| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package android.permission; |
| |
| import static android.permission.PermissionControllerService.SERVICE_INTERFACE; |
| |
| import static com.android.internal.util.FunctionalUtils.uncheckExceptions; |
| import static com.android.internal.util.Preconditions.checkArgumentNonnegative; |
| import static com.android.internal.util.Preconditions.checkCollectionElementsNotNull; |
| import static com.android.internal.util.Preconditions.checkFlagsArgument; |
| import static com.android.internal.util.Preconditions.checkNotNull; |
| import static com.android.internal.util.Preconditions.checkStringNotEmpty; |
| |
| import android.Manifest; |
| import android.annotation.CallbackExecutor; |
| import android.annotation.IntDef; |
| import android.annotation.NonNull; |
| import android.annotation.Nullable; |
| import android.annotation.RequiresPermission; |
| import android.annotation.SystemApi; |
| import android.annotation.SystemService; |
| import android.annotation.TestApi; |
| import android.app.ActivityThread; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.pm.PackageManager; |
| import android.content.pm.ResolveInfo; |
| import android.os.Binder; |
| import android.os.Build; |
| import android.os.Bundle; |
| import android.os.Handler; |
| import android.os.Process; |
| import android.os.UserHandle; |
| import android.util.ArrayMap; |
| import android.util.Log; |
| import android.util.Pair; |
| |
| import com.android.internal.annotations.GuardedBy; |
| import com.android.internal.infra.AndroidFuture; |
| import com.android.internal.infra.RemoteStream; |
| import com.android.internal.infra.ServiceConnector; |
| import com.android.internal.os.BackgroundThread; |
| import com.android.internal.util.CollectionUtils; |
| |
| import libcore.util.EmptyArray; |
| |
| import java.io.FileDescriptor; |
| import java.lang.annotation.Retention; |
| import java.lang.annotation.RetentionPolicy; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Collections; |
| import java.util.List; |
| import java.util.Map; |
| import java.util.Objects; |
| import java.util.concurrent.Executor; |
| import java.util.concurrent.TimeUnit; |
| import java.util.function.Consumer; |
| import java.util.function.IntConsumer; |
| |
| /** |
| * Interface for communicating with the permission controller. |
| * |
| * @hide |
| */ |
| @SystemApi |
| @SystemService(Context.PERMISSION_CONTROLLER_SERVICE) |
| public final class PermissionControllerManager { |
| private static final String TAG = PermissionControllerManager.class.getSimpleName(); |
| |
| private static final long REQUEST_TIMEOUT_MILLIS = 60000L * Build.HW_TIMEOUT_MULTIPLIER; |
| private static final long UNBIND_TIMEOUT_MILLIS = 10000L * Build.HW_TIMEOUT_MULTIPLIER; |
| private static final int CHUNK_SIZE = 4 * 1024; |
| |
| private static final Object sLock = new Object(); |
| |
| /** |
| * Global remote services (per user) used by all {@link PermissionControllerManager managers} |
| */ |
| @GuardedBy("sLock") |
| private static ArrayMap<Pair<Integer, Thread>, ServiceConnector<IPermissionController>> |
| sRemoteServices = new ArrayMap<>(1); |
| |
| /** @hide */ |
| @IntDef(prefix = { "REASON_" }, value = { |
| REASON_MALWARE, |
| REASON_INSTALLER_POLICY_VIOLATION, |
| }) |
| @Retention(RetentionPolicy.SOURCE) |
| public @interface Reason {} |
| |
| /** The permissions are revoked because the apps holding the permissions are malware */ |
| public static final int REASON_MALWARE = 1; |
| |
| /** |
| * The permissions are revoked because the apps holding the permissions violate a policy of the |
| * app that installed it. |
| * |
| * <p>If this reason is used only permissions of apps that are installed by the caller of the |
| * API can be revoked. |
| */ |
| public static final int REASON_INSTALLER_POLICY_VIOLATION = 2; |
| |
| /** @hide */ |
| @IntDef(prefix = { "COUNT_" }, value = { |
| COUNT_ONLY_WHEN_GRANTED, |
| COUNT_WHEN_SYSTEM, |
| }, flag = true) |
| @Retention(RetentionPolicy.SOURCE) |
| public @interface CountPermissionAppsFlag {} |
| |
| /** Count an app only if the permission is granted to the app. */ |
| public static final int COUNT_ONLY_WHEN_GRANTED = 1; |
| |
