1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import android.annotation.AppIdInt; 20 import android.annotation.NonNull; 21 import android.annotation.Nullable; 22 import android.annotation.UserIdInt; 23 import android.content.pm.PackageManager; 24 import android.content.pm.PermissionGroupInfo; 25 import android.content.pm.PermissionInfo; 26 import android.content.pm.permission.SplitPermissionInfoParcelable; 27 import android.permission.IOnPermissionsChangeListener; 28 import android.permission.PermissionManager; 29 import android.permission.PermissionManagerInternal; 30 31 import com.android.server.pm.pkg.AndroidPackage; 32 import com.android.server.pm.pkg.PackageState; 33 34 import java.io.FileDescriptor; 35 import java.io.PrintWriter; 36 import java.util.List; 37 import java.util.Map; 38 import java.util.Set; 39 40 /** 41 * Interface for managing all permissions and handling permissions related tasks. 42 */ 43 public interface PermissionManagerServiceInterface extends PermissionManagerInternal { 44 /** 45 * Dump. 46 */ dump(FileDescriptor fd, PrintWriter pw, String[] args)47 void dump(FileDescriptor fd, PrintWriter pw, String[] args); 48 49 /** 50 * Retrieve all of the known permission groups in the system. 51 * 52 * @param flags additional option flags to modify the data returned 53 * @return a list of {@link PermissionGroupInfo} containing information about all of the known 54 * permission groups 55 */ getAllPermissionGroups( @ackageManager.PermissionGroupInfoFlags int flags)56 List<PermissionGroupInfo> getAllPermissionGroups( 57 @PackageManager.PermissionGroupInfoFlags int flags); 58 59 /** 60 * Retrieve all of the information we know about a particular group of permissions. 61 * 62 * @param groupName the fully qualified name (e.g. com.android.permission_group.APPS) of the 63 * permission you are interested in 64 * @param flags additional option flags to modify the data returned 65 * @return a {@link PermissionGroupInfo} containing information about the permission, or 66 * {@code null} if not found 67 */ getPermissionGroupInfo(String groupName, @PackageManager.PermissionGroupInfoFlags int flags)68 PermissionGroupInfo getPermissionGroupInfo(String groupName, 69 @PackageManager.PermissionGroupInfoFlags int flags); 70 71 /** 72 * Retrieve all of the information we know about a particular permission. 73 * 74 * @param permName the fully qualified name (e.g. com.android.permission.LOGIN) of the 75 * permission you are interested in 76 * @param flags additional option flags to modify the data returned 77 * @return a {@link PermissionInfo} containing information about the permission, or {@code null} 78 * if not found 79 */ getPermissionInfo(@onNull String permName, @PackageManager.PermissionInfoFlags int flags, @NonNull String opPackageName)80 PermissionInfo getPermissionInfo(@NonNull String permName, 81 @PackageManager.PermissionInfoFlags int flags, @NonNull String opPackageName); 82 83 /** 84 * Query for all of the permissions associated with a particular group. 85 * 86 * @param groupName the fully qualified name (e.g. com.android.permission.LOGIN) of the 87 * permission group you are interested in. Use {@code null} to find all of the 88 * permissions not associated with a group 89 * @param flags additional option flags to modify the data returned 90 * @return a list of {@link PermissionInfo} containing information about all of the permissions 91 * in the given group, or {@code null} if the group is not found 92 */ queryPermissionsByGroup(String groupName, @PackageManager.PermissionInfoFlags int flags)93 List<PermissionInfo> queryPermissionsByGroup(String groupName, 94 @PackageManager.PermissionInfoFlags int flags); 95 96 /** 97 * Add a new dynamic permission to the system. For this to work, your package must have defined 98 * a permission tree through the 99 * {@link android.R.styleable#AndroidManifestPermissionTree <permission-tree>} tag in its 100 * manifest. A package can only add permissions to trees that were defined by either its own 101 * package or another with the same user id; a permission is in a tree if it matches the name of 102 * the permission tree + ".": for example, "com.foo.bar" is a member of the permission tree 103 * "com.foo". 104 * <p> 105 * It is good to make your permission tree name descriptive, because you are taking possession 106 * of that entire set of permission names. Thus, it must be under a domain you control, with a 107 * suffix that will not match any normal permissions that may be declared in any applications 108 * that are part of that domain. 109 * <p> 110 * New permissions must be added before any .apks are installed that use those permissions. 111 * Permissions you add through this method are remembered across reboots of the device. If the 112 * given permission already exists, the info you supply here will be used to update it. 113 * 114 * @param info description of the permission to be added 115 * @param async whether the persistence of the permission should be asynchronous, allowing it to 116 * return quicker and batch a series of adds, at the expense of no guarantee the 117 * added permission will be retained if the device is rebooted before it is 118 * written. 