1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import android.annotation.AppIdInt; 20 import android.annotation.NonNull; 21 import android.annotation.Nullable; 22 import android.annotation.UserIdInt; 23 import android.content.pm.PackageManager; 24 import android.content.pm.PermissionGroupInfo; 25 import android.content.pm.PermissionInfo; 26 import android.content.pm.permission.SplitPermissionInfoParcelable; 27 import android.permission.IOnPermissionsChangeListener; 28 import android.permission.PermissionManager.PermissionState; 29 import android.permission.PermissionManagerInternal; 30 31 import com.android.server.pm.pkg.AndroidPackage; 32 import com.android.server.pm.pkg.PackageState; 33 34 import java.io.FileDescriptor; 35 import java.io.PrintWriter; 36 import java.util.List; 37 import java.util.Map; 38 import java.util.Set; 39 40 /** 41 * Interface for managing all permissions and handling permissions related tasks. 42 */ 43 public interface PermissionManagerServiceInterface extends PermissionManagerInternal { 44 /** 45 * Dump. 46 */ dump(FileDescriptor fd, PrintWriter pw, String[] args)47 void dump(FileDescriptor fd, PrintWriter pw, String[] args); 48 49 /** 50 * Retrieve all of the known permission groups in the system. 51 * 52 * @param flags additional option flags to modify the data returned 53 * @return a list of {@link PermissionGroupInfo} containing information about all of the known 54 * permission groups 55 */ getAllPermissionGroups( @ackageManager.PermissionGroupInfoFlags int flags)56 List<PermissionGroupInfo> getAllPermissionGroups( 57 @PackageManager.PermissionGroupInfoFlags int flags); 58 59 /** 60 * Retrieve all of the information we know about a particular group of permissions. 61 * 62 * @param groupName the fully qualified name (e.g. com.android.permission_group.APPS) of the 63 * permission you are interested in 64 * @param flags additional option flags to modify the data returned 65 * @return a {@link PermissionGroupInfo} containing information about the permission, or 66 * {@code null} if not found 67 */ getPermissionGroupInfo(String groupName, @PackageManager.PermissionGroupInfoFlags int flags)68 PermissionGroupInfo getPermissionGroupInfo(String groupName, 69 @PackageManager.PermissionGroupInfoFlags int flags); 70 71 /** 72 * Retrieve all of the information we know about a particular permission. 73 * 74 * @param permName the fully qualified name (e.g. com.android.permission.LOGIN) of the 75 * permission you are interested in 76 * @param flags additional option flags to modify the data returned 77 * @return a {@link PermissionInfo} containing information about the permission, or {@code null} 78 * if not found 79 */ getPermissionInfo(@onNull String permName, @PackageManager.PermissionInfoFlags int flags, @NonNull String opPackageName)80 PermissionInfo getPermissionInfo(@NonNull String permName, 81 @PackageManager.PermissionInfoFlags int flags, @NonNull String opPackageName); 82 83 /** 84 * Query for all of the permissions associated with a particular group. 85 * 86 * @param groupName the fully qualified name (e.g. com.android.permission.LOGIN) of the 87 * permission group you are interested in. Use {@code null} to find all of the 88 * permissions not associated with a group 89 * @param flags additional option flags to modify the data returned 90 * @return a list of {@link PermissionInfo} containing information about all of the permissions 91 * in the given group, or {@code null} if the group is not found 92 */ queryPermissionsByGroup(String groupName, @PackageManager.PermissionInfoFlags int flags)93 List<PermissionInfo> queryPermissionsByGroup(String groupName, 94 @PackageManager.PermissionInfoFlags int flags); 95 96 /** 97 * Add a new dynamic permission to the system. For this to work, your package must have defined 98 * a permission tree through the 99 * {@link android.R.styleable#AndroidManifestPermissionTree <permission-tree>} tag in its 100 * manifest. A package can only add permissions to trees that were defined by either its own 101 * package or another with the same user id; a permission is in a tree if it matches the name of 102 * the permission tree + ".": for example, "com.foo.bar" is a member of the permission tree 103 * "com.foo". 104 * <p> 105 * It is good to make your permission tree name descriptive, because you are taking possession 106 * of that entire set of permission names. Thus, it must be under a domain you control, with a 107 * suffix that will not match any normal permissions that may be declared in any applications 108 * that are part of that domain. 