| /** Count and app even if it is a system app. */ |
| public static final int COUNT_WHEN_SYSTEM = 2; |
| |
| /** @hide */ |
| @IntDef(prefix = { "HIBERNATION_ELIGIBILITY_"}, value = { |
| HIBERNATION_ELIGIBILITY_UNKNOWN, |
| HIBERNATION_ELIGIBILITY_ELIGIBLE, |
| HIBERNATION_ELIGIBILITY_EXEMPT_BY_SYSTEM, |
| HIBERNATION_ELIGIBILITY_EXEMPT_BY_USER, |
| }) |
| @Retention(RetentionPolicy.SOURCE) |
| public @interface HibernationEligibilityFlag {} |
| |
| /** |
| * Unknown whether package is eligible for hibernation. |
| * |
| * @hide |
| */ |
| @SystemApi |
| public static final int HIBERNATION_ELIGIBILITY_UNKNOWN = -1; |
| |
| /** |
| * Package is eligible for app hibernation and may be hibernated when the job runs. |
| * |
| * @hide |
| */ |
| @SystemApi |
| public static final int HIBERNATION_ELIGIBILITY_ELIGIBLE = 0; |
| |
| /** |
| * Package is not eligible for app hibernation because it is categorically exempt via the |
| * system. |
| * |
| * @hide |
| */ |
| @SystemApi |
| public static final int HIBERNATION_ELIGIBILITY_EXEMPT_BY_SYSTEM = 1; |
| |
| /** |
| * Package is not eligible for app hibernation because it has been exempt by the user's |
| * preferences. Note that this should not be set if the package is exempt from hibernation by |
| * the system as the user preference would have no effect. |
| * |
| * @hide |
| */ |
| @SystemApi |
| public static final int HIBERNATION_ELIGIBILITY_EXEMPT_BY_USER = 2; |
| |
| /** |
| * Callback for delivering the result of {@link #revokeRuntimePermissions}. |
| */ |
| public abstract static class OnRevokeRuntimePermissionsCallback { |
| /** |
| * The result for {@link #revokeRuntimePermissions}. |
| * |
| * @param revoked The actually revoked permissions as |
| * {@code Map<packageName, List<permission>>} |
| */ |
| public abstract void onRevokeRuntimePermissions(@NonNull Map<String, List<String>> revoked); |
| } |
| |
| /** |
| * Callback for delivering the result of {@link #getAppPermissions}. |
| * |
| * @hide |
| */ |
| @TestApi |
| public interface OnGetAppPermissionResultCallback { |
| /** |
| * The result for {@link #getAppPermissions(String, OnGetAppPermissionResultCallback, |
| * Handler)}. |
| * |
| * @param permissions The permissions list. |
| */ |
| void onGetAppPermissions(@NonNull List<RuntimePermissionPresentationInfo> permissions); |
| } |
| |
| /** |
| * Callback for delivering the result of {@link #countPermissionApps}. |
| * |
| * @hide |
| */ |
| @TestApi |
| public interface OnCountPermissionAppsResultCallback { |
| /** |
| * The result for {@link #countPermissionApps(List, int, |
| * OnCountPermissionAppsResultCallback, Handler)}. |
| * |
| * @param numApps The number of apps that have one of the permissions |
| */ |
| void onCountPermissionApps(int numApps); |
| } |
| |
| /** |
| * Callback for delivering the result of {@link #getPermissionUsages}. |
| * |
| * @hide |
| */ |
| public interface OnPermissionUsageResultCallback { |
| /** |
| * The result for {@link #getPermissionUsages}. |
| * |
| * @param users The users list. |
| */ |
| void onPermissionUsageResult(@NonNull List<RuntimePermissionUsageInfo> users); |
| } |
| |
| private final @NonNull Context mContext; |
| private final @NonNull ServiceConnector<IPermissionController> mRemoteService; |
| private final @NonNull Handler mHandler; |
| |
| /** |
| * Create a new {@link PermissionControllerManager}. |
| * |
| * @param context to create the manager for |
| * @param handler handler to schedule work |
| * |
| * @hide |
| */ |
| public PermissionControllerManager(@NonNull Context context, @NonNull Handler handler) { |
| synchronized (sLock) { |
| Pair<Integer, Thread> key = new Pair<>(context.getUserId(), |
| handler.getLooper().getThread()); |
| ServiceConnector<IPermissionController> remoteService = sRemoteServices.get(key); |
| if (remoteService == null) { |
| Intent intent = new Intent(SERVICE_INTERFACE); |
| String pkgName = context.getPackageManager().getPermissionControllerPackageName(); |
| intent.setPackage(pkgName); |
| ResolveInfo serviceInfo = context.getPackageManager().resolveService(intent, 0); |
| if (serviceInfo == null) { |
| String errorMsg = "No PermissionController package (" + pkgName + ") for user " |
| + context.getUserId(); |
