services/core/java/com/android/server/slice/SliceManagerService.java - platform/frameworks/base - Git at Google

 /*
  * Copyright (C) 2017 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.server.slice;

 import static android.app.usage.UsageEvents.Event.SLICE_PINNED;
 import static android.app.usage.UsageEvents.Event.SLICE_PINNED_PRIV;
 import static android.content.ContentProvider.getUriWithoutUserId;
 import static android.content.ContentProvider.getUserIdFromUri;
 import static android.content.ContentProvider.maybeAddUserId;
 import static android.content.pm.PackageManager.PERMISSION_DENIED;
 import static android.content.pm.PackageManager.PERMISSION_GRANTED;
 import static android.os.Process.SYSTEM_UID;

 import android.Manifest.permission;
 import android.app.ActivityManager;
 import android.app.AppOpsManager;
 import android.app.ContentProviderHolder;
 import android.app.IActivityManager;
 import android.app.slice.ISliceManager;
 import android.app.slice.SliceSpec;
 import android.app.usage.UsageStatsManagerInternal;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
 import android.content.ContentProvider;
 import android.content.ContentResolver;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManagerInternal;
 import android.content.pm.ProviderInfo;
 import android.content.pm.ResolveInfo;
 import android.net.Uri;
 import android.os.Binder;
 import android.os.Handler;
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.ResultReceiver;
 import android.os.ShellCallback;
 import android.os.UserHandle;
 import android.util.ArrayMap;
 import android.util.Slog;
 import android.util.SparseArray;
 import android.util.Xml.Encoding;

 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.app.AssistUtils;
 import com.android.internal.util.Preconditions;
 import com.android.server.LocalServices;
 import com.android.server.ServiceThread;
 import com.android.server.SystemService;

 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlPullParserFactory;
 import org.xmlpull.v1.XmlSerializer;

 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FileDescriptor;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
 import java.util.function.Supplier;

 public class SliceManagerService extends ISliceManager.Stub {

     private static final String TAG = "SliceManagerService";
     private final Object mLock = new Object();

     private final Context mContext;
     private final PackageManagerInternal mPackageManagerInternal;
     private final AppOpsManager mAppOps;
     private final AssistUtils mAssistUtils;

     @GuardedBy("mLock")
     private final ArrayMap<Uri, PinnedSliceState> mPinnedSlicesByUri = new ArrayMap<>();
     @GuardedBy("mLock")
     private final SparseArray<PackageMatchingCache> mAssistantLookup = new SparseArray<>();
     @GuardedBy("mLock")
     private final SparseArray<PackageMatchingCache> mHomeLookup = new SparseArray<>();
     private final Handler mHandler;

     private final SlicePermissionManager mPermissions;
     private final UsageStatsManagerInternal mAppUsageStats;

     public SliceManagerService(Context context) {
         this(context, createHandler().getLooper());
     }

     @VisibleForTesting
     SliceManagerService(Context context, Looper looper) {
         mContext = context;
         mPackageManagerInternal = Preconditions.checkNotNull(
                 LocalServices.getService(PackageManagerInternal.class));
         mAppOps = context.getSystemService(AppOpsManager.class);
         mAssistUtils = new AssistUtils(context);
         mHandler = new Handler(looper);

         mAppUsageStats = LocalServices.getService(UsageStatsManagerInternal.class);

         mPermissions = new SlicePermissionManager(mContext, looper);

         IntentFilter filter = new IntentFilter();
         filter.addAction(Intent.ACTION_PACKAGE_DATA_CLEARED);
         filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
         filter.addDataScheme("package");
         mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
     }

     ///  ----- Lifecycle stuff -----
     private void systemReady() {
     }

     private void onUnlockUser(int userId) {
     }

     private void onStopUser(int userId) {
         synchronized (mLock) {
             mPinnedSlicesByUri.values().removeIf(s -> getUserIdFromUri(s.getUri()) == userId);
         }
     }

