1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.permission; 18 19 import android.Manifest; 20 import android.annotation.CallbackExecutor; 21 import android.annotation.NonNull; 22 import android.annotation.Nullable; 23 import android.annotation.RequiresPermission; 24 import android.annotation.SystemService; 25 import android.annotation.UserIdInt; 26 import android.content.Context; 27 import android.content.pm.PackageManager; 28 import android.os.RemoteException; 29 import android.os.ServiceManager; 30 import android.os.UserHandle; 31 32 import com.android.internal.annotations.VisibleForTesting; 33 34 import java.util.concurrent.Executor; 35 import java.util.function.Consumer; 36 37 /** 38 * System level service for accessing the permission capabilities of the platform, version 2. 39 * 40 * @hide 41 */ 42 //@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) 43 @SystemService(Context.LEGACY_PERMISSION_SERVICE) 44 public final class LegacyPermissionManager { 45 private final ILegacyPermissionManager mLegacyPermissionManager; 46 47 /** 48 * Creates a new instance. 49 * 50 * @hide 51 */ LegacyPermissionManager()52 public LegacyPermissionManager() throws ServiceManager.ServiceNotFoundException { 53 this(ILegacyPermissionManager.Stub.asInterface(ServiceManager.getServiceOrThrow( 54 "legacy_permission"))); 55 } 56 57 /** 58 * Creates a new instance with the provided instantiation of the ILegacyPermissionManager. 59 * 60 * @param legacyPermissionManager injectable legacy permission manager service 61 * 62 * @hide 63 */ 64 @VisibleForTesting LegacyPermissionManager(@onNull ILegacyPermissionManager legacyPermissionManager)65 public LegacyPermissionManager(@NonNull ILegacyPermissionManager legacyPermissionManager) { 66 mLegacyPermissionManager = legacyPermissionManager; 67 } 68 69 /** 70 * Checks whether the package with the given pid/uid can read device identifiers. 71 * 72 * @param packageName the name of the package to be checked for identifier access 73 * @param message the message to be used for logging during identifier access 74 * verification 75 * @param callingFeatureId the feature in the package 76 * @param pid the process id of the package to be checked 77 * @param uid the uid of the package to be checked 78 * @return {@link PackageManager#PERMISSION_GRANTED} if the package is allowed identifier 79 * access, {@link PackageManager#PERMISSION_DENIED} otherwise 80 * @hide 81 */ 82 //@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) checkDeviceIdentifierAccess(@ullable String packageName, @Nullable String message, @Nullable String callingFeatureId, int pid, int uid)83 public int checkDeviceIdentifierAccess(@Nullable String packageName, @Nullable String message, 84 @Nullable String callingFeatureId, int pid, int uid) { 85 try { 86 return mLegacyPermissionManager.checkDeviceIdentifierAccess(packageName, message, 87 callingFeatureId, pid, uid); 88 } catch (RemoteException e) { 89 throw e.rethrowFromSystemServer(); 90 } 91 } 92 93 /** 94 * Checks whether the package with the given pid/uid can read the device phone number. 95 * 96 * @param packageName the name of the package to be checked for phone number access 97 * @param message the message to be used for logging during phone number access 98 * verification 99 * @param callingFeatureId the feature in the package 100 * @param pid the process id of the package to be checked 101 * @param uid the uid of the package to be checked 102 * @return <ul> 103 * <li>{@link PackageManager#PERMISSION_GRANTED} if the package is allowed phone number 104 * access</li> 105 * <li>{@link android.app.AppOpsManager#MODE_IGNORED} if the package does not have phone 106 * number access but for appcompat reasons this should be a silent failure (ie return empty 107 * or null data)</li> 108 * <li>{@link PackageManager#PERMISSION_DENIED} if the package does not have phone number 109 * access</li> 110 * </ul> 111 * @hide 112 */ checkPhoneNumberAccess(@ullable String packageName, @Nullable String message, @Nullable String callingFeatureId, int pid, int uid)113 public int checkPhoneNumberAccess(@Nullable String packageName, @Nullable String message, 114 @Nullable String callingFeatureId, int pid, int uid) { 115 try { 116 return mLegacyPermissionManager.checkPhoneNumberAccess(packageName, message, 117 callingFeatureId, pid, uid); 118 } catch (RemoteException e) { 119 throw e.rethrowFromSystemServer(); 120 } 121 } 122 123 /** 124 * Grant default permissions to currently active LUI app 125 * @param packageName The package name for the LUI app 126 * @param user The user handle 127 * @param executor The executor for the callback 128 * @param callback The callback provided by caller to be notified when grant completes 129 * @hide 130 */ 131 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToLuiApp( @onNull String packageName, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)132 public void grantDefaultPermissionsToLuiApp( 133 @NonNull String packageName, @NonNull UserHandle user, 134 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 135 try { 136 mLegacyPermissionManager.grantDefaultPermissionsToActiveLuiApp( 137 packageName, user.getIdentifier()); 138 executor.execute(() -> callback.accept(true)); 139 } catch (RemoteException e) { 140 e.rethrowFromSystemServer(); 