/*
* Copyright (C) 2006 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.am;
import android.content.Intent;
import android.os.Binder;
import android.os.UserHandle;
import android.util.ArraySet;
import android.util.Log;
import android.util.Slog;
import com.android.server.am.ActivityManagerService.GrantUri;
import com.google.android.collect.Sets;
import java.io.PrintWriter;
import java.util.Comparator;
/**
* Description of a permission granted to an app to access a particular URI.
*
* CTS tests for this functionality can be run with "runtest cts-appsecurity".
*
* Test cases are at cts/tests/appsecurity-tests/test-apps/UsePermissionDiffCert/
* src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
*/
final class UriPermission {
private static final String TAG = "UriPermission";
public static final int STRENGTH_NONE = 0;
public static final int STRENGTH_OWNED = 1;
public static final int STRENGTH_GLOBAL = 2;
public static final int STRENGTH_PERSISTABLE = 3;
final int targetUserId;
final String sourcePkg;
final String targetPkg;
/** Cached UID of {@link #targetPkg}; should not be persisted */
final int targetUid;
final GrantUri uri;
/**
* Allowed modes. All permission enforcement should use this field. Must
* always be a combination of {@link #ownedModeFlags},
* {@link #globalModeFlags}, {@link #persistableModeFlags}, and
* {@link #persistedModeFlags}. Mutations must only be performed by
* the owning class.
*/
int modeFlags = 0;
/** Allowed modes with active owner. */
int ownedModeFlags = 0;
/** Allowed modes without explicit owner. */
int globalModeFlags = 0;
/** Allowed modes that have been offered for possible persisting. */
int persistableModeFlags = 0;
/** Allowed modes that should be persisted across device boots. */
int persistedModeFlags = 0;
/**
* Timestamp when {@link #persistedModeFlags} was first defined in
* {@link System#currentTimeMillis()} time base.
*/
long persistedCreateTime = INVALID_TIME;
private static final long INVALID_TIME = Long.MIN_VALUE;
private ArraySet mReadOwners;
private ArraySet mWriteOwners;
private String stringName;
UriPermission(String sourcePkg, String targetPkg, int targetUid, GrantUri uri) {
this.targetUserId = UserHandle.getUserId(targetUid);
this.sourcePkg = sourcePkg;
this.targetPkg = targetPkg;
this.targetUid = targetUid;
this.uri = uri;
}
private void updateModeFlags() {
final int oldModeFlags = modeFlags;
modeFlags = ownedModeFlags | globalModeFlags | persistableModeFlags | persistedModeFlags;
if (Log.isLoggable(TAG, Log.VERBOSE) && (modeFlags != oldModeFlags)) {
Slog.d(TAG,
"Permission for " + targetPkg + " to " + uri + " is changing from 0x"
+ Integer.toHexString(oldModeFlags) + " to 0x"
+ Integer.toHexString(modeFlags) + " via calling UID "
+ Binder.getCallingUid() + " PID " + Binder.getCallingPid(),
new Throwable());
}
}
/**
* Initialize persisted modes as read from file. This doesn't issue any
* global or owner grants.
*/
void initPersistedModes(int modeFlags, long createdTime) {
modeFlags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
persistableModeFlags = modeFlags;
persistedModeFlags = modeFlags;
persistedCreateTime = createdTime;
updateModeFlags();
}
void grantModes(int modeFlags, UriPermissionOwner owner) {
final boolean persistable = (modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0;
modeFlags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
if (persistable) {
persistableModeFlags |= modeFlags;
}
if (owner == null) {
globalModeFlags |= modeFlags;
} else {
if ((modeFlags & Intent.FLAG_GRANT_READ_URI_PERMISSION) != 0) {
addReadOwner(owner);
}
if ((modeFlags & Intent.FLAG_GRANT_WRITE_URI_PERMISSION) != 0) {
addWriteOwner(owner);
}
}
updateModeFlags();
}
/**
* @return if mode changes should trigger persisting.
*/
boolean takePersistableModes(int modeFlags) {
modeFlags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
if ((modeFlags & persistableModeFlags) != modeFlags) {
Slog.w(TAG, "Requested flags 0x"
+ Integer.toHexString(modeFlags) + ", but only 0x"
+ Integer.toHexString(persistableModeFlags) + " are allowed");
return false;
}
final int before = persistedModeFlags;
persistedModeFlags |= (persistableModeFlags & modeFlags);
if (persistedModeFlags != 0) {
persistedCreateTime = System.currentTimeMillis();
}
updateModeFlags();
return persistedModeFlags != before;
}
boolean releasePersistableModes(int modeFlags) {
modeFlags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
final int before = persistedModeFlags;
persistableModeFlags &= ~modeFlags;
persistedModeFlags &= ~modeFlags;
if (persistedModeFlags == 0) {
persistedCreateTime = INVALID_TIME;
}
updateModeFlags();
return persistedModeFlags != before;
}
/**
* @return if mode changes should trigger persisting.