109 * <p> 110 * New permissions must be added before any .apks are installed that use those permissions. 111 * Permissions you add through this method are remembered across reboots of the device. If the 112 * given permission already exists, the info you supply here will be used to update it. 113 * 114 * @param info description of the permission to be added 115 * @param async whether the persistence of the permission should be asynchronous, allowing it to 116 * return quicker and batch a series of adds, at the expense of no guarantee the 117 * added permission will be retained if the device is rebooted before it is 118 * written. 119 * @return {@code true} if a new permission was created, {@code false} if an existing one was 120 * updated 121 * @throws SecurityException if you are not allowed to add the given permission name 122 * 123 * @see #removePermission(String) 124 */ addPermission(PermissionInfo info, boolean async)125 boolean addPermission(PermissionInfo info, boolean async); 126 127 /** 128 * Removes a permission that was previously added with 129 * {@link #addPermission(PermissionInfo, boolean)}. The same ownership rules apply -- you are 130 * only allowed to remove permissions that you are allowed to add. 131 * 132 * @param permName the name of the permission to remove 133 * @throws SecurityException if you are not allowed to remove the given permission name 134 * 135 * @see #addPermission(PermissionInfo, boolean) 136 */ removePermission(String permName)137 void removePermission(String permName); 138 139 /** 140 * Gets the permission state flags associated with a permission. 141 * 142 * @param packageName the package name for which to get the flags 143 * @param permName the permission for which to get the flags 144 * @param deviceId The device for which to get the flags 145 * @param userId the user for which to get permission flags 146 * @return the permission flags 147 */ getPermissionFlags(String packageName, String permName, String deviceId, @UserIdInt int userId)148 int getPermissionFlags(String packageName, String permName, String deviceId, 149 @UserIdInt int userId); 150 151 /** 152 * Updates the flags associated with a permission by replacing the flags in the specified mask 153 * with the provided flag values. 154 * 155 * @param packageName The package name for which to update the flags 156 * @param permName The permission for which to update the flags 157 * @param flagMask The flags which to replace 158 * @param flagValues The flags with which to replace 159 * @param deviceId The device for which to update the permission flags 160 * @param userId The user for which to update the permission flags 161 */ updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, String deviceId, @UserIdInt int userId)162 void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, 163 boolean checkAdjustPolicyFlagPermission, String deviceId, 164 @UserIdInt int userId); 165 166 /** 167 * Update the permission flags for all packages and runtime permissions of a user in order 168 * to allow device or profile owner to remove POLICY_FIXED. 169 */ updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId)170 void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId); 171 172 /** 173 * TODO: theianchen We should get rid of the IBinder interface which is an implementation detail 174 * 175 * Add a listener for permission changes for installed packages. 176 * @param listener the listener to add 177 */ addOnPermissionsChangeListener(IOnPermissionsChangeListener listener)178 void addOnPermissionsChangeListener(IOnPermissionsChangeListener listener); 179 180 /** 181 * Remove a listener for permission changes for installed packages. 182 * @param listener the listener to remove 183 */ removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener)184 void removeOnPermissionsChangeListener(IOnPermissionsChangeListener listener); 185 186 /** 187 * addAllowlistedRestrictedPermission. TODO: theianchen add doc 188 */ addAllowlistedRestrictedPermission(@onNull String packageName, @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)189 boolean addAllowlistedRestrictedPermission(@NonNull String packageName, 190 @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, 191 @UserIdInt int userId); 192 193 /** 194 * Gets the restricted permissions that have been allowlisted and the app is allowed to have 195 * them granted in their full form. 196 * <p> 197 * Permissions can be hard restricted