| Log.wtf(TAG, errorMsg); |
| throw new IllegalStateException(errorMsg); |
| } |
| remoteService = new ServiceConnector.Impl<IPermissionController>( |
| ActivityThread.currentApplication() /* context */, |
| new Intent(SERVICE_INTERFACE) |
| .setComponent(serviceInfo.getComponentInfo().getComponentName()), |
| 0 /* bindingFlags */, context.getUserId(), |
| IPermissionController.Stub::asInterface) { |
| |
| @Override |
| protected Handler getJobHandler() { |
| return handler; |
| } |
| |
| @Override |
| protected long getRequestTimeoutMs() { |
| return REQUEST_TIMEOUT_MILLIS; |
| } |
| |
| @Override |
| protected long getAutoDisconnectTimeoutMs() { |
| return UNBIND_TIMEOUT_MILLIS; |
| } |
| }; |
| sRemoteServices.put(key, remoteService); |
| } |
| |
| mRemoteService = remoteService; |
| } |
| |
| mContext = context; |
| mHandler = handler; |
| } |
| |
| /** |
| * Throw a {@link SecurityException} if not at least one of the permissions is granted. |
| * |
| * @param requiredPermissions A list of permissions. Any of of them if sufficient to pass the |
| * check |
| */ |
| private void enforceSomePermissionsGrantedToSelf(@NonNull String... requiredPermissions) { |
| for (String requiredPermission : requiredPermissions) { |
| if (mContext.checkSelfPermission(requiredPermission) |
| == PackageManager.PERMISSION_GRANTED) { |
| return; |
| } |
| } |
| |
| throw new SecurityException("At lest one of the following permissions is required: " |
| + Arrays.toString(requiredPermissions)); |
| } |
| |
| /** |
| * Revoke a set of runtime permissions for various apps. |
| * |
| * @param request The permissions to revoke as {@code Map<packageName, List<permission>>} |
| * @param doDryRun Compute the permissions that would be revoked, but not actually revoke them |
| * @param reason Why the permission should be revoked |
| * @param executor Executor on which to invoke the callback |
| * @param callback Callback to receive the result |
| */ |
| @RequiresPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) |
| public void revokeRuntimePermissions(@NonNull Map<String, List<String>> request, |
| boolean doDryRun, @Reason int reason, @NonNull @CallbackExecutor Executor executor, |
| @NonNull OnRevokeRuntimePermissionsCallback callback) { |
| // Check input to fail immediately instead of inside the async request |
| checkNotNull(executor); |
| checkNotNull(callback); |
| checkNotNull(request); |
| for (Map.Entry<String, List<String>> appRequest : request.entrySet()) { |
| checkNotNull(appRequest.getKey()); |
| checkCollectionElementsNotNull(appRequest.getValue(), "permissions"); |
| } |
| |
| // Check required permission to fail immediately instead of inside the oneway binder call |
| enforceSomePermissionsGrantedToSelf(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS); |
| |
| mRemoteService.postAsync(service -> { |
| Bundle bundledizedRequest = new Bundle(); |
| for (Map.Entry<String, List<String>> appRequest : request.entrySet()) { |
| bundledizedRequest.putStringArrayList(appRequest.getKey(), |
| new ArrayList<>(appRequest.getValue())); |
| } |
| |
| AndroidFuture<Map<String, List<String>>> revokeRuntimePermissionsResult = |
| new AndroidFuture<>(); |
| service.revokeRuntimePermissions(bundledizedRequest, doDryRun, reason, |
| mContext.getPackageName(), |
| revokeRuntimePermissionsResult); |
| return revokeRuntimePermissionsResult; |
| }).whenCompleteAsync((revoked, err) -> { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| if (err != null) { |
| Log.e(TAG, "Failure when revoking runtime permissions " + revoked, err); |
| callback.onRevokeRuntimePermissions(Collections.emptyMap()); |
| } else { |
| callback.onRevokeRuntimePermissions(revoked); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| }, executor); |
| } |
| |
| /** |
| * Set the runtime permission state from a device admin. |
| * This variant takes into account whether the admin may or may not grant sensors-related |
| * permissions. |
| * |
| * @param callerPackageName The package name of the admin requesting the change |
| * @param params Information about the permission being granted. |
| * @param executor Executor to run the {@code callback} on |
| * @param callback The callback |
| * |