119 * @return {@code true} if a new permission was created, {@code false} if an existing one was 120 * updated 121 * @throws SecurityException if you are not allowed to add the given permission name 122 * 123 * @see #removePermission(String) 124 */ addPermission(PermissionInfo info, boolean async)125 boolean addPermission(PermissionInfo info, boolean async); 126 127 /** 128 * Removes a permission that was previously added with 129 * {@link #addPermission(PermissionInfo, boolean)}. The same ownership rules apply -- you are 130 * only allowed to remove permissions that you are allowed to add. 131 * 132 * @param permName the name of the permission to remove 133 * @throws SecurityException if you are not allowed to remove the given permission name 134 * 135 * @see #addPermission(PermissionInfo, boolean) 136 */ removePermission(String permName)137 void removePermission(String permName); 138 139 /** 140 * Gets the state flags associated with a permission. 141 * 142 * @param packageName the package name for which to get the flags 143 * @param permName the permission for which to get the flags 144 * @param userId the user for which to get permission flags 145 * @return the permission flags 146 */ getPermissionFlags(String packageName, String permName, int userId)147 int getPermissionFlags(String packageName, String permName, int userId); 148 149 /** 150 * Updates the flags associated with a permission by replacing the flags in the specified mask 151 * with the provided flag values. 152 * 153 * @param packageName The package name for which to update the flags 154 * @param permName The permission for which to update the flags 155 * @param flagMask The flags which to replace 156 * @param flagValues The flags with which to replace 157 * @param userId The user for which to update the permission flags 158 */ updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int userId)159 void updatePermissionFlags(String packageName, String permName, int flagMask, 160 int flagValues, boolean checkAdjustPolicyFlagPermission, int userId); 161 162 /** 163 * Update the permission flags for all packages and runtime permissions of a user in order 164 * to allow device or profile owner to remove POLICY_FIXED. 165 */ updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId)166 void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId); 167 168 /** 169 * TODO: theianchen We should get rid of the IBinder interface which is an implementation detail 170 * 171 * Add a listener for permission changes for installed packages. 172 * @param listener the listener to add 173 */ addOnPermissionsChangeListener(IOnPermissionsChangeListener listener)174 void addOnPermissionsChangeListener(IOnPermissionsChangeListener listener); 175 176 /** 177 * Remove a listener for permission changes for installed packages. 178 * @param listener the listener to remove 179 */ removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener)180 void removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener); 181 182 /** 183 * addAllowlistedRestrictedPermission. TODO: theianchen add doc 184 */ addAllowlistedRestrictedPermission(@onNull String packageName, @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)185 boolean addAllowlistedRestrictedPermission(@NonNull String packageName, 186 @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, 187 @UserIdInt int userId); 188 189 /** 190 * Gets the restricted permissions that have been allowlisted and the app is allowed to have 191 * them granted in their full form. 192 * <p> 193 * Permissions can be hard restricted which means that the app cannot hold them or soft 194 * restricted where the app can hold the permission but in a weaker form. Whether a permission 195 * is {@link PermissionInfo#FLAG_HARD_RESTRICTED hard restricted} or 196 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED soft restricted} depends on the permission 197 * declaration. Allowlisting a hard restricted permission allows for the to hold that permission 198 * and allowlisting a soft restricted permission allows the app to hold the permission in its 199 * full, unrestricted form. 200 * <p> 201 * There are four allowlists: 202 * <ol> 203 * <li> 204 * One for cases where the system permission policy allowlists a permission. This list 205 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM} flag. Can only be 206 * accessed by pre-installed holders of a dedicated permission. 207 * <li> 208 * One for cases where the system allowlists the permission when upgrading from an OS version in 209 * which the permission was not restricted to an OS version in which the permission is 210 * restricted. This list corresponds to the 211 * {@link PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be accessed by 212 * pre-installed holders of a dedicated permission or the installer on record. 