which means that the app cannot hold them or soft 198 * restricted where the app can hold the permission but in a weaker form. Whether a permission 199 * is {@link PermissionInfo#FLAG_HARD_RESTRICTED hard restricted} or 200 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED soft restricted} depends on the permission 201 * declaration. Allowlisting a hard restricted permission allows for the to hold that permission 202 * and allowlisting a soft restricted permission allows the app to hold the permission in its 203 * full, unrestricted form. 204 * <p> 205 * There are four allowlists: 206 * <ol> 207 * <li> 208 * One for cases where the system permission policy allowlists a permission. This list 209 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM} flag. Can only be 210 * accessed by pre-installed holders of a dedicated permission. 211 * <li> 212 * One for cases where the system allowlists the permission when upgrading from an OS version in 213 * which the permission was not restricted to an OS version in which the permission is 214 * restricted. This list corresponds to the 215 * {@link PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be accessed by 216 * pre-installed holders of a dedicated permission or the installer on record. 217 * <li> 218 * One for cases where the installer of the package allowlists a permission. This list 219 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER} flag. Can be 220 * accessed by pre-installed holders of a dedicated permission or the installer on record. 221 * </ol> 222 * 223 * @param packageName the app for which to get allowlisted permissions 224 * @param flags the flag to determine which allowlist to query. Only one flag can be 225 * passed. 226 * @return the allowlisted permissions that are on any of the allowlists you query for 227 * @throws SecurityException if you try to access a allowlist that you have no access to 228 * 229 * @see #addAllowlistedRestrictedPermission(String, String, int) 230 * @see #removeAllowlistedRestrictedPermission(String, String, int) 231 * @see PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM 232 * @see PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE 233 * @see PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER 234 */ getAllowlistedRestrictedPermissions(@onNull String packageName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)235 List<String> getAllowlistedRestrictedPermissions(@NonNull String packageName, 236 @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId); 237 238 /** 239 * Removes a allowlisted restricted permission for an app. 240 * <p> 241 * Permissions can be hard restricted which means that the app cannot hold them or soft 242 * restricted where the app can hold the permission but in a weaker form. Whether a permission 243 * is {@link PermissionInfo#FLAG_HARD_RESTRICTED hard restricted} or 244 * {@link PermissionInfo#FLAG_SOFT_RESTRICTED soft restricted} depends on the permission 245 * declaration. Allowlisting a hard restricted permission allows for the to hold that permission 246 * and allowlisting a soft restricted permission allows the app to hold the permission in its 247 * full, unrestricted form. 248 * <p>There are four allowlists: 249 * <ol> 250 * <li> 251 * One for cases where the system permission policy allowlists a permission. This list 252 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM} flag. Can only be 253 * accessed by pre-installed holders of a dedicated permission. 254 * <li> 255 * One for cases where the system allowlists the permission when upgrading from an OS version in 256 * which the permission was not restricted to an OS version in which the permission is 257 * restricted. This list corresponds to the 258 * {@link PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be accessed by 259 * pre-installed holders of a dedicated permission or the installer on record. 260 * <li> 261 * One for cases where the installer of the package allowlists a permission. This list 262 * corresponds to the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER} flag. Can be 263 * accessed by pre-installed holders of a dedicated permission or the installer on record. 264 * </ol> 265 * <p> 266 * You need to specify the allowlists for which to set the allowlisted permissions which will 267 * clear the previous allowlisted permissions and replace them with the provided ones. 268 * 269 * @param packageName the app for which to get allowlisted permissions 270 * @param permName the allowlisted permission to remove 271 * @param flags the allowlists from which to remove. Passing multiple flags updates all 272 * specified allowlists. 