core/java/android/content/PermissionChecker.java - platform/frameworks/base - Git at Google

 /*
  * Copyright (C) 2018 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.content;

 import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.app.AppOpsManager;
 import android.content.pm.PackageManager;
 import android.os.Binder;
 import android.os.Process;

 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;

 /**
  * This class provides permission check APIs that verify both the
  * permission and the associated app op for this permission if
  * such is defined.
  * <p>
  * In the new permission model permissions with protection level
  * dangerous are runtime permissions. For apps targeting {@link android.os.Build.VERSION_CODES#M}
  * and above the user may not grant such permissions or revoke
  * them at any time. For apps targeting API lower than {@link android.os.Build.VERSION_CODES#M}
  * these permissions are always granted as such apps do not expect
  * permission revocations and would crash. Therefore, when the
  * user disables a permission for a legacy app in the UI the
  * platform disables the APIs guarded by this permission making
  * them a no-op which is doing nothing or returning an empty
  * result or default error.
  * </p>
  * <p>
  * It is important that when you perform an operation on behalf of
  * another app you use these APIs to check for permissions as the
  * app may be a legacy app that does not participate in the new
  * permission model for which the user had disabled the "permission"
  * which is achieved by disallowing the corresponding app op.
  * </p>
  *
  * @hide
  */
 public final class PermissionChecker {
     /** Permission result: The permission is granted. */
     public static final int PERMISSION_GRANTED =  PackageManager.PERMISSION_GRANTED;

     /** Permission result: The permission is denied. */
     public static final int PERMISSION_DENIED =  PackageManager.PERMISSION_DENIED;

     /** Permission result: The permission is denied because the app op is not allowed. */
     public static final int PERMISSION_DENIED_APP_OP =  PackageManager.PERMISSION_DENIED  - 1;

     /** @hide */
     @IntDef({PERMISSION_GRANTED,
             PERMISSION_DENIED,
             PERMISSION_DENIED_APP_OP})
     @Retention(RetentionPolicy.SOURCE)
     public @interface PermissionResult {}

     private PermissionChecker() {
         /* do nothing */
     }

     /**
      * Checks whether a given package in a UID and PID has a given permission
      * and whether the app op that corresponds to this permission is allowed.
      *
      * @param context Context for accessing resources.
      * @param permission The permission to check.
      * @param pid The process id for which to check.
      * @param uid The uid for which to check.
      * @param packageName The package name for which to check. If null the
      *     the first package for the calling UID will be used.
      * @return The permission check result which is either {@link #PERMISSION_GRANTED}
      *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
      */
     @PermissionResult
     public static int checkPermission(@NonNull Context context, @NonNull String permission,
             int pid, int uid, @Nullable String packageName) {
         if (context.checkPermission(permission, pid, uid) == PackageManager.PERMISSION_DENIED) {
             return PERMISSION_DENIED;
         }

         AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);
         String op = appOpsManager.permissionToOp(permission);
         if (op == null) {
             return PERMISSION_GRANTED;
         }

         if (packageName == null) {
             String[] packageNames = context.getPackageManager().getPackagesForUid(uid);
             if (packageNames == null || packageNames.length <= 0) {
                 return PERMISSION_DENIED;
             }
             packageName = packageNames[0];
         }

         if (appOpsManager.noteProxyOpNoThrow(op, packageName)
                 != AppOpsManager.MODE_ALLOWED) {
             return PERMISSION_DENIED_APP_OP;
         }

         return PERMISSION_GRANTED;
     }

     /**
      * Checks whether your app has a given permission and whether the app op
      * that corresponds to this permission is allowed.
      *
      * @param context Context for accessing resources.
      * @param permission The permission to check.
      * @return The permission check result which is either {@link #PERMISSION_GRANTED}
      *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
      */
     @PermissionResult
     public static int checkSelfPermission(@NonNull Context context,
             @NonNull String permission) {
         return checkPermission(context, permission, Process.myPid(),
                 Process.myUid(), context.getPackageName());
     }

     /**
      * Checks whether the IPC you are handling has a given permission and whether
      * the app op that corresponds to this permission is allowed.
      *
      * @param context Context for accessing resources.
      * @param permission The permission to check.
      * @param packageName The package name making the IPC. If null the
      *     the first package for the calling UID will be used.
      * @return The permission check result which is either {@link #PERMISSION_GRANTED}
      *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
      */
     @PermissionResult
     public static int checkCallingPermission(@NonNull Context context,
             @NonNull String permission, @Nullable String packageName) {
         if (Binder.getCallingPid() == Process.myPid()) {
             return PERMISSION_DENIED;
         }
         return checkPermission(context, permission, Binder.getCallingPid(),
                 Binder.getCallingUid(), packageName);
     }

     /**
      * Checks whether the IPC you are handling or your app has a given permission
      * and whether the app op that corresponds to this permission is allowed.
      *
      * @param context Context for accessing resources.
      * @param permission The permission to check.
      * @return The permission check result which is either {@link #PERMISSION_GRANTED}
      *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
      */
     @PermissionResult
     public static int checkCallingOrSelfPermission(@NonNull Context context,
             @NonNull String permission) {
         String packageName = (Binder.getCallingPid() == Process.myPid())
                 ? context.getPackageName() : null;
         return checkPermission(context, permission, Binder.getCallingPid(),
                 Binder.getCallingUid(), packageName);
     }
 }
	/*
	* Copyright (C) 2018 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.content;

	import android.annotation.IntDef;
	import android.annotation.NonNull;
	import android.annotation.Nullable;
	import android.app.AppOpsManager;
	import android.content.pm.PackageManager;
	import android.os.Binder;
	import android.os.Process;

	import java.lang.annotation.Retention;
	import java.lang.annotation.RetentionPolicy;