141 } 142 } 143 144 /** 145 * Revoke default permissions to currently active LUI app 146 * @param packageNames The package names for the LUI apps 147 * @param user The user handle 148 * @param executor The executor for the callback 149 * @param callback The callback provided by caller to be notified when grant completes 150 * @hide 151 */ 152 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) revokeDefaultPermissionsFromLuiApps( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)153 public void revokeDefaultPermissionsFromLuiApps( 154 @NonNull String[] packageNames, @NonNull UserHandle user, 155 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 156 try { 157 mLegacyPermissionManager.revokeDefaultPermissionsFromLuiApps( 158 packageNames, user.getIdentifier()); 159 executor.execute(() -> callback.accept(true)); 160 } catch (RemoteException e) { 161 e.rethrowFromSystemServer(); 162 } 163 } 164 165 /** 166 * Grant default permissions to currently active Ims services 167 * @param packageNames The package names for the Ims services 168 * @param user The user handle 169 * @param executor The executor for the callback 170 * @param callback The callback provided by caller to be notified when grant completes 171 * @hide 172 */ 173 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToEnabledImsServices( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)174 public void grantDefaultPermissionsToEnabledImsServices( 175 @NonNull String[] packageNames, @NonNull UserHandle user, 176 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 177 try { 178 mLegacyPermissionManager.grantDefaultPermissionsToEnabledImsServices( 179 packageNames, user.getIdentifier()); 180 executor.execute(() -> callback.accept(true)); 181 } catch (RemoteException e) { 182 e.rethrowFromSystemServer(); 183 } 184 } 185 186 /** 187 * Grant default permissions to currently enabled telephony data services 188 * @param packageNames The package name for the services 189 * @param user The user handle 190 * @param executor The executor for the callback 191 * @param callback The callback provided by caller to be notified when grant completes 192 * @hide 193 */ 194 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToEnabledTelephonyDataServices( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)195 public void grantDefaultPermissionsToEnabledTelephonyDataServices( 196 @NonNull String[] packageNames, @NonNull UserHandle user, 197 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 198 try { 199 mLegacyPermissionManager.grantDefaultPermissionsToEnabledTelephonyDataServices( 200 packageNames, user.getIdentifier()); 201 executor.execute(() -> callback.accept(true)); 202 } catch (RemoteException e) { 203 e.rethrowFromSystemServer(); 204 } 205 } 206 207 /** 208 * Revoke default permissions to currently active telephony data services 209 * @param packageNames The package name for the services 210 * @param user The user handle 211 * @param executor The executor for the callback 212 * @param callback The callback provided by caller to be notified when revoke completes 213 * @hide 214 */ 215 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) revokeDefaultPermissionsFromDisabledTelephonyDataServices( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)216 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices( 217 @NonNull String[] packageNames, @NonNull UserHandle user, 218 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 219 try { 220 mLegacyPermissionManager.revokeDefaultPermissionsFromDisabledTelephonyDataServices( 221 packageNames, user.getIdentifier()); 222 executor.execute(() -> callback.accept(true)); 223 } catch (RemoteException e) { 224 e.rethrowFromSystemServer(); 225 } 226 } 227 228 /** 229 * Grant default permissions to currently enabled carrier apps 230 * @param packageNames Package names of the apps to be granted permissions 231 * @param user The user handle 232 * @param executor The executor for the callback 233 * @param callback The callback provided by caller to be notified when grant completes 234 * @hide 235 */ 236 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToEnabledCarrierApps(@onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)237 public void grantDefaultPermissionsToEnabledCarrierApps(@NonNull String[] packageNames, 238 @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, 239 @NonNull Consumer<Boolean> callback) { 240 try { 241 mLegacyPermissionManager.grantDefaultPermissionsToEnabledCarrierApps(packageNames, 242 user.getIdentifier()); 243 executor.execute(() -> callback.accept(true)); 244 } catch (RemoteException e) { 245 e.rethrowFromSystemServer(); 246 } 247 } 248 249 /** 250 * Grant permissions to a newly set Carrier Services app. 251 * @param packageName The newly set Carrier Services app 252 * @param userId The user for which to grant the permissions. 253 * @hide 254 */ grantDefaultPermissionsToCarrierServiceApp(@onNull String packageName, @UserIdInt int userId)255 public void grantDefaultPermissionsToCarrierServiceApp(@NonNull String packageName, 256 @UserIdInt int userId) { 257 try { 258 mLegacyPermissionManager.grantDefaultPermissionsToCarrierServiceApp(packageName, 259 userId); 260 } catch (RemoteException e) { 261 throw e.rethrowFromSystemServer(); 262 } 263 } 264 } 265