     ///  ----- ISliceManager stuff -----
     @Override
     public Uri[] getPinnedSlices(String pkg) {
         verifyCaller(pkg);
         int callingUser = Binder.getCallingUserHandle().getIdentifier();
         ArrayList<Uri> ret = new ArrayList<>();
         synchronized (mLock) {
             for (PinnedSliceState state : mPinnedSlicesByUri.values()) {
                 if (Objects.equals(pkg, state.getPkg())) {
                     Uri uri = state.getUri();
                     int userId = ContentProvider.getUserIdFromUri(uri, callingUser);
                     if (userId == callingUser) {
                         ret.add(ContentProvider.getUriWithoutUserId(uri));
                     }
                 }
             }
         }
         return ret.toArray(new Uri[ret.size()]);
     }

     @Override
     public void pinSlice(String pkg, Uri uri, SliceSpec[] specs, IBinder token)
             throws RemoteException {
         verifyCaller(pkg);
         enforceAccess(pkg, uri);
         int user = Binder.getCallingUserHandle().getIdentifier();
         uri = maybeAddUserId(uri, user);
         String slicePkg = getProviderPkg(uri, user);
         getOrCreatePinnedSlice(uri, slicePkg).pin(pkg, specs, token);

         mHandler.post(() -> {
             if (slicePkg != null && !Objects.equals(pkg, slicePkg)) {
                 mAppUsageStats.reportEvent(slicePkg, user,
                         isAssistant(pkg, user) || isDefaultHomeApp(pkg, user)
                                 ? SLICE_PINNED_PRIV : SLICE_PINNED);
             }
         });
     }

     @Override
     public void unpinSlice(String pkg, Uri uri, IBinder token) throws RemoteException {
         verifyCaller(pkg);
         enforceAccess(pkg, uri);
         uri = maybeAddUserId(uri, Binder.getCallingUserHandle().getIdentifier());
         if (getPinnedSlice(uri).unpin(pkg, token)) {
             removePinnedSlice(uri);
         }
     }

     @Override
     public boolean hasSliceAccess(String pkg) throws RemoteException {
         verifyCaller(pkg);
         return hasFullSliceAccess(pkg, Binder.getCallingUserHandle().getIdentifier());
     }

     @Override
     public SliceSpec[] getPinnedSpecs(Uri uri, String pkg) throws RemoteException {
         verifyCaller(pkg);
         enforceAccess(pkg, uri);
         uri = maybeAddUserId(uri, Binder.getCallingUserHandle().getIdentifier());
         return getPinnedSlice(uri).getSpecs();
     }

     @Override
     public void grantSlicePermission(String pkg, String toPkg, Uri uri) throws RemoteException {
         verifyCaller(pkg);
         int user = Binder.getCallingUserHandle().getIdentifier();
         enforceOwner(pkg, uri, user);
         mPermissions.grantSliceAccess(toPkg, user, pkg, user, uri);
     }

     @Override
     public void revokeSlicePermission(String pkg, String toPkg, Uri uri) throws RemoteException {
         verifyCaller(pkg);
         int user = Binder.getCallingUserHandle().getIdentifier();
         enforceOwner(pkg, uri, user);
         mPermissions.revokeSliceAccess(toPkg, user, pkg, user, uri);
     }

