1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.appop; 18 19 import android.os.PackageTagsList; 20 21 import java.io.PrintWriter; 22 23 /** 24 * Legacy implementation for AppOpsService's app-op restrictions (global and user) 25 * storage and access. 26 */ 27 public interface AppOpsRestrictions { 28 /** 29 * Set or clear a global app-op restriction for the given {@code clientToken}. 30 * 31 * @param clientToken A token identifying the client this restriction applies to. 32 * @param code The app-op opCode to set (or clear) a restriction for. 33 * @param restricted {@code true} to restrict this app-op code, or {@code false} to clear an 34 * existing restriction. 35 * @return {@code true} if any restriction state was modified as a result of this operation 36 */ setGlobalRestriction(Object clientToken, int code, boolean restricted)37 boolean setGlobalRestriction(Object clientToken, int code, boolean restricted); 38 39 /** 40 * Get the state of a global app-op restriction for the given {@code clientToken}. 41 * 42 * @param clientToken A token identifying the client to get the restriction state of. 43 * @param code The app-op code to get the restriction state of. 44 * @return the restriction state 45 */ getGlobalRestriction(Object clientToken, int code)46 boolean getGlobalRestriction(Object clientToken, int code); 47 48 /** 49 * Returns {@code true} if *any* global app-op restrictions are currently set for the given 50 * {@code clientToken}. 51 * 52 * @param clientToken A token identifying the client to check restrictions for. 53 * @return {@code true} if any restrictions are set 54 */ hasGlobalRestrictions(Object clientToken)55 boolean hasGlobalRestrictions(Object clientToken); 56 57 /** 58 * Clear *all* global app-op restrictions for the given {@code clientToken}. 59 * 60 * @param clientToken A token identifying the client to clear restrictions from. 61 * @return {@code true} if any restriction state was modified as a result of this operation 62 */ clearGlobalRestrictions(Object clientToken)63 boolean clearGlobalRestrictions(Object clientToken); 64 65 /** 66 * Set or clear a user app-op restriction for the given {@code clientToken} and {@code userId}. 67 * 68 * @param clientToken A token identifying the client this restriction applies to. 69 * @param code The app-op code to set (or clear) a restriction for. 70 * @param restricted {@code true} to restrict this app-op code, or {@code false} to 71 * remove any existing restriction. 72 * @param excludedPackageTags A list of packages and associated attribution tags to exclude 73 * from this restriction. Or, if {@code null}, removes any 74 * exclusions from this restriction. 75 * @return {@code true} if any restriction state was modified as a result of this operation 76 */ setUserRestriction(Object clientToken, int userId, int code, boolean restricted, PackageTagsList excludedPackageTags)77 boolean setUserRestriction(Object clientToken, int userId, int code, boolean restricted, 78 PackageTagsList excludedPackageTags); 79 80 /** 81 * Get the state of a user app-op restriction for the given {@code clientToken} and {@code 82 * userId}. Or, if the combination of ({{@code clientToken}, {@code userId}, @code 83 * packageName}, {@code attributionTag}) has been excluded via 84 * {@link AppOpsRestrictions#setUserRestriction}, always returns {@code false}. 85 * 86 * @param clientToken A token identifying the client this restriction applies to. 87 * @param userId Which userId this restriction applies to. 88 * @param code The app-op code to get the restriction state of. 89 * @param packageName A package name used to check for exclusions. 90 * @param attributionTag An attribution tag used to check for exclusions. 91 * @param isCheckOp a flag that, when {@code true}, denotes that exclusions should be 92 * checked by (packageName) rather than (packageName, attributionTag) 93 * @return the restriction state 94 */ getUserRestriction(Object clientToken, int userId, int code, String packageName, String attributionTag, boolean isCheckOp)95 boolean getUserRestriction(Object clientToken, int userId, int code, String packageName, 96 String attributionTag, boolean isCheckOp); 97 98 /** 99 * Returns {@code true} if *any* user app-op restrictions are currently set for the given 100 * {@code clientToken}. 101 * 102 * @param clientToken A token identifying the client to check restrictions for. 103 * @return {@code true} if any restrictions are set 104 */ hasUserRestrictions(Object clientToken)105 boolean hasUserRestrictions(Object clientToken); 106 107 /** 108 * Clear *all* user app-op restrictions for the given {@code clientToken}. 109 * 110 * @param clientToken A token identifying the client to clear restrictions for. 111 * @return {@code true} if any restriction state was modified as a result of this operation 112 */ clearUserRestrictions(Object clientToken)113 boolean clearUserRestrictions(Object clientToken); 114 115 /** 116 * Clear *all* user app-op restrictions for the given {@code clientToken} and {@code userId}. 117 * 118 * @param clientToken A token identifying the client to clear restrictions for. 119 * @param userId Which userId to clear restrictions for. 120 * @return {@code true} if any restriction state was modified as a result of this operation 121 */ clearUserRestrictions(Object clientToken, Integer userId)122 boolean clearUserRestrictions(Object clientToken, Integer userId); 123 124 /** 125 * Returns the set of exclusions previously set by 126 * {@link AppOpsRestrictions#setUserRestriction} for the given {@code clientToken} 127 * and {@code userId}. 128 * 129 * @param clientToken A token identifying the client to get restriction exclusions for. 130 * @param userId Which userId to get restriction exclusions for 131 * @return a set of user restriction exclusions 132 */ getUserRestrictionExclusions(Object clientToken, int userId)133 PackageTagsList getUserRestrictionExclusions(Object clientToken, int userId); 134 135 /** 136 * Dump the state of appop restrictions. 137 * 138 * @param printWriter writer to dump to. 139 * @param dumpOp if -1 then op mode listeners for all app-ops are dumped. If it's 140 * set to an app-op, only the watchers for that app-op are dumped. 141 * @param dumpPackage if not null and if dumpOp is -1, dumps watchers for the package 142 * name. 143 * @param showUserRestrictions include user restriction state in the output 144 */ dumpRestrictions(PrintWriter printWriter, int dumpOp, String dumpPackage, boolean showUserRestrictions)145 void dumpRestrictions(PrintWriter printWriter, int dumpOp, String dumpPackage, 146 boolean showUserRestrictions); 147 148 /** 149 * Listener for when an appop restriction is removed. 150 */ 151 interface AppOpsRestrictionRemovedListener { onAppOpsRestrictionRemoved(int code)152 void onAppOpsRestrictionRemoved(int code); 153 } 154 } 155