.checkUidPermission(permName, pkg, uid, callingUid);
Todd Kennedy3bc94722017-10-10 09:55:53 -0700[diff] [blame]2069 }
2070 @Override
Todd Kennedy460f28c2017-10-06 13:46:22 -0700[diff] [blame]2071 public PermissionGroupInfo getPermissionGroupInfo(String groupName, int flags,
2072 int callingUid) {
2073 return PermissionManagerService.this.getPermissionGroupInfo(
2074 groupName, flags, callingUid);
2075 }
2076 @Override
2077 public List<PermissionGroupInfo> getAllPermissionGroups(int flags, int callingUid) {
2078 return PermissionManagerService.this.getAllPermissionGroups(flags, callingUid);
2079 }
2080 @Override
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]2081 public PermissionInfo getPermissionInfo(String permName, String packageName, int flags,
2082 int callingUid) {
2083 return PermissionManagerService.this.getPermissionInfo(
2084 permName, packageName, flags, callingUid);
2085 }
2086 @Override
2087 public List<PermissionInfo> getPermissionInfoByGroup(String group, int flags,
2088 int callingUid) {
2089 return PermissionManagerService.this.getPermissionInfoByGroup(group, flags, callingUid);
2090 }
2091 @Override
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]2092 public PermissionSettings getPermissionSettings() {
2093 return mSettings;
2094 }
2095 @Override
2096 public DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy() {
2097 return mDefaultPermissionGrantPolicy;
2098 }
2099 @Override
2100 public BasePermission getPermissionTEMP(String permName) {
2101 synchronized (PermissionManagerService.this.mLock) {
2102 return mSettings.getPermissionLocked(permName);
2103 }
2104 }
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]2105 }
2106}