213 * <li> 214 * One for cases where the installer of the package allowlists a permission. This list 215 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER} flag. Can be 216 * accessed by pre-installed holders of a dedicated permission or the installer on record. 217 * </ol> 218 * 219 * @param packageName the app for which to get allowlisted permissions 220 * @param flags the flag to determine which allowlist to query. Only one flag can be 221 * passed. 222 * @return the allowlisted permissions that are on any of the allowlists you query for 223 * @throws SecurityException if you try to access a allowlist that you have no access to 224 * 225 * @see #addAllowlistedRestrictedPermission(String, String, int) 226 * @see #removeAllowlistedRestrictedPermission(String, String, int) 227 * @see PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM 228 * @see PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE 229 * @see PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER 230 */ getAllowlistedRestrictedPermissions(@onNull String packageName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)231 List<String> getAllowlistedRestrictedPermissions(@NonNull String packageName, 232 @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId); 233 234 /** 235 * Removes a allowlisted restricted permission for an app. 236 * <p> 237 * Permissions can be hard restricted which means that the app cannot hold them or soft 238 * restricted where the app can hold the permission but in a weaker form. Whether a permission 239 * is {@link PermissionInfo#FLAG_HARD_RESTRICTED hard restricted} or 240 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED soft restricted} depends on the permission 241 * declaration. Allowlisting a hard restricted permission allows for the to hold that permission 242 * and allowlisting a soft restricted permission allows the app to hold the permission in its 243 * full, unrestricted form. 244 * <p>There are four allowlists: 245 * <ol> 246 * <li> 247 * One for cases where the system permission policy allowlists a permission. This list 248 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM} flag. Can only be 249 * accessed by pre-installed holders of a dedicated permission. 250 * <li> 251 * One for cases where the system allowlists the permission when upgrading from an OS version in 252 * which the permission was not restricted to an OS version in which the permission is 253 * restricted. This list corresponds to the 254 * {@link PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be accessed by 255 * pre-installed holders of a dedicated permission or the installer on record. 256 * <li> 257 * One for cases where the installer of the package allowlists a permission. This list 258 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER} flag. Can be 259 * accessed by pre-installed holders of a dedicated permission or the installer on record. 260 * </ol> 261 * <p> 262 * You need to specify the allowlists for which to set the allowlisted permissions which will 263 * clear the previous allowlisted permissions and replace them with the provided ones. 264 * 265 * @param packageName the app for which to get allowlisted permissions 266 * @param permName the allowlisted permission to remove 267 * @param flags the allowlists from which to remove. Passing multiple flags updates all 268 * specified allowlists. 269 * @return whether the permission was removed from the allowlist 270 * @throws SecurityException if you try to modify a allowlist that you have no access to. 271 * 272 * @see #getAllowlistedRestrictedPermissions(String, int) 273 * @see #addAllowlistedRestrictedPermission(String, String, int) 274 * @see PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM 275 * @see PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE 276 * @see PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER 277 */ removeAllowlistedRestrictedPermission(@onNull String packageName, @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)278 boolean removeAllowlistedRestrictedPermission(@NonNull String packageName, 279 @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, 280 @UserIdInt int userId); 281 282 /** 283 * Grant a runtime permission to an application which the application does not already have. The 284 * permission must have been requested by the application. If the application is not allowed to 285 * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or 286 * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown. 287 * <p> 288 * <strong>Note: </strong>Using this API requires holding 289 * {@code android.permission.GRANT_RUNTIME_PERMISSIONS} and if the user ID is not the current 290 * user {@code android.permission.INTERACT_ACROSS_USERS_FULL}. 