| * @hide |
| */ |
| @RequiresPermission(allOf = {Manifest.permission.GRANT_RUNTIME_PERMISSIONS, |
| Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, |
| Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY}, |
| conditional = true) |
| public void setRuntimePermissionGrantStateByDeviceAdmin(@NonNull String callerPackageName, |
| @NonNull AdminPermissionControlParams params, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull Consumer<Boolean> callback) { |
| checkStringNotEmpty(callerPackageName); |
| Objects.requireNonNull(executor); |
| Objects.requireNonNull(callback); |
| Objects.requireNonNull(params, "Admin control params must not be null."); |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Boolean> setRuntimePermissionGrantStateResult = new AndroidFuture<>(); |
| service.setRuntimePermissionGrantStateByDeviceAdminFromParams( |
| callerPackageName, params, |
| setRuntimePermissionGrantStateResult); |
| return setRuntimePermissionGrantStateResult; |
| }).whenCompleteAsync((setRuntimePermissionGrantStateResult, err) -> { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| if (err != null) { |
| Log.e(TAG, |
| "Error setting permissions state for device admin " |
| + callerPackageName, err); |
| callback.accept(false); |
| } else { |
| callback.accept(Boolean.TRUE.equals(setRuntimePermissionGrantStateResult)); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| }, executor); |
| } |
| |
| /** |
| * Create a backup of the runtime permissions. |
| * |
| * @param user The user to be backed up |
| * @param executor Executor on which to invoke the callback |
| * @param callback Callback to receive the result. The resulting backup-file is opaque and no |
| * guarantees are made other than that the file can be send to |
| * {@link #restoreRuntimePermissionBackup} in this and future versions of |
| * Android. |
| */ |
| @RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSIONS) |
| public void getRuntimePermissionBackup(@NonNull UserHandle user, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull Consumer<byte[]> callback) { |
| checkNotNull(user); |
| checkNotNull(executor); |
| checkNotNull(callback); |
| |
| // Check required permission to fail immediately instead of inside the oneway binder call |
| enforceSomePermissionsGrantedToSelf(Manifest.permission.GET_RUNTIME_PERMISSIONS); |
| |
| mRemoteService.postAsync(service -> RemoteStream.receiveBytes(remotePipe -> { |
| service.getRuntimePermissionBackup(user, remotePipe); |
| })).whenCompleteAsync((bytes, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error getting permission backup", err); |
| callback.accept(EmptyArray.BYTE); |
| } else { |
| callback.accept(bytes); |
| } |
| }, executor); |
| } |
| |
| /** |
| * Restore a {@link #getRuntimePermissionBackup backup-file} of the runtime permissions. |
| * |
| * <p>This might leave some part of the backup-file unapplied if an package mentioned in the |
| * backup-file is not yet installed. It is required that |
| * {@link #applyStagedRuntimePermissionBackup} is called after any package is installed to |
| * apply the rest of the backup-file. |
| * |
| * @param backup the backup-file to restore. The backup is sent asynchronously, hence it should |
| * not be modified after calling this method. |
| * @param user The user to be restore |
| */ |
| @RequiresPermission(anyOf = { |
| Manifest.permission.GRANT_RUNTIME_PERMISSIONS, |
| Manifest.permission.RESTORE_RUNTIME_PERMISSIONS |
| }) |
| public void stageAndApplyRuntimePermissionsBackup(@NonNull byte[] backup, |
| @NonNull UserHandle user) { |
| checkNotNull(backup); |
| checkNotNull(user); |
| |
| // Check required permission to fail immediately instead of inside the oneway binder call |
| enforceSomePermissionsGrantedToSelf(Manifest.permission.GRANT_RUNTIME_PERMISSIONS, |
| Manifest.permission.RESTORE_RUNTIME_PERMISSIONS); |
| |
| mRemoteService.postAsync(service -> RemoteStream.sendBytes(remotePipe -> { |
| service.stageAndApplyRuntimePermissionsBackup(user, remotePipe); |
| }, backup)) |
| .whenComplete((nullResult, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error sending permission backup", err); |
| } |
| }); |
| } |
| |
| /** |
