1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.permission; 18 19 import android.Manifest; 20 import android.annotation.CallbackExecutor; 21 import android.annotation.NonNull; 22 import android.annotation.Nullable; 23 import android.annotation.RequiresPermission; 24 import android.annotation.SystemService; 25 import android.content.Context; 26 import android.content.pm.PackageManager; 27 import android.os.RemoteException; 28 import android.os.ServiceManager; 29 import android.os.UserHandle; 30 31 import com.android.internal.annotations.VisibleForTesting; 32 33 import java.util.concurrent.Executor; 34 import java.util.function.Consumer; 35 36 /** 37 * System level service for accessing the permission capabilities of the platform, version 2. 38 * 39 * @hide 40 */ 41 //@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) 42 @SystemService(Context.LEGACY_PERMISSION_SERVICE) 43 public final class LegacyPermissionManager { 44 private final ILegacyPermissionManager mLegacyPermissionManager; 45 46 /** 47 * Creates a new instance. 48 * 49 * @hide 50 */ LegacyPermissionManager()51 public LegacyPermissionManager() throws ServiceManager.ServiceNotFoundException { 52 this(ILegacyPermissionManager.Stub.asInterface(ServiceManager.getServiceOrThrow( 53 "legacy_permission"))); 54 } 55 56 /** 57 * Creates a new instance with the provided instantiation of the ILegacyPermissionManager. 58 * 59 * @param legacyPermissionManager injectable legacy permission manager service 60 * 61 * @hide 62 */ 63 @VisibleForTesting LegacyPermissionManager(@onNull ILegacyPermissionManager legacyPermissionManager)64 public LegacyPermissionManager(@NonNull ILegacyPermissionManager legacyPermissionManager) { 65 mLegacyPermissionManager = legacyPermissionManager; 66 } 67 68 /** 69 * Checks whether the package with the given pid/uid can read device identifiers. 70 * 71 * @param packageName the name of the package to be checked for identifier access 72 * @param message the message to be used for logging during identifier access 73 * verification 74 * @param callingFeatureId the feature in the package 75 * @param pid the process id of the package to be checked 76 * @param uid the uid of the package to be checked 77 * @return {@link PackageManager#PERMISSION_GRANTED} if the package is allowed identifier 78 * access, {@link PackageManager#PERMISSION_DENIED} otherwise 79 * @hide 80 */ 81 //@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) checkDeviceIdentifierAccess(@ullable String packageName, @Nullable String message, @Nullable String callingFeatureId, int pid, int uid)82 public int checkDeviceIdentifierAccess(@Nullable String packageName, @Nullable String message, 83 @Nullable String callingFeatureId, int pid, int uid) { 84 try { 85 return mLegacyPermissionManager.checkDeviceIdentifierAccess(packageName, message, 86 callingFeatureId, pid, uid); 87 } catch (RemoteException e) { 88 throw e.rethrowFromSystemServer(); 89 } 90 } 91 92 /** 93 * Checks whether the package with the given pid/uid can read the device phone number. 94 * 95 * @param packageName the name of the package to be checked for phone number access 96 * @param message the message to be used for logging during phone number access 97 * verification 98 * @param callingFeatureId the feature in the package 99 * @param pid the process id of the package to be checked 100 * @param uid the uid of the package to be checked 101 * @return <ul> 102 * <li>{@link PackageManager#PERMISSION_GRANTED} if the package is allowed phone number 103 * access</li> 104 * <li>{@link android.app.AppOpsManager#MODE_IGNORED} if the package does not have phone 105 * number access but for appcompat reasons this should be a silent failure (ie return empty 106 * or null data)</li> 107 * <li>{@link PackageManager#PERMISSION_DENIED} if the package does not have phone number 108 * access</li> 109 * </ul> 110 * @hide 111 */ checkPhoneNumberAccess(@ullable String packageName, @Nullable String message, @Nullable String callingFeatureId, int pid, int uid)112 public int checkPhoneNumberAccess(@Nullable String packageName, @Nullable String message, 113 @Nullable String callingFeatureId, int pid, int uid) { 114 try { 115 return mLegacyPermissionManager.checkPhoneNumberAccess(packageName, message, 116 callingFeatureId, pid, uid); 117 } catch (RemoteException e) { 118 throw e.rethrowFromSystemServer(); 119 } 120 } 121 122 /** 123 * Grant default permissions to currently active LUI app 124 * @param packageName The package name for the LUI app 125 * @param user The user handle 126 * @param executor The executor for the callback 127 * @param callback The callback provided by caller to be notified when grant completes 128 * @hide 129 */ 130 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToLuiApp( @onNull String packageName, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)131 public void grantDefaultPermissionsToLuiApp( 132 @NonNull String packageName, @NonNull UserHandle user, 133 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 