*/
boolean revokeModes(int modeFlags, boolean includingOwners) {
final boolean persistable = (modeFlags & Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION) != 0;
modeFlags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
final int before = persistedModeFlags;
if ((modeFlags & Intent.FLAG_GRANT_READ_URI_PERMISSION) != 0) {
if (persistable) {
persistableModeFlags &= ~Intent.FLAG_GRANT_READ_URI_PERMISSION;
persistedModeFlags &= ~Intent.FLAG_GRANT_READ_URI_PERMISSION;
}
globalModeFlags &= ~Intent.FLAG_GRANT_READ_URI_PERMISSION;
if (mReadOwners != null && includingOwners) {
ownedModeFlags &= ~Intent.FLAG_GRANT_READ_URI_PERMISSION;
for (UriPermissionOwner r : mReadOwners) {
r.removeReadPermission(this);
}
mReadOwners = null;
}
}
if ((modeFlags & Intent.FLAG_GRANT_WRITE_URI_PERMISSION) != 0) {
if (persistable) {
persistableModeFlags &= ~Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
persistedModeFlags &= ~Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
}
globalModeFlags &= ~Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
if (mWriteOwners != null && includingOwners) {
ownedModeFlags &= ~Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
for (UriPermissionOwner r : mWriteOwners) {
r.removeWritePermission(this);
}
mWriteOwners = null;
}
}
if (persistedModeFlags == 0) {
persistedCreateTime = INVALID_TIME;
}
updateModeFlags();
return persistedModeFlags != before;
}
/**
* Return strength of this permission grant for the given flags.
*/
public int getStrength(int modeFlags) {
modeFlags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
if ((persistableModeFlags & modeFlags) == modeFlags) {
return STRENGTH_PERSISTABLE;
} else if ((globalModeFlags & modeFlags) == modeFlags) {
return STRENGTH_GLOBAL;
} else if ((ownedModeFlags & modeFlags) == modeFlags) {
return STRENGTH_OWNED;
} else {
return STRENGTH_NONE;
}
}
private void addReadOwner(UriPermissionOwner owner) {
if (mReadOwners == null) {
mReadOwners = Sets.newArraySet();
ownedModeFlags |= Intent.FLAG_GRANT_READ_URI_PERMISSION;
updateModeFlags();
}
if (mReadOwners.add(owner)) {
owner.addReadPermission(this);
}
}
/**
* Remove given read owner, updating {@Link #modeFlags} as needed.
*/
void removeReadOwner(UriPermissionOwner owner) {
if (!mReadOwners.remove(owner)) {
Slog.wtf(TAG, "Unknown read owner " + owner + " in " + this);
}
if (mReadOwners.size() == 0) {
mReadOwners = null;
ownedModeFlags &= ~Intent.FLAG_GRANT_READ_URI_PERMISSION;
updateModeFlags();
}
}
private void addWriteOwner(UriPermissionOwner owner) {
if (mWriteOwners == null) {
mWriteOwners = Sets.newArraySet();
ownedModeFlags |= Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
updateModeFlags();
}
if (mWriteOwners.add(owner)) {
owner.addWritePermission(this);
}
}
/**
* Remove given write owner, updating {@Link #modeFlags} as needed.
*/
void removeWriteOwner(UriPermissionOwner owner) {
if (!mWriteOwners.remove(owner)) {
Slog.wtf(TAG, "Unknown write owner " + owner + " in " + this);
}
if (mWriteOwners.size() == 0) {
mWriteOwners = null;
ownedModeFlags &= ~Intent.FLAG_GRANT_WRITE_URI_PERMISSION;
updateModeFlags();
}
}
@Override
public String toString() {
if (stringName != null) {
return stringName;
}
StringBuilder sb = new StringBuilder(128);
sb.append("UriPermission{");
sb.append(Integer.toHexString(System.identityHashCode(this)));
sb.append(' ');
sb.append(uri);
sb.append('}');
return stringName = sb.toString();
}
void dump(PrintWriter pw, String prefix) {
pw.print(prefix);
pw.print("targetUserId=" + targetUserId);
pw.print(" sourcePkg=" + sourcePkg);
pw.println(" targetPkg=" + targetPkg);
pw.print(prefix);
pw.print("mode=0x" + Integer.toHexString(modeFlags));
pw.print(" owned=0x" + Integer.toHexString(ownedModeFlags));
pw.print(" global=0x" + Integer.toHexString(globalModeFlags));
pw.print(" persistable=0x" + Integer.toHexString(persistableModeFlags));
pw.print(" persisted=0x" + Integer.toHexString(persistedModeFlags));
if (persistedCreateTime != INVALID_TIME) {
pw.print(" persistedCreate=" + persistedCreateTime);
}
pw.println();
if (mReadOwners != null) {
pw.print(prefix);
pw.println("readOwners:");
for (UriPermissionOwner owner : mReadOwners) {
pw.print(prefix);
pw.println(" * " + owner);
}
}
if (mWriteOwners != null) {
pw.print(prefix);
pw.println("writeOwners:");
for (UriPermissionOwner owner : mReadOwners) {
pw.print(prefix);
pw.println(" * " + owner);
}
}
}
public static class PersistedTimeComparator implements Comparator {
@Override
public int compare(UriPermission lhs, UriPermission rhs) {
return Long.compare(lhs.persistedCreateTime, rhs.persistedCreateTime);
}
}
/**
* Snapshot of {@link UriPermission} with frozen
* {@link UriPermission#persistedModeFlags} state.
*/
public static class Snapshot {
final int targetUserId;
final String sourcePkg;
final String targetPkg;
final GrantUri uri;
final int persistedModeFlags;
final long persistedCreateTime;
private Snapshot(UriPermission perm) {
this.targetUserId = perm.targetUserId;
this.sourcePkg = perm.sourcePkg;
this.targetPkg = perm.targetPkg;
this.uri = perm.uri;
this.persistedModeFlags = perm.persistedModeFlags;
this.persistedCreateTime = perm.persistedCreateTime;
}
}
public Snapshot snapshot() {
return new Snapshot(this);
}
public android.content.UriPermission buildPersistedPublicApiObject() {
return new android.content.UriPermission(uri.uri, persistedModeFlags, persistedCreateTime);
}
}