273 * @return whether the permission was removed from the allowlist 274 * @throws SecurityException if you try to modify a allowlist that you have no access to. 275 * 276 * @see #getAllowlistedRestrictedPermissions(String, int) 277 * @see #addAllowlistedRestrictedPermission(String, String, int) 278 * @see PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM 279 * @see PackageManager#FLAG_PERMISSION_WHITELIST_UPGRADE 280 * @see PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER 281 */ removeAllowlistedRestrictedPermission(@onNull String packageName, @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, @UserIdInt int userId)282 boolean removeAllowlistedRestrictedPermission(@NonNull String packageName, 283 @NonNull String permName, @PackageManager.PermissionWhitelistFlags int flags, 284 @UserIdInt int userId); 285 286 /** 287 * Grant a runtime permission to an application which the application does not already have. The 288 * permission must have been requested by the application. If the application is not allowed to 289 * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or 290 * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown. 291 * <p> 292 * <strong>Note: </strong>Using this API requires holding 293 * {@code android.permission.GRANT_RUNTIME_PERMISSIONS} and if the user ID is not the current 294 * user {@code android.permission.INTERACT_ACROSS_USERS_FULL}. 295 * 296 * @param packageName the package to which to grant the permission 297 * @param permName the permission name to grant 298 * @param deviceId the device for which to grant the permission 299 * @param userId the user for which to grant the permission 300 * 301 * @see #revokeRuntimePermission(String, String, String, int, String) 302 */ grantRuntimePermission(String packageName, String permName, String deviceId, @UserIdInt int userId)303 void grantRuntimePermission(String packageName, String permName, String deviceId, 304 @UserIdInt int userId); 305 306 /** 307 * Revoke a runtime permission that was previously granted by 308 * {@link #grantRuntimePermission(String, String, String, int)}. The permission must 309 * have been requested by and granted to the application. If the application is not allowed to 310 * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or 311 * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown. 312 * <p> 313 * <strong>Note: </strong>Using this API requires holding 314 * {@code android.permission.REVOKE_RUNTIME_PERMISSIONS} and if the user ID is not the current 315 * user {@code android.permission.INTERACT_ACROSS_USERS_FULL}. 316 * 317 * @param packageName the package from which to revoke the permission 318 * @param permName the permission name to revoke 319 * @param deviceId the device for which to revoke the permission 320 * @param userId the user for which to revoke the permission 321 * @param reason the reason for the revoke, or {@code null} for unspecified 322 * 323 * @see #grantRuntimePermission(String, String, String, int) 324 */ revokeRuntimePermission(String packageName, String permName, String deviceId, @UserIdInt int userId, String reason)325 void revokeRuntimePermission(String packageName, String permName, String deviceId, 326 @UserIdInt int userId, String reason); 327 328 /** 329 * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE 330 * USED in CTS or local tests. 331 * 332 * @param packageName The package to be revoked 333 * @param userId The user for which to revoke 334 */ revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId)335 void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId); 336 337 /** 338 * Get whether you should show UI with rationale for requesting a permission. You should do this 339 * only if you do not have the permission and the context in which the permission is requested 340 * does not clearly communicate to the user what would be the benefit from grating this 341 * permission. 342 * 343 * @param packageName the package name 344 * @param permName a permission your app wants to request 345 * @param deviceId the device for which to check the permission 346 * @param userId the user for which to check the permission 347 * @return whether you can show permission rationale UI 348 */ shouldShowRequestPermissionRationale(String packageName, String permName, String deviceId, @UserIdInt int userId)349 boolean shouldShowRequestPermissionRationale(String packageName, String permName, 350 String deviceId, @UserIdInt int userId); 351 352 /** 353 * Checks whether a particular permission has been revoked for a package by policy. Typically, 354 * the device owner or the profile owner may apply such a policy. The user cannot grant policy 355 * revoked permissions, hence the only way for an app to get such a permission is by a policy 356 * change. 