291 * 292 * @param packageName the package to which to grant the permission 293 * @param permName the permission name to grant 294 * @param userId the user for which to grant the permission 295 * 296 * @see #revokeRuntimePermission(String, String, android.os.UserHandle, String) 297 */ grantRuntimePermission(String packageName, String permName, int userId)298 void grantRuntimePermission(String packageName, String permName, int userId); 299 300 /** 301 * Revoke a runtime permission that was previously granted by 302 * {@link #grantRuntimePermission(String, String, android.os.UserHandle)}. The permission must 303 * have been requested by and granted to the application. If the application is not allowed to 304 * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or 305 * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown. 306 * <p> 307 * <strong>Note: </strong>Using this API requires holding 308 * {@code android.permission.REVOKE_RUNTIME_PERMISSIONS} and if the user ID is not the current 309 * user {@code android.permission.INTERACT_ACROSS_USERS_FULL}. 310 * 311 * @param packageName the package from which to revoke the permission 312 * @param permName the permission name to revoke 313 * @param userId the user for which to revoke the permission 314 * @param reason the reason for the revoke, or {@code null} for unspecified 315 * 316 * @see #grantRuntimePermission(String, String, android.os.UserHandle) 317 */ revokeRuntimePermission(String packageName, String permName, int userId, String reason)318 void revokeRuntimePermission(String packageName, String permName, int userId, 319 String reason); 320 321 /** 322 * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE 323 * USED in CTS or local tests. 324 * 325 * @param packageName The package to be revoked 326 * @param userId The user for which to revoke 327 */ revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId)328 void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId); 329 330 /** 331 * Get whether you should show UI with rationale for requesting a permission. You should do this 332 * only if you do not have the permission and the context in which the permission is requested 333 * does not clearly communicate to the user what would be the benefit from grating this 334 * permission. 335 * 336 * @param permName a permission your app wants to request 337 * @return whether you can show permission rationale UI 338 */ shouldShowRequestPermissionRationale(String packageName, String permName, @UserIdInt int userId)339 boolean shouldShowRequestPermissionRationale(String packageName, String permName, 340 @UserIdInt int userId); 341 342 /** 343 * Checks whether a particular permissions has been revoked for a package by policy. Typically 344 * the device owner or the profile owner may apply such a policy. The user cannot grant policy 345 * revoked permissions, hence the only way for an app to get such a permission is by a policy 346 * change. 347 * 348 * @param packageName the name of the package you are checking against 349 * @param permName the name of the permission you are checking for 350 * 351 * @return whether the permission is restricted by policy 352 */ isPermissionRevokedByPolicy(String packageName, String permName, int userId)353 boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId); 354 355 /** 356 * Get set of permissions that have been split into more granular or dependent permissions. 357 * 358 * <p>E.g. before {@link android.os.Build.VERSION_CODES#Q} an app that was granted 359 * {@link Manifest.permission#ACCESS_COARSE_LOCATION} could access the location while it was in 360 * foreground and background. On platforms after {@link android.os.Build.VERSION_CODES#Q} 361 * the location permission only grants location access while the app is in foreground. This 362 * would break apps that target before {@link android.os.Build.VERSION_CODES#Q}. Hence whenever 363 * such an old app asks for a location permission (i.e. the 364 * {@link PermissionManager.SplitPermissionInfo#getSplitPermission()}), then the 365 * {@link Manifest.permission#ACCESS_BACKGROUND_LOCATION} permission (inside 366 * {@link PermissionManager.SplitPermissionInfo#getNewPermissions}) is added. 367 * 368 * <p>Note: Regular apps do not have to worry about this. The platform and permission controller 369 * automatically add the new permissions where needed. 370 * 371 * @return All permissions that are split. 372 */ getSplitPermissions()373 List<SplitPermissionInfoParcelable> getSplitPermissions(); 374 375 /** 376 * TODO:theianchen add doc describing this is the old checkPermissionImpl 377 */ checkPermission(String pkgName, String permName, int userId)378 int checkPermission(String pkgName, String permName, int userId); 379 380 /** 381 * TODO:theianchen add doc describing this is the old checkUidPermissionImpl 382 */ checkUidPermission(int uid, String permName)383 int checkUidPermission(int uid, String permName); 384 385 /** 386 * Adds a listener for runtime permission state (permissions or flags) changes. 387 * 388 * @param listener The listener. 