1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License
15  */
16 
17 package com.android.server.uri;
18 
19 import android.annotation.NonNull;
20 import android.annotation.Nullable;
21 import android.content.Intent;
22 import android.content.pm.ProviderInfo;
23 import android.net.Uri;
24 import android.os.IBinder;
25 import android.os.UserHandle;
26 
27 import java.io.PrintWriter;
28 
29 /**
30  * Uri Grants local system service interface.
31  * @hide Only for use within system server
32  */
33 public interface UriGrantsManagerInternal {
onSystemReady()34     void onSystemReady();
removeUriPermissionIfNeeded(UriPermission perm)35     void removeUriPermissionIfNeeded(UriPermission perm);
36 
revokeUriPermission(String targetPackage, int callingUid, GrantUri grantUri, final int modeFlags)37     void revokeUriPermission(String targetPackage, int callingUid,
38             GrantUri grantUri, final int modeFlags);
39 
checkUriPermission(GrantUri grantUri, int uid, final int modeFlags)40     boolean checkUriPermission(GrantUri grantUri, int uid, final int modeFlags);
checkGrantUriPermission( int callingUid, String targetPkg, Uri uri, int modeFlags, int userId)41     int checkGrantUriPermission(
42             int callingUid, String targetPkg, Uri uri, int modeFlags, int userId);
43 
44     /**
45      * Calculate the set of permission grants that would be needed to extend
46      * access for the given {@link Intent} to the given target package.
47      *
48      * @throws SecurityException if the caller doesn't have permission to the
49      *             {@link Intent} data, or if the underlying provider doesn't
50      *             allow permissions to be granted.
51      */
checkGrantUriPermissionFromIntent(Intent intent, int callingUid, String targetPkg, int targetUserId)52     NeededUriGrants checkGrantUriPermissionFromIntent(Intent intent, int callingUid,
53             String targetPkg, int targetUserId);
54 
55     /**
56      * Extend a previously calculated set of permissions grants to the given
57      * owner. All security checks will have already been performed as part of
58      * calculating {@link NeededUriGrants}.
59      */
grantUriPermissionUncheckedFromIntent( NeededUriGrants needed, UriPermissionOwner owner)60     void grantUriPermissionUncheckedFromIntent(
61             NeededUriGrants needed, UriPermissionOwner owner);
62 
63     /**
64      * Creates a new stateful object to track uri permission grants. This is needed to maintain
65      * state when managing grants via {@link UriGrantsManagerService#grantUriPermissionFromOwner},
66      * {@link #revokeUriPermissionFromOwner}, etc.
67      *
68      * @param name A name for the object. This is only used for logcat/dumpsys logging, so there
69      *             are no uniqueness or other requirements, but it is recommended to make the
70      *             name sufficiently readable so that the relevant code area can be determined
71      *             easily when this name shows up in a bug report.
72      * @return An opaque owner token for tracking uri permission grants.
73      * @see UriPermissionOwner
74      * @see UriGrantsManagerService
75      */
newUriPermissionOwner(String name)76     IBinder newUriPermissionOwner(String name);
77 
78     /**
79      * Remove any {@link UriPermission} granted <em>from</em> or <em>to</em> the
80      * given package.
81      *
82      * @param packageName Package name to match, or {@code null} to apply to all
83      *            packages.
84      * @param userHandle User to match, or {@link UserHandle#USER_ALL} to apply
85      *            to all users.
86      * @param persistable If persistable grants should be removed.
87      * @param targetOnly When {@code true}, only remove permissions where the app is the target,
88      * not source.
89      */
removeUriPermissionsForPackage( String packageName, int userHandle, boolean persistable, boolean targetOnly)90     void removeUriPermissionsForPackage(
91             String packageName, int userHandle, boolean persistable, boolean targetOnly);
92 
93     /**
94      * Like {@link #revokeUriPermissionFromOwner(IBinder, Uri, int, int, String, int)} but applies
95      * to all target packages and all target users.
96      */
revokeUriPermissionFromOwner(@onNull IBinder token, @Nullable Uri uri, int mode, int userId)97     void revokeUriPermissionFromOwner(@NonNull IBinder token, @Nullable Uri uri, int mode,
98             int userId);
99 
100     /**
101      * Remove any {@link UriPermission} associated with the owner whose values match the given
102      * filtering parameters.
103      *
104      * @param token An opaque owner token as returned by {@link #newUriPermissionOwner(String)}.
105      * @param uri The content uri for which the permission grant should be revoked. This uri
106      *            must NOT contain an embedded userId; use
107      *            {@link android.content.ContentProvider#getUriWithoutUserId(Uri)} if needed.
108      *            This param may be {@code null} to revoke grants for all uris tracked by the
109      *            provided owner token.
110      * @param mode The modes (as a bitmask) to revoke. See
111      *             {@link Intent#FLAG_GRANT_READ_URI_PERMISSION}, etc.
112      * @param userId The userId in which the given uri is to be resolved. If the {@code uri}
113      *               param is {@code null}, this param is ignored since permissions for all
114      *               uris will be revoked.
115      * @param targetPkg Target package name to match (app that received the grant), or
116      *                  {@code null} to apply to all packages.
117      * @param targetUserId Target user to match (userId of the app that received the grant), or
118      *                     {@link UserHandle#USER_ALL} to apply to all users.
119      */
revokeUriPermissionFromOwner(@onNull IBinder token, @Nullable Uri uri, int mode, int userId, @Nullable String targetPkg, int targetUserId)120     void revokeUriPermissionFromOwner(@NonNull IBinder token, @Nullable Uri uri, int mode,
121             int userId, @Nullable String targetPkg, int targetUserId);
122 
checkAuthorityGrants( int callingUid, ProviderInfo cpi, int userId, boolean checkUser)123     boolean checkAuthorityGrants(
124             int callingUid, ProviderInfo cpi, int userId, boolean checkUser);
125 
dump(PrintWriter pw, boolean dumpAll, String dumpPackage)126     void dump(PrintWriter pw, boolean dumpAll, String dumpPackage);
127 }
128