357 * 358 * @param packageName the name of the package you are checking against 359 * @param permName the name of the permission you are checking for 360 * @param deviceId the device for which you are checking the permission 361 * @param userId the device for which you are checking the permission 362 * @return whether the permission is restricted by policy 363 */ isPermissionRevokedByPolicy(String packageName, String permName, String deviceId, @UserIdInt int userId)364 boolean isPermissionRevokedByPolicy(String packageName, String permName, 365 String deviceId, @UserIdInt int userId); 366 367 /** 368 * Get set of permissions that have been split into more granular or dependent permissions. 369 * 370 * <p>E.g. before {@link android.os.Build.VERSION_CODES#Q} an app that was granted 371 * {@link Manifest.permission#ACCESS_COARSE_LOCATION} could access the location while it was in 372 * foreground and background. On platforms after {@link android.os.Build.VERSION_CODES#Q} 373 * the location permission only grants location access while the app is in foreground. This 374 * would break apps that target before {@link android.os.Build.VERSION_CODES#Q}. Hence whenever 375 * such an old app asks for a location permission (i.e. the 376 * {@link PermissionManager.SplitPermissionInfo#getSplitPermission()}), then the 377 * {@link Manifest.permission#ACCESS_BACKGROUND_LOCATION} permission (inside 378 * {@link PermissionManager.SplitPermissionInfo#getNewPermissions}) is added. 379 * 380 * <p>Note: Regular apps do not have to worry about this. The platform and permission controller 381 * automatically add the new permissions where needed. 382 * 383 * @return All permissions that are split. 384 */ getSplitPermissions()385 List<SplitPermissionInfoParcelable> getSplitPermissions(); 386 387 /** 388 * Check whether a permission is granted or not to a package. 389 * 390 * @param pkgName package name 391 * @param permName permission name 392 * @param deviceId persistent device ID 393 * @param userId user ID 394 * @return permission result {@link PackageManager.PermissionResult} 395 */ checkPermission(String pkgName, String permName, String deviceId, @UserIdInt int userId)396 int checkPermission(String pkgName, String permName, String deviceId, 397 @UserIdInt int userId); 398 399 /** 400 * Check whether a permission is granted or not to an UID. 401 * 402 * @param uid UID 403 * @param permName permission name 404 * @param deviceId persistent device ID 405 * @return permission result {@link PackageManager.PermissionResult} 406 */ checkUidPermission(int uid, String permName, String deviceId)407 int checkUidPermission(int uid, String permName, String deviceId); 408 409 /** 410 * Gets the permission states for requested package, persistent device and user. 411 * <p> 412 * <strong>Note: </strong>Default device permissions are not inherited in this API. Returns the 413 * exact permission states for the requested device. 414 * 415 * @param packageName name of the package you are checking against 416 * @param deviceId id of the persistent device you are checking against 417 * @param userId id of the user for which to get permission flags 418 * @return mapping of all permission states keyed by their permission names 419 * 420 * @hide 421 */ getAllPermissionStates(@onNull String packageName, @NonNull String deviceId, @UserIdInt int userId)422 Map<String, PermissionState> getAllPermissionStates(@NonNull String packageName, 423 @NonNull String deviceId, @UserIdInt int userId); 424 425 /** 426 * Get all the package names requesting app op permissions. 427 * 428 * @return a map of app op permission names to package names requesting them 429 */ getAllAppOpPermissionPackages()430 Map<String, Set<String>> getAllAppOpPermissionPackages(); 431 432 /** 433 * Get whether permission review is required for a package. 434 * 435 * @param packageName the name of the package 436 * @param userId the user ID 437 * @return whether permission review is required 438 */ isPermissionsReviewRequired(@onNull String packageName, @UserIdInt int userId)439 boolean isPermissionsReviewRequired(@NonNull String packageName, 440 @UserIdInt int userId); 441 442 /** 443 * Reset the runtime permission state changes for a package for all devices. 