	/**
	* This class provides permission check APIs that verify both the
	* permission and the associated app op for this permission if
	* such is defined.
	* <p>
	* In the new permission model permissions with protection level
	* dangerous are runtime permissions. For apps targeting {@link android.os.Build.VERSION_CODES#M}
	* and above the user may not grant such permissions or revoke
	* them at any time. For apps targeting API lower than {@link android.os.Build.VERSION_CODES#M}
	* these permissions are always granted as such apps do not expect
	* permission revocations and would crash. Therefore, when the
	* user disables a permission for a legacy app in the UI the
	* platform disables the APIs guarded by this permission making
	* them a no-op which is doing nothing or returning an empty
	* result or default error.
	* </p>
	* <p>
	* It is important that when you perform an operation on behalf of
	* another app you use these APIs to check for permissions as the
	* app may be a legacy app that does not participate in the new
	* permission model for which the user had disabled the "permission"
	* which is achieved by disallowing the corresponding app op.
	* </p>
	*
	* @hide
	*/
	public final class PermissionChecker {
	/** Permission result: The permission is granted. */
	public static final int PERMISSION_GRANTED = PackageManager.PERMISSION_GRANTED;

	/** Permission result: The permission is denied. */
	public static final int PERMISSION_DENIED = PackageManager.PERMISSION_DENIED;

	/** Permission result: The permission is denied because the app op is not allowed. */
	public static final int PERMISSION_DENIED_APP_OP = PackageManager.PERMISSION_DENIED - 1;

	/** @hide */
	@IntDef({PERMISSION_GRANTED,
	PERMISSION_DENIED,
	PERMISSION_DENIED_APP_OP})
	@Retention(RetentionPolicy.SOURCE)
	public @interface PermissionResult {}

	private PermissionChecker() {
	/* do nothing */
	}

	/**
	* Checks whether a given package in a UID and PID has a given permission
	* and whether the app op that corresponds to this permission is allowed.
	*
	* @param context Context for accessing resources.
	* @param permission The permission to check.
	* @param pid The process id for which to check.
	* @param uid The uid for which to check.
	* @param packageName The package name for which to check. If null the
	* the first package for the calling UID will be used.
	* @return The permission check result which is either {@link #PERMISSION_GRANTED}
	* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
	*/
	@PermissionResult
	public static int checkPermission(@NonNull Context context, @NonNull String permission,
	int pid, int uid, @Nullable String packageName) {
	if (context.checkPermission(permission, pid, uid) == PackageManager.PERMISSION_DENIED) {
	return PERMISSION_DENIED;
	}

	AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);
	String op = appOpsManager.permissionToOp(permission);
	if (op == null) {
	return PERMISSION_GRANTED;
	}

	if (packageName == null) {
	String[] packageNames = context.getPackageManager().getPackagesForUid(uid);
	if (packageNames == null \|\| packageNames.length <= 0) {
	return PERMISSION_DENIED;
	}
	packageName = packageNames[0];
	}

	if (appOpsManager.noteProxyOpNoThrow(op, packageName)
	!= AppOpsManager.MODE_ALLOWED) {
	return PERMISSION_DENIED_APP_OP;
	}

	return PERMISSION_GRANTED;
	}

	/**
	* Checks whether your app has a given permission and whether the app op
	* that corresponds to this permission is allowed.
	*
	* @param context Context for accessing resources.
	* @param permission The permission to check.
	* @return The permission check result which is either {@link #PERMISSION_GRANTED}
	* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
	*/
	@PermissionResult
	public static int checkSelfPermission(@NonNull Context context,
	@NonNull String permission) {
	return checkPermission(context, permission, Process.myPid(),
	Process.myUid(), context.getPackageName());
	}

	/**
	* Checks whether the IPC you are handling has a given permission and whether
	* the app op that corresponds to this permission is allowed.
	*
	* @param context Context for accessing resources.
	* @param permission The permission to check.
	* @param packageName The package name making the IPC. If null the
	* the first package for the calling UID will be used.
	* @return The permission check result which is either {@link #PERMISSION_GRANTED}
	* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
	*/
	@PermissionResult
	public static int checkCallingPermission(@NonNull Context context,
	@NonNull String permission, @Nullable String packageName) {
	if (Binder.getCallingPid() == Process.myPid()) {
	return PERMISSION_DENIED;
	}
	return checkPermission(context, permission, Binder.getCallingPid(),
	Binder.getCallingUid(), packageName);
	}

	/**
	* Checks whether the IPC you are handling or your app has a given permission
	* and whether the app op that corresponds to this permission is allowed.
	*
	* @param context Context for accessing resources.
	* @param permission The permission to check.
	* @return The permission check result which is either {@link #PERMISSION_GRANTED}
	* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
	*/
	@PermissionResult
	public static int checkCallingOrSelfPermission(@NonNull Context context,
	@NonNull String permission) {
	String packageName = (Binder.getCallingPid() == Process.myPid())
	? context.getPackageName() : null;
	return checkPermission(context, permission, Binder.getCallingPid(),
	Binder.getCallingUid(), packageName);
	}
	}