1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.permission.access.permission 18 19 import android.content.pm.PermissionInfo 20 import android.os.UserHandle 21 import com.android.server.permission.access.util.hasBits 22 import libcore.util.EmptyArray 23 24 data class Permission( 25 val permissionInfo: PermissionInfo, 26 val isReconciled: Boolean, 27 val type: Int, 28 val appId: Int, 29 @Suppress("ArrayInDataClass") 30 val gids: IntArray = EmptyArray.INT, 31 val areGidsPerUser: Boolean = false 32 ) { 33 inline val name: String 34 get() = permissionInfo.name 35 36 inline val packageName: String 37 get() = permissionInfo.packageName 38 39 inline val groupName: String? 40 get() = permissionInfo.group 41 42 inline val isDynamic: Boolean 43 get() = type == TYPE_DYNAMIC 44 45 inline val protectionLevel: Int 46 @Suppress("DEPRECATION") 47 get() = permissionInfo.protectionLevel 48 49 inline val protection: Int 50 get() = permissionInfo.protection 51 52 inline val isInternal: Boolean 53 get() = protection == PermissionInfo.PROTECTION_INTERNAL 54 55 inline val isNormal: Boolean 56 get() = protection == PermissionInfo.PROTECTION_NORMAL 57 58 inline val isRuntime: Boolean 59 get() = protection == PermissionInfo.PROTECTION_DANGEROUS 60 61 inline val isSignature: Boolean 62 get() = protection == PermissionInfo.PROTECTION_SIGNATURE 63 64 inline val protectionFlags: Int 65 get() = permissionInfo.protectionFlags 66 67 inline val isAppOp: Boolean 68 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP) 69 70 inline val isAppPredictor: Boolean 71 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR) 72 73 inline val isCompanion: Boolean 74 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION) 75 76 inline val isConfigurator: Boolean 77 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR) 78 79 inline val isDevelopment: Boolean 80 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) 81 82 inline val isIncidentReportApprover: Boolean 83 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER) 84 85 inline val isInstaller: Boolean 86 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER) 87 88 inline val isInstant: Boolean 89 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT) 90 91 inline val isKnownSigner: Boolean 92 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER) 93 94 inline val isModule: Boolean 95 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_MODULE) 96 97 inline val isOem: Boolean 98 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM) 99 100 inline val isPre23: Boolean 101 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23) 102 103 inline val isPreInstalled: Boolean 104 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED) 105 106 inline val isPrivileged: Boolean 107 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED) 108 109 inline val isRecents: Boolean 110 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS) 111 112 inline val isRetailDemo: Boolean 113 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO) 114 115 inline val isRole: Boolean 116 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE) 117 118 inline val isRuntimeOnly: Boolean 119 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) 120 121 inline val isSetup: Boolean 122 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP) 123 124 inline val isSystemTextClassifier: Boolean 125 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) 126 127 inline val isVendorPrivileged: Boolean 128 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED) 129 130 inline val isVerifier: Boolean 131 get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER) 132 133 inline val isHardRestricted: Boolean 134 get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_HARD_RESTRICTED) 135 136 inline val isRemoved: Boolean 137 get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_REMOVED) 138 139 inline val isSoftRestricted: Boolean 140 get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_SOFT_RESTRICTED) 141 142 inline val isHardOrSoftRestricted: Boolean 143 get() = permissionInfo.flags.hasBits( 144 PermissionInfo.FLAG_HARD_RESTRICTED or PermissionInfo.FLAG_SOFT_RESTRICTED 145 ) 146 147 inline val isImmutablyRestricted: Boolean 148 get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_IMMUTABLY_RESTRICTED) 149 150 inline val knownCerts: Set<String> 151 get() = permissionInfo.knownCerts 152 153 inline val hasGids: Boolean 154 get() = gids.isNotEmpty() 155 156 inline val footprint: Int 157 get() = name.length + permissionInfo.calculateFootprint() 158 159 fun getGidsForUser(userId: Int): IntArray = 160 if (areGidsPerUser) { 161 IntArray(gids.size) { i -> UserHandle.getUid(userId, gids[i]) } 162 } else { 163 gids.copyOf() 164 } 165 166 companion object { 167 // The permission is defined in an application manifest. 168 const val TYPE_MANIFEST = 0 169 // The permission is defined in a system config. 170 const val TYPE_CONFIG = 1 171 // The permission is defined dynamically. 172 const val TYPE_DYNAMIC = 2 173 } 174 } 175