444 * 445 * TODO(zhanghai): Turn this into package change callback? 446 */ resetRuntimePermissions(@onNull AndroidPackage pkg, @UserIdInt int userId)447 void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); 448 449 /** 450 * Reset the runtime permission state changes for all packages in a user. 451 * 452 * @param userId the user ID 453 */ resetRuntimePermissionsForUser(@serIdInt int userId)454 void resetRuntimePermissionsForUser(@UserIdInt int userId); 455 456 /** 457 * Read legacy permission state from package settings. 458 * 459 * TODO(zhanghai): This is a temporary method because we should not expose 460 * {@code PackageSetting} which is a implementation detail that permission should not know. 461 * Instead, it should retrieve the legacy state via a defined API. 462 */ readLegacyPermissionStateTEMP()463 void readLegacyPermissionStateTEMP(); 464 465 /** 466 * Write legacy permission state to package settings. 467 * 468 * TODO(zhanghai): This is a temporary method and should be removed once we migrated persistence 469 * for permission. 470 */ writeLegacyPermissionStateTEMP()471 void writeLegacyPermissionStateTEMP(); 472 473 /** 474 * Get all the permissions definitions from a package that's installed in the system. 475 * <p> 476 * A permission definition in a normal app may not be installed if it's overridden by the 477 * platform or system app that contains a conflicting definition after system upgrade. 478 * 479 * @param packageName the name of the package 480 * @return the names of the installed permissions 481 */ 482 @NonNull getInstalledPermissions(@onNull String packageName)483 Set<String> getInstalledPermissions(@NonNull String packageName); 484 485 /** 486 * Get all the permissions granted to a package. 487 * 488 * @param packageName package name 489 * @param userId user ID 490 * @return the names of the granted permissions 491 */ 492 @NonNull getGrantedPermissions(@onNull String packageName, @UserIdInt int userId)493 Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId); 494 495 /** 496 * Get the GIDs of a permission. 497 * 498 * @param permissionName the name of the permission 499 * @param userId the user ID 500 * @return the GIDs of the permission 501 */ 502 @NonNull getPermissionGids(@onNull String permissionName, @UserIdInt int userId)503 int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId); 504 505 /** 506 * Get the packages that have requested an app op permission. 507 * 508 * @param permissionName the name of the app op permission 509 * @return the names of the packages that have requested the app op permission 510 */ 511 @NonNull getAppOpPermissionPackages(@onNull String permissionName)512 String[] getAppOpPermissionPackages(@NonNull String permissionName); 513 514 /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */ 515 @Nullable getPermissionTEMP(@onNull String permName)516 Permission getPermissionTEMP(@NonNull String permName); 517 518 /** Get all permissions that have a certain protection */ 519 @NonNull getAllPermissionsWithProtection( @ermissionInfo.Protection int protection)520 List<PermissionInfo> getAllPermissionsWithProtection( 521 @PermissionInfo.Protection int protection); 522 523 /** Get all permissions that have certain protection flags */ getAllPermissionsWithProtectionFlags( @ermissionInfo.ProtectionFlags int protectionFlags)524 @NonNull List<PermissionInfo> getAllPermissionsWithProtectionFlags( 525 @PermissionInfo.ProtectionFlags int protectionFlags); 526 527 /** 528 * Get all the legacy permissions currently registered in the system. 529 * 530 * @return the legacy permissions 531 */ 532 @NonNull getLegacyPermissions()533 List<LegacyPermission> getLegacyPermissions(); 534 535 /** 536 * Get the legacy permission state of an app ID, either a package or a shared user. 537 * 538 * @param appId the app ID 539 * @return the legacy permission state 540 */ 541 @NonNull getLegacyPermissionState(@ppIdInt int appId)542 LegacyPermissionState getLegacyPermissionState(@AppIdInt int appId); 543 544 /** 545 * Read legacy permissions from legacy permission settings. 546 * 547 * TODO(zhanghai): This is a temporary method because we should not expose 548 * {@code LegacyPermissionSettings} which is a implementation detail that permission should not 549 * know. Instead, it should retrieve the legacy permissions via a defined API. 550 */ readLegacyPermissionsTEMP(@onNull LegacyPermissionSettings legacyPermissionSettings)551 void readLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); 552 553 /** 554 * Write legacy permissions to legacy permission settings. 