134 try { 135 mLegacyPermissionManager.grantDefaultPermissionsToActiveLuiApp( 136 packageName, user.getIdentifier()); 137 executor.execute(() -> callback.accept(true)); 138 } catch (RemoteException e) { 139 e.rethrowFromSystemServer(); 140 } 141 } 142 143 /** 144 * Revoke default permissions to currently active LUI app 145 * @param packageNames The package names for the LUI apps 146 * @param user The user handle 147 * @param executor The executor for the callback 148 * @param callback The callback provided by caller to be notified when grant completes 149 * @hide 150 */ 151 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) revokeDefaultPermissionsFromLuiApps( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)152 public void revokeDefaultPermissionsFromLuiApps( 153 @NonNull String[] packageNames, @NonNull UserHandle user, 154 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 155 try { 156 mLegacyPermissionManager.revokeDefaultPermissionsFromLuiApps( 157 packageNames, user.getIdentifier()); 158 executor.execute(() -> callback.accept(true)); 159 } catch (RemoteException e) { 160 e.rethrowFromSystemServer(); 161 } 162 } 163 164 /** 165 * Grant default permissions to currently active Ims services 166 * @param packageNames The package names for the Ims services 167 * @param user The user handle 168 * @param executor The executor for the callback 169 * @param callback The callback provided by caller to be notified when grant completes 170 * @hide 171 */ 172 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToEnabledImsServices( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)173 public void grantDefaultPermissionsToEnabledImsServices( 174 @NonNull String[] packageNames, @NonNull UserHandle user, 175 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 176 try { 177 mLegacyPermissionManager.grantDefaultPermissionsToEnabledImsServices( 178 packageNames, user.getIdentifier()); 179 executor.execute(() -> callback.accept(true)); 180 } catch (RemoteException e) { 181 e.rethrowFromSystemServer(); 182 } 183 } 184 185 /** 186 * Grant default permissions to currently enabled telephony data services 187 * @param packageNames The package name for the services 188 * @param user The user handle 189 * @param executor The executor for the callback 190 * @param callback The callback provided by caller to be notified when grant completes 191 * @hide 192 */ 193 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToEnabledTelephonyDataServices( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)194 public void grantDefaultPermissionsToEnabledTelephonyDataServices( 195 @NonNull String[] packageNames, @NonNull UserHandle user, 196 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 197 try { 198 mLegacyPermissionManager.grantDefaultPermissionsToEnabledTelephonyDataServices( 199 packageNames, user.getIdentifier()); 200 executor.execute(() -> callback.accept(true)); 201 } catch (RemoteException e) { 202 e.rethrowFromSystemServer(); 203 } 204 } 205 206 /** 207 * Revoke default permissions to currently active telephony data services 208 * @param packageNames The package name for the services 209 * @param user The user handle 210 * @param executor The executor for the callback 211 * @param callback The callback provided by caller to be notified when revoke completes 212 * @hide 213 */ 214 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) revokeDefaultPermissionsFromDisabledTelephonyDataServices( @onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)215 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices( 216 @NonNull String[] packageNames, @NonNull UserHandle user, 217 @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { 218 try { 219 mLegacyPermissionManager.revokeDefaultPermissionsFromDisabledTelephonyDataServices( 220 packageNames, user.getIdentifier()); 221 executor.execute(() -> callback.accept(true)); 222 } catch (RemoteException e) { 223 e.rethrowFromSystemServer(); 224 } 225 } 226 227 /** 228 * Grant default permissions to currently enabled carrier apps 229 * @param packageNames Package names of the apps to be granted permissions 230 * @param user The user handle 231 * @param executor The executor for the callback 232 * @param callback The callback provided by caller to be notified when grant completes 233 * @hide 234 */ 235 @RequiresPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS) grantDefaultPermissionsToEnabledCarrierApps(@onNull String[] packageNames, @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback)236 public void grantDefaultPermissionsToEnabledCarrierApps(@NonNull String[] packageNames, 237 @NonNull UserHandle user, @NonNull @CallbackExecutor Executor executor, 238 @NonNull Consumer<Boolean> callback) { 239 try { 240 mLegacyPermissionManager.grantDefaultPermissionsToEnabledCarrierApps(packageNames, 241 user.getIdentifier()); 242 executor.execute(() -> callback.accept(true)); 243 } catch (RemoteException e) { 244 e.rethrowFromSystemServer(); 245 } 246 } 247 } 248