| * Restore unapplied parts of a {@link #stageAndApplyRuntimePermissionsBackup previously staged} |
| * backup-file of the runtime permissions. |
| * |
| * <p>This should be called every time after a package is installed until the callback |
| * reports that there is no more unapplied backup left. |
| * |
| * @param packageName The package that is ready to have it's permissions restored. |
| * @param user The user the package belongs to |
| * @param executor Executor to execute the callback on |
| * @param callback Is called with {@code true} iff there is still more unapplied backup left |
| */ |
| @RequiresPermission(anyOf = { |
| Manifest.permission.GRANT_RUNTIME_PERMISSIONS, |
| Manifest.permission.RESTORE_RUNTIME_PERMISSIONS |
| }) |
| public void applyStagedRuntimePermissionBackup(@NonNull String packageName, |
| @NonNull UserHandle user, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull Consumer<Boolean> callback) { |
| checkNotNull(packageName); |
| checkNotNull(user); |
| checkNotNull(executor); |
| checkNotNull(callback); |
| |
| // Check required permission to fail immediately instead of inside the oneway binder call |
| enforceSomePermissionsGrantedToSelf(Manifest.permission.GRANT_RUNTIME_PERMISSIONS, |
| Manifest.permission.RESTORE_RUNTIME_PERMISSIONS); |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Boolean> applyStagedRuntimePermissionBackupResult = |
| new AndroidFuture<>(); |
| service.applyStagedRuntimePermissionBackup(packageName, user, |
| applyStagedRuntimePermissionBackupResult); |
| return applyStagedRuntimePermissionBackupResult; |
| }).whenCompleteAsync((applyStagedRuntimePermissionBackupResult, err) -> { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| if (err != null) { |
| Log.e(TAG, "Error restoring delayed permissions for " + packageName, err); |
| callback.accept(true); |
| } else { |
| callback.accept( |
| Boolean.TRUE.equals(applyStagedRuntimePermissionBackupResult)); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| }, executor); |
| } |
| |
| /** |
| * Dump permission controller state. |
| * |
| * @hide |
| */ |
| public void dump(@NonNull FileDescriptor fd, @Nullable String[] args) { |
| try { |
| mRemoteService.postAsync(service -> { |
| return AndroidFuture.runAsync(uncheckExceptions(() -> { |
| service.asBinder().dump(fd, args); |
| }), BackgroundThread.getExecutor()); |
| }).get(REQUEST_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS); |
| } catch (Exception e) { |
| Log.e(TAG, "Could not get dump", e); |
| } |
| } |
| |
| /** |
| * Gets the runtime permissions for an app. |
| * |
| * @param packageName The package for which to query. |
| * @param callback Callback to receive the result. |
| * @param handler Handler on which to invoke the callback. |
| * |
| * @hide |
| */ |
| @TestApi |
| @RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSIONS) |
| public void getAppPermissions(@NonNull String packageName, |
| @NonNull OnGetAppPermissionResultCallback callback, @Nullable Handler handler) { |
| checkNotNull(packageName); |
| checkNotNull(callback); |
| Handler finalHandler = handler != null ? handler : mHandler; |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<List<RuntimePermissionPresentationInfo>> getAppPermissionsResult = |
| new AndroidFuture<>(); |
| service.getAppPermissions(packageName, getAppPermissionsResult); |
| return getAppPermissionsResult; |
| }).whenComplete((getAppPermissionsResult, err) -> finalHandler.post(() -> { |
| if (err != null) { |
| Log.e(TAG, "Error getting app permission", err); |
| callback.onGetAppPermissions(Collections.emptyList()); |
| } else { |
| callback.onGetAppPermissions(CollectionUtils.emptyIfNull(getAppPermissionsResult)); |
| } |
| })); |
| } |
| |
| /** |
| * Revoke the permission {@code permissionName} for app {@code packageName} |
| * |
| * @param packageName The package for which to revoke |
| * @param permissionName The permission to revoke |
| * |
| * @hide |
| */ |
| @TestApi |
| @RequiresPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) |
| public void revokeRuntimePermission(@NonNull String packageName, |
| @NonNull String permissionName) { |
| checkNotNull(packageName); |
| checkNotNull(permissionName); |
| |
| mRemoteService.run(service -> service.revokeRuntimePermission(packageName, permissionName)); |
