xref: /frameworks/base/services/core/java/com/android/server/pm/permission/PermissionSettings.java

/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.server.pm.permission;

import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
import android.content.pm.PackageParser;
import android.util.ArrayMap;
import android.util.ArraySet;
import android.util.Log;

import com.android.internal.R;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.util.XmlUtils;
import com.android.server.pm.DumpState;
import com.android.server.pm.PackageManagerService;

import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlSerializer;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
import java.util.Set;

/**
 * Permissions and other related data. This class is not meant for
 * direct access outside of the permission package with the sole exception
 * of package settings. Instead, it should be reference either from the
 * permission manager or package settings.
 */
public class PermissionSettings {

    public final boolean mPermissionReviewRequired;

    /**
     * All of the permissions known to the system. The mapping is from permission
     * name to permission object.
     */
    @GuardedBy("mLock")
    final ArrayMap<String, BasePermission> mPermissions =
            new ArrayMap<String, BasePermission>();

    /**
     * All permission trees known to the system. The mapping is from permission tree
     * name to permission object.
     */
    @GuardedBy("mLock")
    final ArrayMap<String, BasePermission> mPermissionTrees =
            new ArrayMap<String, BasePermission>();

    /**
     * All permisson groups know to the system. The mapping is from permission group
     * name to permission group object.
     */
    @GuardedBy("mLock")
    final ArrayMap<String, PackageParser.PermissionGroup> mPermissionGroups =
            new ArrayMap<String, PackageParser.PermissionGroup>();

    /**
     * Set of packages that request a particular app op. The mapping is from permission
     * name to package names.
     */
    @GuardedBy("mLock")
    final ArrayMap<String, ArraySet<String>> mAppOpPermissionPackages = new ArrayMap<>();

    private final Object mLock;

    PermissionSettings(@NonNull Context context, @NonNull Object lock) {
        mPermissionReviewRequired =
                context.getResources().getBoolean(R.bool.config_permissionReviewRequired);
        mLock = lock;
    }

    public @Nullable BasePermission getPermission(@NonNull String permName) {
        synchronized (mLock) {
            return getPermissionLocked(permName);
        }
    }

    public void addAppOpPackage(String permName, String packageName) {
        ArraySet<String> pkgs = mAppOpPermissionPackages.get(permName);
        if (pkgs == null) {
            pkgs = new ArraySet<>();
            mAppOpPermissionPackages.put(permName, pkgs);
        }
        pkgs.add(packageName);
    }

    /**
     * Transfers ownership of permissions from one package to another.
     */
    public void transferPermissions(String origPackageName, String newPackageName) {
        synchronized (mLock) {
            for (int i=0; i<2; i++) {
                ArrayMap<String, BasePermission> permissions =
                        i == 0 ? mPermissionTrees : mPermissions;
                for (BasePermission bp : permissions.values()) {
                    bp.transfer(origPackageName, newPackageName);
                }
            }
        }
    }

    public boolean canPropagatePermissionToInstantApp(String permName) {
        synchronized (mLock) {
            final BasePermission bp = mPermissions.get(permName);
            return (bp != null && (bp.isRuntime() || bp.isDevelopment()) && bp.isInstant());
        }
    }

    public void readPermissions(XmlPullParser parser) throws IOException, XmlPullParserException {
        synchronized (mLock) {
            readPermissions(mPermissions, parser);
        }
    }

    public void readPermissionTrees(XmlPullParser parser)
            throws IOException, XmlPullParserException {
        synchronized (mLock) {
            readPermissions(mPermissionTrees, parser);
        }
    }

    public void writePermissions(XmlSerializer serializer) throws IOException {
        synchronized (mLock) {
            for (BasePermission bp : mPermissions.values()) {
                bp.writeLPr(serializer);
            }
        }
    }

    public void writePermissionTrees(XmlSerializer serializer) throws IOException {
        synchronized (mLock) {
            for (BasePermission bp : mPermissionTrees.values()) {
                bp.writeLPr(serializer);
            }
        }
    }