389 */ addOnRuntimePermissionStateChangedListener( @onNull PermissionManagerServiceInternal .OnRuntimePermissionStateChangedListener listener)390 void addOnRuntimePermissionStateChangedListener( 391 @NonNull PermissionManagerServiceInternal 392 .OnRuntimePermissionStateChangedListener listener); 393 394 /** 395 * Removes a listener for runtime permission state (permissions or flags) changes. 396 * 397 * @param listener The listener. 398 */ removeOnRuntimePermissionStateChangedListener( @onNull PermissionManagerServiceInternal .OnRuntimePermissionStateChangedListener listener)399 void removeOnRuntimePermissionStateChangedListener( 400 @NonNull PermissionManagerServiceInternal 401 .OnRuntimePermissionStateChangedListener listener); 402 403 /** 404 * Get all the package names requesting app op permissions. 405 * 406 * @return a map of app op permission names to package names requesting them 407 */ getAllAppOpPermissionPackages()408 Map<String, Set<String>> getAllAppOpPermissionPackages(); 409 410 /** 411 * Get whether permission review is required for a package. 412 * 413 * @param packageName the name of the package 414 * @param userId the user ID 415 * @return whether permission review is required 416 */ isPermissionsReviewRequired(@onNull String packageName, @UserIdInt int userId)417 boolean isPermissionsReviewRequired(@NonNull String packageName, 418 @UserIdInt int userId); 419 420 /** 421 * Reset the runtime permission state changes for a package. 422 * 423 * TODO(zhanghai): Turn this into package change callback? 424 * 425 * @param pkg the package 426 * @param userId the user ID 427 */ resetRuntimePermissions(@onNull AndroidPackage pkg, @UserIdInt int userId)428 void resetRuntimePermissions(@NonNull AndroidPackage pkg, 429 @UserIdInt int userId); 430 431 /** 432 * Reset the runtime permission state changes for all packages in a user. 433 * 434 * @param userId the user ID 435 */ resetRuntimePermissionsForUser(@serIdInt int userId)436 void resetRuntimePermissionsForUser(@UserIdInt int userId); 437 438 /** 439 * Read legacy permission state from package settings. 440 * 441 * TODO(zhanghai): This is a temporary method because we should not expose 442 * {@code PackageSetting} which is a implementation detail that permission should not know. 443 * Instead, it should retrieve the legacy state via a defined API. 444 */ readLegacyPermissionStateTEMP()445 void readLegacyPermissionStateTEMP(); 446 447 /** 448 * Write legacy permission state to package settings. 449 * 450 * TODO(zhanghai): This is a temporary method and should be removed once we migrated persistence 451 * for permission. 452 */ writeLegacyPermissionStateTEMP()453 void writeLegacyPermissionStateTEMP(); 454 455 /** 456 * Get all the permissions definitions from a package that's installed in the system. 457 * <p> 458 * A permission definition in a normal app may not be installed if it's overridden by the 459 * platform or system app that contains a conflicting definition after system upgrade. 460 * 461 * @param packageName the name of the package 462 * @return the names of the installed permissions 463 */ 464 @NonNull getInstalledPermissions(@onNull String packageName)465 Set<String> getInstalledPermissions(@NonNull String packageName); 466 467 /** 468 * Get all the permissions granted to a package. 469 * 470 * @param packageName the name of the package 471 * @param userId the user ID 472 * @return the names of the granted permissions 473 */ 474 @NonNull getGrantedPermissions(@onNull String packageName, @UserIdInt int userId)475 Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId); 476 477 /** 478 * Get the GIDs of a permission. 479 * 480 * @param permissionName the name of the permission 481 * @param userId the user ID 482 * @return the GIDs of the permission 483 */ 484 @NonNull getPermissionGids(@onNull String permissionName, @UserIdInt int userId)485 int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId); 486 487 /** 488 * Get the packages that have requested an app op permission. 489 * 490 * @param permissionName the name of the app op permission 491 * @return the names of the packages that have requested the app op permission 492 */ 493 @NonNull getAppOpPermissionPackages(@onNull String permissionName)494 String[] getAppOpPermissionPackages(@NonNull String permissionName); 495 496 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ 497 @Nullable getPermissionTEMP(@onNull String permName)498 Permission getPermissionTEMP(@NonNull String permName); 499 500 /** Get all permissions that have a certain protection */ 501 @NonNull getAllPermissionsWithProtection( @ermissionInfo.Protection int protection)502 List<PermissionInfo> getAllPermissionsWithProtection( 503 @PermissionInfo.Protection int protection); 504 505 /** Get all permissions that have certain protection flags */ getAllPermissionsWithProtectionFlags( @ermissionInfo.ProtectionFlags int protectionFlags)506 @NonNull List<PermissionInfo> getAllPermissionsWithProtectionFlags( 507 @PermissionInfo.ProtectionFlags int protectionFlags); 508 509 /** 510 * Get all the legacy permissions currently registered in the system. 