| } |
| |
| /** |
| * Count how many apps have one of a set of permissions. |
| * |
| * @param permissionNames The permissions the app might have |
| * @param flags Modify which apps to count. By default all non-system apps that request a |
| * permission are counted |
| * @param callback Callback to receive the result |
| * @param handler Handler on which to invoke the callback |
| * |
| * @hide |
| */ |
| @TestApi |
| @RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSIONS) |
| public void countPermissionApps(@NonNull List<String> permissionNames, |
| @CountPermissionAppsFlag int flags, |
| @NonNull OnCountPermissionAppsResultCallback callback, @Nullable Handler handler) { |
| checkCollectionElementsNotNull(permissionNames, "permissionNames"); |
| checkFlagsArgument(flags, COUNT_WHEN_SYSTEM | COUNT_ONLY_WHEN_GRANTED); |
| checkNotNull(callback); |
| Handler finalHandler = handler != null ? handler : mHandler; |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Integer> countPermissionAppsResult = new AndroidFuture<>(); |
| service.countPermissionApps(permissionNames, flags, countPermissionAppsResult); |
| return countPermissionAppsResult; |
| }).whenComplete((countPermissionAppsResult, err) -> finalHandler.post(() -> { |
| if (err != null) { |
| Log.e(TAG, "Error counting permission apps", err); |
| callback.onCountPermissionApps(0); |
| } else { |
| callback.onCountPermissionApps(countPermissionAppsResult); |
| } |
| })); |
| } |
| |
| /** |
| * Count how many apps have used permissions. |
| * |
| * @param countSystem Also count system apps |
| * @param numMillis The number of milliseconds in the past to check for uses |
| * @param executor Executor on which to invoke the callback |
| * @param callback Callback to receive the result |
| * |
| * @hide |
| */ |
| @RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSIONS) |
| public void getPermissionUsages(boolean countSystem, long numMillis, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull OnPermissionUsageResultCallback callback) { |
| checkArgumentNonnegative(numMillis); |
| checkNotNull(executor); |
| checkNotNull(callback); |
| |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<List<RuntimePermissionUsageInfo>> getPermissionUsagesResult = |
| new AndroidFuture<>(); |
| service.getPermissionUsages(countSystem, numMillis, getPermissionUsagesResult); |
| return getPermissionUsagesResult; |
| }).whenCompleteAsync((getPermissionUsagesResult, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error getting permission usages", err); |
| callback.onPermissionUsageResult(Collections.emptyList()); |
| } else { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| callback.onPermissionUsageResult( |
| CollectionUtils.emptyIfNull(getPermissionUsagesResult)); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| }, executor); |
| } |
| |
| /** |
| * Grant or upgrade runtime permissions. The upgrade could be performed |
| * based on whether the device upgraded, whether the permission database |
| * version is old, or because the permission policy changed. |
| * |
| * @param executor Executor on which to invoke the callback |
| * @param callback Callback to receive the result |
| * |
| * @hide |
| */ |
| @RequiresPermission(Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY) |
| public void grantOrUpgradeDefaultRuntimePermissions( |
| @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<Boolean> callback) { |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Boolean> grantOrUpgradeDefaultRuntimePermissionsResult = |
| new AndroidFuture<>(); |
| service.grantOrUpgradeDefaultRuntimePermissions( |
| grantOrUpgradeDefaultRuntimePermissionsResult); |
| return grantOrUpgradeDefaultRuntimePermissionsResult; |
| }).whenCompleteAsync((grantOrUpgradeDefaultRuntimePermissionsResult, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error granting or upgrading runtime permissions", err); |
| callback.accept(false); |
| } else { |
| callback.accept(Boolean.TRUE.equals(grantOrUpgradeDefaultRuntimePermissionsResult)); |
| } |
| }, executor); |
| } |
| |
| // TODO(b/272129940): Remove this API and device profile role description when we drop T |
| // support. |