    public static void readPermissions(ArrayMap<String, BasePermission> out, XmlPullParser parser)
            throws IOException, XmlPullParserException {
        int outerDepth = parser.getDepth();
        int type;
        while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
                && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
            if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
                continue;
            }

            if (!BasePermission.readLPw(out, parser)) {
                PackageManagerService.reportSettingsProblem(Log.WARN,
                        "Unknown element reading permissions: " + parser.getName() + " at "
                                + parser.getPositionDescription());
            }
            XmlUtils.skipCurrentTag(parser);
        }
    }

    public void dumpPermissions(PrintWriter pw, String packageName,
            ArraySet<String> permissionNames, boolean externalStorageEnforced,
            DumpState dumpState) {
        synchronized (mLock) {
            boolean printedSomething = false;
            for (BasePermission bp : mPermissions.values()) {
                printedSomething = bp.dumpPermissionsLPr(pw, packageName, permissionNames,
                        externalStorageEnforced, printedSomething, dumpState);
            }
            if (packageName == null && permissionNames == null) {
                for (int iperm = 0; iperm<mAppOpPermissionPackages.size(); iperm++) {
                    if (iperm == 0) {
                        if (dumpState.onTitlePrinted())
                            pw.println();
                        pw.println("AppOp Permissions:");
                    }
                    pw.print("  AppOp Permission ");
                    pw.print(mAppOpPermissionPackages.keyAt(iperm));
                    pw.println(":");
                    ArraySet<String> pkgs = mAppOpPermissionPackages.valueAt(iperm);
                    for (int ipkg=0; ipkg<pkgs.size(); ipkg++) {
                        pw.print("    "); pw.println(pkgs.valueAt(ipkg));
                    }
                }
            }
        }
    }

    @GuardedBy("mLock")
    @Nullable BasePermission getPermissionLocked(@NonNull String permName) {
        return mPermissions.get(permName);
    }

    @GuardedBy("mLock")
    @Nullable BasePermission getPermissionTreeLocked(@NonNull String permName) {
        return mPermissionTrees.get(permName);
    }

    @GuardedBy("mLock")
    void putPermissionLocked(@NonNull String permName, @NonNull BasePermission permission) {
        mPermissions.put(permName, permission);
    }

    @GuardedBy("mLock")
    void putPermissionTreeLocked(@NonNull String permName, @NonNull BasePermission permission) {
        mPermissionTrees.put(permName, permission);
    }

    @GuardedBy("mLock")
    void removePermissionLocked(@NonNull String permName) {
        mPermissions.remove(permName);
    }

    @GuardedBy("mLock")
    void removePermissionTreeLocked(@NonNull String permName) {
        mPermissionTrees.remove(permName);
    }

    @GuardedBy("mLock")
    @NonNull Collection<BasePermission> getAllPermissionsLocked() {
        return mPermissions.values();
    }

    @GuardedBy("mLock")
    @NonNull Collection<BasePermission> getAllPermissionTreesLocked() {
        return mPermissionTrees.values();
    }

    /**
     * Returns the permission tree for the given permission.
     * @throws SecurityException If the calling UID is not allowed to add permissions to the
     * found permission tree.
     */
    @Nullable BasePermission enforcePermissionTree(@NonNull String permName, int callingUid) {
        synchronized (mLock) {
            return BasePermission.enforcePermissionTree(
                    mPermissionTrees.values(), permName, callingUid);
        }
    }

    public boolean isPermissionInstant(String permName) {
        synchronized (mLock) {
            final BasePermission bp = mPermissions.get(permName);
            return (bp != null && bp.isInstant());
        }
    }

    boolean isPermissionAppOp(String permName) {
        synchronized (mLock) {
            final BasePermission bp = mPermissions.get(permName);
            return (bp != null && bp.isAppOp());
        }
    }

}