     @Override
     public int checkSlicePermission(Uri uri, String callingPkg, String pkg, int pid, int uid,
             String[] autoGrantPermissions) {
         int userId = UserHandle.getUserId(uid);
         if (pkg == null) {
             for (String p : mContext.getPackageManager().getPackagesForUid(uid)) {
                 if (checkSlicePermission(uri, callingPkg, p, pid, uid, autoGrantPermissions)
                         == PERMISSION_GRANTED) {
                     return PERMISSION_GRANTED;
                 }
             }
             return PERMISSION_DENIED;
         }
         if (hasFullSliceAccess(pkg, userId)) {
             return PackageManager.PERMISSION_GRANTED;
         }
         if (mPermissions.hasPermission(pkg, userId, uri)) {
             return PackageManager.PERMISSION_GRANTED;
         }
         if (autoGrantPermissions != null && callingPkg != null) {
             // Need to own the Uri to call in with permissions to grant.
             enforceOwner(callingPkg, uri, userId);
             for (String perm : autoGrantPermissions) {
                 if (mContext.checkPermission(perm, pid, uid) == PERMISSION_GRANTED) {
                     int providerUser = ContentProvider.getUserIdFromUri(uri, userId);
                     String providerPkg = getProviderPkg(uri, providerUser);
                     mPermissions.grantSliceAccess(pkg, userId, providerPkg, providerUser, uri);
                     return PackageManager.PERMISSION_GRANTED;
                 }
             }
         }
         // Fallback to allowing uri permissions through.
         if (mContext.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
                 == PERMISSION_GRANTED) {
             return PackageManager.PERMISSION_GRANTED;
         }
         return PackageManager.PERMISSION_DENIED;
     }

     @Override
     public void grantPermissionFromUser(Uri uri, String pkg, String callingPkg, boolean allSlices) {
         verifyCaller(callingPkg);
         getContext().enforceCallingOrSelfPermission(permission.MANAGE_SLICE_PERMISSIONS,
                 "Slice granting requires MANAGE_SLICE_PERMISSIONS");
         int userId = Binder.getCallingUserHandle().getIdentifier();
         if (allSlices) {
             mPermissions.grantFullAccess(pkg, userId);
         } else {
             // When granting, grant to all slices in the provider.
             Uri grantUri = uri.buildUpon()
                     .path("")
                     .build();
             int providerUser = ContentProvider.getUserIdFromUri(grantUri, userId);
             String providerPkg = getProviderPkg(grantUri, providerUser);
             mPermissions.grantSliceAccess(pkg, userId, providerPkg, providerUser, grantUri);
         }
         long ident = Binder.clearCallingIdentity();
         try {
             mContext.getContentResolver().notifyChange(uri, null);
         } finally {
             Binder.restoreCallingIdentity(ident);
         }
     }

     // Backup/restore interface
     @Override
     public byte[] getBackupPayload(int user) {
         if (Binder.getCallingUid() != SYSTEM_UID) {
             throw new SecurityException("Caller must be system");
         }
         //TODO: http://b/22388012
         if (user != UserHandle.USER_SYSTEM) {
             Slog.w(TAG, "getBackupPayload: cannot backup policy for user " + user);
             return null;
         }
         final ByteArrayOutputStream baos = new ByteArrayOutputStream();
         try {
             XmlSerializer out = XmlPullParserFactory.newInstance().newSerializer();
             out.setOutput(baos, Encoding.UTF_8.name());

             mPermissions.writeBackup(out);

             out.flush();
             return baos.toByteArray();
         } catch (IOException | XmlPullParserException e) {
             Slog.w(TAG, "getBackupPayload: error writing payload for user " + user, e);
         }
         return null;
     }

     @Override
     public void applyRestore(byte[] payload, int user) {
         if (Binder.getCallingUid() != SYSTEM_UID) {
             throw new SecurityException("Caller must be system");
         }
         if (payload == null) {
             Slog.w(TAG, "applyRestore: no payload to restore for user " + user);
             return;
         }
         //TODO: http://b/22388012
         if (user != UserHandle.USER_SYSTEM) {
             Slog.w(TAG, "applyRestore: cannot restore policy for user " + user);
             return;
         }
         final ByteArrayInputStream bais = new ByteArrayInputStream(payload);
         try {
             XmlPullParser parser = XmlPullParserFactory.newInstance().newPullParser();
             parser.setInput(bais, Encoding.UTF_8.name());
             mPermissions.readRestore(parser);
         } catch (NumberFormatException | XmlPullParserException | IOException e) {
             Slog.w(TAG, "applyRestore: error reading payload", e);
         }
     }