| /** |
| * Gets the description of the privileges associated with the given device profiles |
| * |
| * @param profileName Name of the device profile |
| * @param executor Executor on which to invoke the callback |
| * @param callback Callback to receive the result |
| * |
| * @deprecated Device profile privilege descriptions have been bundled in CDM APK since T. |
| * |
| * @hide |
| */ |
| @Deprecated |
| @RequiresPermission(Manifest.permission.MANAGE_COMPANION_DEVICES) |
| public void getPrivilegesDescriptionStringForProfile( |
| @NonNull String profileName, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull Consumer<CharSequence> callback) { |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<String> future = new AndroidFuture<>(); |
| service.getPrivilegesDescriptionStringForProfile(profileName, future); |
| return future; |
| }).whenCompleteAsync((description, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error from getPrivilegesDescriptionStringForProfile", err); |
| callback.accept(null); |
| } else { |
| callback.accept(description); |
| } |
| }, executor); |
| } |
| |
| /** |
| * @see PermissionControllerManager#updateUserSensitiveForApp |
| * @hide |
| */ |
| public void updateUserSensitive() { |
| updateUserSensitiveForApp(Process.INVALID_UID); |
| } |
| |
| /** |
| * @see PermissionControllerService#onUpdateUserSensitiveForApp |
| * @hide |
| */ |
| public void updateUserSensitiveForApp(int uid) { |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Void> future = new AndroidFuture<>(); |
| service.updateUserSensitiveForApp(uid, future); |
| return future; |
| }).whenComplete((res, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error updating user_sensitive flags for uid " + uid, err); |
| } |
| }); |
| } |
| |
| /** |
| * Called when a package that has permissions registered as "one-time" is considered |
| * inactive. |
| * |
| * @param packageName The package which became inactive |
| * @param deviceId The device ID refers either the primary device i.e. the phone or |
| * a virtual device. See {@link Context#DEVICE_ID_DEFAULT} |
| * @hide |
| */ |
| @RequiresPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) |
| public void notifyOneTimePermissionSessionTimeout(@NonNull String packageName, int deviceId) { |
| mRemoteService.run(service -> service.notifyOneTimePermissionSessionTimeout( |
| packageName, deviceId)); |
| } |
| |
| /** |
| * Get the platform permissions which belong to a particular permission group. |
| * |
| * @param permissionGroupName The permission group whose permissions are desired |
| * @param executor Executor on which to invoke the callback |
| * @param callback A callback which will receive a list of the platform permissions in the |
| * group, or empty if the group is not a valid platform group, or there |
| * was an exception. |
| * |
| * @hide |
| */ |
| public void getPlatformPermissionsForGroup(@NonNull String permissionGroupName, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull Consumer<List<String>> callback) { |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<List<String>> future = new AndroidFuture<>(); |
| service.getPlatformPermissionsForGroup(permissionGroupName, future); |
| return future; |
| }).whenCompleteAsync((result, err) -> { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| if (err != null) { |
| Log.e(TAG, "Failed to get permissions of " + permissionGroupName, err); |
| callback.accept(new ArrayList<>()); |
| } else { |
| callback.accept(result); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| }, executor); |
| } |
| |
| /** |
| * Get the platform group of a particular permission, if the permission is a platform |
| * permission. |
| * |
| * @param permissionName The permission name whose group is desired |
| * @param executor Executor on which to invoke the callback |
| * @param callback A callback which will receive the name of the permission group this |
| * permission belongs to, or null if it has no group, is not a platform |
| * permission, or there was an exception. |
| * |
| * @hide |
| */ |
| public void getGroupOfPlatformPermission(@NonNull String permissionName, |
