diff options
Diffstat (limited to 'libs/permission/include/android/permission/PermissionChecker.h')
| -rw-r--r-- | libs/permission/include/android/permission/PermissionChecker.h | 206 |
1 files changed, 206 insertions, 0 deletions
diff --git a/libs/permission/include/android/permission/PermissionChecker.h b/libs/permission/include/android/permission/PermissionChecker.h new file mode 100644 index 0000000000..21515e3bbd --- /dev/null +++ b/libs/permission/include/android/permission/PermissionChecker.h @@ -0,0 +1,206 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <android/content/AttributionSourceState.h> +#include <android/permission/IPermissionChecker.h> + +#include <utils/threads.h> + +#include <optional> + +#ifdef __ANDROID_VNDK__ +#error "This header is not visible to vendors" +#endif + +// --------------------------------------------------------------------------- +namespace android { + +namespace permission { + +using android::content::AttributionSourceState; +using android::permission::IPermissionChecker; + +class PermissionChecker +{ +public: + + enum PermissionResult { + + /** + * The permission is granted. + */ + PERMISSION_GRANTED = IPermissionChecker::PERMISSION_GRANTED, + + /** + * The permission is denied. Applicable only to runtime and app op permissions. + * + * Returned when: + * - the runtime permission is granted, but the corresponding app op is denied + * for runtime permissions. + * - the app ops is ignored for app op permissions. + * + */ + PERMISSION_SOFT_DENIED = IPermissionChecker::PERMISSION_SOFT_DENIED, + + /** + * The permission is denied. + * + * Returned when: + * - the permission is denied for non app op permissions. + * - the app op is denied or app op is AppOpsManager#MODE_DEFAULT and permission is denied. + */ + PERMISSION_HARD_DENIED = IPermissionChecker::PERMISSION_HARD_DENIED + }; + + PermissionChecker(); + + /** + * Checks whether a given data access chain described by the given attribution source + * has a given permission and whether the app op that corresponds to this permission + * is allowed. Call this method if you are the datasource which would not blame you for + * access to the data since you are the data. Use this API if you are the datasource of + * the protected state. + * + * NOTE: The attribution source should be for yourself with its next attribution + * source being the app that would receive the data from you. + * + * NOTE: Use this method only for permission checks at the point where you will deliver + * the permission protected data to clients. + * + * @param permission The permission to check. + * @param attributionSource The attribution chain to check. + * @param message A message describing the reason the permission was checked. + * @param attributedOpCode The op code towards which to blame the access. If this + * is a valid app op the op corresponding to the checked permission (if such) + * would only be checked to ensure it is allowed and if that succeeds the + * noting would be against the attributed op. + * @return The permission check result which is either PERMISSION_GRANTED, + * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. + */ + PermissionChecker::PermissionResult checkPermissionForDataDeliveryFromDatasource( + const String16& permission, const AttributionSourceState& attributionSource, + const String16& message, int32_t attributedOpCode); + + /** + * Checks whether a given data access chain described by the given attribution source + * has a given permission and whether the app op that corresponds to this permission + * is allowed. The app ops are not noted/started. + * + * NOTE: Use this method only for permission checks at the preflight point where you + * will not deliver the permission protected data to clients but schedule permission + * data delivery, apps register listeners, etc. + * + * @param permission The permission to check. + * @param attributionSource The attribution chain to check. + * @param message A message describing the reason the permission was checked. + * @param attributedOpCode The op code towards which to blame the access. If this + * is a valid app op the op corresponding to the checked permission (if such) + * would only be checked to ensure it is allowed and if that succeeds the + * starting would be against the attributed op. + * @return The permission check result which is either PERMISSION_GRANTED, + * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. + */ + PermissionResult checkPermissionForPreflight( + const String16& permission, const AttributionSourceState& attributionSource, + const String16& message, int32_t attributedOpCode); + + /** + * Checks whether a given data access chain described by the given attribution source + * has a given permission and whether the app op that corresponds to this permission + * is allowed. The app ops are not noted/started. + * + * NOTE: The attribution source should be for yourself with its next attribution + * source being the app that would receive the data from you. + * + * NOTE: Use this method only for permission checks at the preflight point where you + * will not deliver the permission protected data to clients but schedule permission + * data delivery, apps register listeners, etc. + * + * @param permission The permission to check. + * @param attributionSource The attribution chain to check. + * @param message A message describing the reason the permission was checked. + * @param attributedOpCode The op code towards which to blame the access. If this + * is a valid app op the op corresponding to the checked permission (if such) + * would only be checked to ensure it is allowed and if that succeeds the + * starting would be against the attributed op. + * @return The permission check result which is either PERMISSION_GRANTED, + * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. + */ + PermissionResult checkPermissionForPreflightFromDatasource( + const String16& permission, const AttributionSourceState& attributionSource, + const String16& message, int32_t attributedOpCode); + + /** + * Checks whether a given data access chain described by the given attribution source + * has a given permission and whether the app op that corresponds to this permission + * is allowed. The app ops are also marked as started. This is useful for long running + * permissions like camera and microphone. Use this API if you are the datasource of + * the protected state. + * + * NOTE: The attribution source should be for yourself with its next attribution + * source being the app that would receive the data from you. + * + * NOTE: Use this method only for permission checks at the point where you will deliver + * the permission protected data to clients. + * + * @param permission The permission to check. + * @param attributionSource The attribution chain to check. + * @param message A message describing the reason the permission was checked. + * @param attributedOpCode The op code towards which to blame the access. If this + * is a valid app op the op corresponding to the checked permission (if such) + * would only be checked to ensure it is allowed and if that succeeds the + * starting would be against the attributed op. + * @return The permission check result which is either PERMISSION_GRANTED, + * or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED. + */ + PermissionResult checkPermissionForStartDataDeliveryFromDatasource( + const String16& permission, const AttributionSourceState& attributionSource, + const String16& message, int32_t attributedOpCode); + + /** + * Finishes an ongoing op for data access chain described by the given + * attribution source. Use this API if you are the datasource of the protected + * state. Use this API if you are the datasource of the protected state. + * + * NOTE: The attribution source should be for yourself with its next attribution + * source being the app that would receive the data from you. + * + * @param op The op to finish. + * @param attributionSource The attribution chain for which to finish data delivery. + * @param attributedOpCode The op code towards which to blame the access. If this + * is a valid app op it is the op that would be finished. + */ + void finishDataDeliveryFromDatasource(int32_t op, + const AttributionSourceState& attributionSource); + +private: + Mutex mLock; + sp<IPermissionChecker> mService; + sp<IPermissionChecker> getService(); + + PermissionResult checkPermission(const String16& permission, + const AttributionSourceState& attributionSource, + const String16& message, bool forDataDelivery, bool startDataDelivery, + bool fromDatasource, int32_t attributedOpCode); +}; + +} // namespace permission + +} // namespace android + +// --------------------------------------------------------------------------- |