511 * 512 * @return the legacy permissions 513 */ 514 @NonNull getLegacyPermissions()515 List<LegacyPermission> getLegacyPermissions(); 516 517 /** 518 * Get the legacy permission state of an app ID, either a package or a shared user. 519 * 520 * @param appId the app ID 521 * @return the legacy permission state 522 */ 523 @NonNull getLegacyPermissionState(@ppIdInt int appId)524 LegacyPermissionState getLegacyPermissionState(@AppIdInt int appId); 525 526 /** 527 * Read legacy permissions from legacy permission settings. 528 * 529 * TODO(zhanghai): This is a temporary method because we should not expose 530 * {@code LegacyPermissionSettings} which is a implementation detail that permission should not 531 * know. Instead, it should retrieve the legacy permissions via a defined API. 532 */ readLegacyPermissionsTEMP(@onNull LegacyPermissionSettings legacyPermissionSettings)533 void readLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); 534 535 /** 536 * Write legacy permissions to legacy permission settings. 537 * 538 * TODO(zhanghai): This is a temporary method and should be removed once we migrated persistence 539 * for permission. 540 */ writeLegacyPermissionsTEMP(@onNull LegacyPermissionSettings legacyPermissionSettings)541 void writeLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); 542 543 /** 544 * Callback when the system is ready. 545 */ onSystemReady()546 void onSystemReady(); 547 548 /** 549 * Callback when a storage volume is mounted, so that all packages on it become available. 550 * 551 * @param volumeUuid the UUID of the storage volume 552 * @param fingerprintChanged whether the current build fingerprint is different from what it was 553 * when this volume was last mounted 554 */ onStorageVolumeMounted(@onNull String volumeUuid, boolean fingerprintChanged)555 void onStorageVolumeMounted(@NonNull String volumeUuid, boolean fingerprintChanged); 556 557 /** 558 * Get the GIDs computed from the permission state of a UID, either a package or a shared user. 559 * 560 * @param uid the UID 561 * @return the GIDs for the UID 562 */ 563 @NonNull getGidsForUid(int uid)564 int[] getGidsForUid(int uid); 565 566 /** 567 * Callback when a user has been created. 568 * 569 * @param userId the created user ID 570 */ onUserCreated(@serIdInt int userId)571 void onUserCreated(@UserIdInt int userId); 572 573 /** 574 * Callback when a user has been removed. 575 * 576 * @param userId the removed user ID 577 */ onUserRemoved(@serIdInt int userId)578 void onUserRemoved(@UserIdInt int userId); 579 580 /** 581 * Callback when a package has been added. 582 * 583 * @param packageState the added package 584 * @param isInstantApp whether the added package is an instant app 585 * @param oldPkg the old package, or {@code null} if none 586 */ onPackageAdded(@onNull PackageState packageState, boolean isInstantApp, @Nullable AndroidPackage oldPkg)587 void onPackageAdded(@NonNull PackageState packageState, boolean isInstantApp, 588 @Nullable AndroidPackage oldPkg); 589 590 /** 591 * Callback when a package has been installed for a user. 592 * 593 * @param pkg the installed package 594 * @param previousAppId the previous app ID if the package is leaving a shared UID, 595 * or Process.INVALID_UID 596 * @param params the parameters passed in for package installation 597 * @param userId the user ID this package is installed for 598 */ onPackageInstalled(@onNull AndroidPackage pkg, int previousAppId, @NonNull PermissionManagerServiceInternal.PackageInstalledParams params, @UserIdInt int userId)599 void onPackageInstalled(@NonNull AndroidPackage pkg, int previousAppId, 600 @NonNull PermissionManagerServiceInternal.PackageInstalledParams params, 601 @UserIdInt int userId); 602 603 /** 604 * Callback when a package has been removed. 605 * 606 * @param pkg the removed package 607 */ onPackageRemoved(@onNull AndroidPackage pkg)608 void onPackageRemoved(@NonNull AndroidPackage pkg); 609 610 /** 611 * Callback when a package has been uninstalled. 612 * <p> 613 * The package may have been fully removed from the system, or only marked as uninstalled for 614 * this user but still installed for other users. 615 * 616 * @param packageName the name of the uninstalled package 617 * @param appId the app ID of the uninstalled package 618 * @param packageState the uninstalled package 619 * @param pkg the uninstalled package 620 * @param sharedUserPkgs the packages that are in the same shared user 621 * @param userId the user ID the package is uninstalled for 622 */ onPackageUninstalled(@onNull String packageName, int appId, @NonNull PackageState packageState, @NonNull AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId)623 void onPackageUninstalled(@NonNull String packageName, int appId, 624 @NonNull PackageState packageState, @NonNull AndroidPackage pkg, 625 @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId); 626 } 627