| @NonNull @CallbackExecutor Executor executor, @NonNull Consumer<String> callback) { |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<String> future = new AndroidFuture<>(); |
| service.getGroupOfPlatformPermission(permissionName, future); |
| return future; |
| }).whenCompleteAsync((result, err) -> { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| if (err != null) { |
| Log.e(TAG, "Failed to get group of " + permissionName, err); |
| callback.accept(null); |
| } else { |
| callback.accept(result); |
| } |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| }, executor); |
| } |
| |
| /** |
| * Get the number of unused, hibernating apps for the user. |
| * |
| * @param executor executor to run callback on |
| * @param callback callback for when result is generated |
| */ |
| public void getUnusedAppCount(@NonNull @CallbackExecutor Executor executor, |
| @NonNull IntConsumer callback) { |
| checkNotNull(executor); |
| checkNotNull(callback); |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Integer> unusedAppCountResult = new AndroidFuture<>(); |
| service.getUnusedAppCount(unusedAppCountResult); |
| return unusedAppCountResult; |
| }).whenCompleteAsync((count, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error getting unused app count", err); |
| callback.accept(0); |
| } else { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| callback.accept((int) count); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| }, executor); |
| } |
| |
| /** |
| * Get the hibernation eligibility of a package. See {@link HibernationEligibilityFlag}. |
| * |
| * @param packageName package name to check eligibility |
| * @param executor executor to run callback on |
| * @param callback callback for when result is generated |
| */ |
| @RequiresPermission(Manifest.permission.MANAGE_APP_HIBERNATION) |
| public void getHibernationEligibility(@NonNull String packageName, |
| @NonNull @CallbackExecutor Executor executor, |
| @NonNull IntConsumer callback) { |
| checkNotNull(executor); |
| checkNotNull(callback); |
| |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Integer> eligibilityResult = new AndroidFuture<>(); |
| service.getHibernationEligibility(packageName, eligibilityResult); |
| return eligibilityResult; |
| }).whenCompleteAsync((eligibility, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Error getting hibernation eligibility", err); |
| callback.accept(HIBERNATION_ELIGIBILITY_UNKNOWN); |
| } else { |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| callback.accept(eligibility); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| }, executor); |
| } |
| |
| /** |
| * Triggers the revocation of one or more permissions for a package, under the following |
| * conditions: |
| * <ul> |
| * <li>The package {@code packageName} must be under the same UID as the calling process |
| * (typically, the target package is the calling package). |
| * <li>Each permission in {@code permissions} must be granted to the package |
| * {@code packageName}. |
| * <li>Each permission in {@code permissions} must be a runtime permission. |
| * </ul> |
| * <p> |
| * Background permissions which have no corresponding foreground permission still granted once |
| * the revocation is effective will also be revoked. |
| * <p> |
| * This revocation happens asynchronously and kills all processes running in the same UID as |
| * {@code packageName}. It will be triggered once it is safe to do so. |
| * |
| * @param packageName The name of the package for which the permissions will be revoked. |
| * @param permissions List of permissions to be revoked. |
| * |
| * @see Context#revokeSelfPermissionsOnKill(java.util.Collection) |
| * |
| * @hide |
| */ |
| public void revokeSelfPermissionsOnKill(@NonNull String packageName, |
| @NonNull List<String> permissions) { |
| mRemoteService.postAsync(service -> { |
| AndroidFuture<Void> callback = new AndroidFuture<>(); |
| service.revokeSelfPermissionsOnKill(packageName, permissions, mContext.getDeviceId(), |
| callback); |
| return callback; |
| }).whenComplete((result, err) -> { |
| if (err != null) { |
| Log.e(TAG, "Failed to self revoke " + String.join(",", permissions) |
| + " for package " + packageName + ", and device " + mContext.getDeviceId(), |
| err); |
| } |
| }); |
| } |
| } |