555 * 556 * TODO(zhanghai): This is a temporary method and should be removed once we migrated persistence 557 * for permission. 558 */ writeLegacyPermissionsTEMP(@onNull LegacyPermissionSettings legacyPermissionSettings)559 void writeLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); 560 561 /** 562 * Get the fingerprint for default permission grants. 563 */ 564 @Nullable getDefaultPermissionGrantFingerprint(@serIdInt int userId)565 String getDefaultPermissionGrantFingerprint(@UserIdInt int userId); 566 567 /** 568 * Set the fingerprint for default permission grants. 569 */ setDefaultPermissionGrantFingerprint(@onNull String fingerprint, @UserIdInt int userId)570 void setDefaultPermissionGrantFingerprint(@NonNull String fingerprint, @UserIdInt int userId); 571 572 /** 573 * Callback when the system is ready. 574 */ onSystemReady()575 void onSystemReady(); 576 577 /** 578 * Callback when a storage volume is mounted, so that all packages on it become available. 579 * 580 * @param volumeUuid the UUID of the storage volume 581 * @param fingerprintChanged whether the current build fingerprint is different from what it was 582 * when this volume was last mounted 583 */ onStorageVolumeMounted(@onNull String volumeUuid, boolean fingerprintChanged)584 void onStorageVolumeMounted(@NonNull String volumeUuid, boolean fingerprintChanged); 585 586 /** 587 * Get the GIDs computed from the permission state of a UID, either a package or a shared user. 588 * 589 * @param uid the UID 590 * @return the GIDs for the UID 591 */ 592 @NonNull getGidsForUid(int uid)593 int[] getGidsForUid(int uid); 594 595 /** 596 * Callback when a user has been created. 597 * 598 * @param userId the created user ID 599 */ onUserCreated(@serIdInt int userId)600 void onUserCreated(@UserIdInt int userId); 601 602 /** 603 * Callback when a user has been removed. 604 * 605 * @param userId the removed user ID 606 */ onUserRemoved(@serIdInt int userId)607 void onUserRemoved(@UserIdInt int userId); 608 609 /** 610 * Callback when a package has been added. 611 * 612 * @param packageState the added package 613 * @param isInstantApp whether the added package is an instant app 614 * @param oldPkg the old package, or {@code null} if none 615 */ onPackageAdded(@onNull PackageState packageState, boolean isInstantApp, @Nullable AndroidPackage oldPkg)616 void onPackageAdded(@NonNull PackageState packageState, boolean isInstantApp, 617 @Nullable AndroidPackage oldPkg); 618 619 /** 620 * Callback when a package has been installed for a user. 621 * 622 * @param pkg the installed package 623 * @param previousAppId the previous app ID if the package is leaving a shared UID, 624 * or Process.INVALID_UID 625 * @param params the parameters passed in for package installation 626 * @param userId the user ID this package is installed for 627 */ onPackageInstalled(@onNull AndroidPackage pkg, int previousAppId, @NonNull PermissionManagerServiceInternal.PackageInstalledParams params, @UserIdInt int userId)628 void onPackageInstalled(@NonNull AndroidPackage pkg, int previousAppId, 629 @NonNull PermissionManagerServiceInternal.PackageInstalledParams params, 630 @UserIdInt int userId); 631 632 /** 633 * Callback when a package has been removed. 634 * 635 * @param pkg the removed package 636 */ onPackageRemoved(@onNull AndroidPackage pkg)637 void onPackageRemoved(@NonNull AndroidPackage pkg); 638 639 /** 640 * Callback when a package has been uninstalled. 641 * <p> 642 * The package may have been fully removed from the system, or only marked as uninstalled for 643 * this user but still installed for other users. 644 * 645 * @param packageName the name of the uninstalled package 646 * @param appId the app ID of the uninstalled package 647 * @param packageState the uninstalled package 648 * @param pkg the uninstalled package 649 * @param sharedUserPkgs the packages that are in the same shared user 650 * @param userId the user ID the package is uninstalled for 651 */ onPackageUninstalled(@onNull String packageName, int appId, @NonNull PackageState packageState, @Nullable AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId)652 void onPackageUninstalled(@NonNull String packageName, int appId, 653 @NonNull PackageState packageState, @Nullable AndroidPackage pkg, 654 @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId); 655 } 656