     @Override
     public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
             String[] args, ShellCallback callback, ResultReceiver resultReceiver) {
         new SliceShellCommand(this).exec(this, in, out, err, args, callback, resultReceiver);
     }

     ///  ----- internal code -----
     private void enforceOwner(String pkg, Uri uri, int user) {
         if (!Objects.equals(getProviderPkg(uri, user), pkg) || pkg == null) {
             throw new SecurityException("Caller must own " + uri);
         }
     }

     protected void removePinnedSlice(Uri uri) {
         synchronized (mLock) {
             mPinnedSlicesByUri.remove(uri).destroy();
         }
     }

     private PinnedSliceState getPinnedSlice(Uri uri) {
         synchronized (mLock) {
             PinnedSliceState manager = mPinnedSlicesByUri.get(uri);
             if (manager == null) {
                 throw new IllegalStateException(String.format("Slice %s not pinned",
                         uri.toString()));
             }
             return manager;
         }
     }

     private PinnedSliceState getOrCreatePinnedSlice(Uri uri, String pkg) {
         synchronized (mLock) {
             PinnedSliceState manager = mPinnedSlicesByUri.get(uri);
             if (manager == null) {
                 manager = createPinnedSlice(uri, pkg);
                 mPinnedSlicesByUri.put(uri, manager);
             }
             return manager;
         }
     }

     @VisibleForTesting
     protected PinnedSliceState createPinnedSlice(Uri uri, String pkg) {
         return new PinnedSliceState(this, uri, pkg);
     }

     public Object getLock() {
         return mLock;
     }

     public Context getContext() {
         return mContext;
     }

     public Handler getHandler() {
         return mHandler;
     }

     protected int checkAccess(String pkg, Uri uri, int uid, int pid) {
         return checkSlicePermission(uri, null, pkg, uid, pid, null);
     }

     private String getProviderPkg(Uri uri, int user) {
         long ident = Binder.clearCallingIdentity();
         try {
             String providerName = getUriWithoutUserId(uri).getAuthority();
             ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
                     providerName, 0, getUserIdFromUri(uri, user));
             return provider.packageName;
         } finally {
             Binder.restoreCallingIdentity(ident);
         }
     }

     private void enforceCrossUser(String pkg, Uri uri) {
         int user = Binder.getCallingUserHandle().getIdentifier();
         if (getUserIdFromUri(uri, user) != user) {
             getContext().enforceCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL,
                     "Slice interaction across users requires INTERACT_ACROSS_USERS_FULL");
         }
     }

     private void enforceAccess(String pkg, Uri uri) throws RemoteException {
         if (checkAccess(pkg, uri, Binder.getCallingUid(), Binder.getCallingPid())
                 != PERMISSION_GRANTED) {
             int userId = ContentProvider.getUserIdFromUri(uri,
                     Binder.getCallingUserHandle().getIdentifier());
             if (!Objects.equals(pkg, getProviderPkg(uri, userId))) {
                 throw new SecurityException("Access to slice " + uri + " is required");
             }
         }
         enforceCrossUser(pkg, uri);
     }

     private void verifyCaller(String pkg) {
         mAppOps.checkPackage(Binder.getCallingUid(), pkg);
     }

     private boolean hasFullSliceAccess(String pkg, int userId) {
         long ident = Binder.clearCallingIdentity();
         try {
             boolean ret = isDefaultHomeApp(pkg, userId) || isAssistant(pkg, userId)
                     || isGrantedFullAccess(pkg, userId);
             return ret;
         } finally {
             Binder.restoreCallingIdentity(ident);
         }
     }

     private boolean isAssistant(String pkg, int userId) {
         return getAssistantMatcher(userId).matches(pkg);
     }

     private boolean isDefaultHomeApp(String pkg, int userId) {
         return getHomeMatcher(userId).matches(pkg);
     }

     private PackageMatchingCache getAssistantMatcher(int userId) {
         PackageMatchingCache matcher = mAssistantLookup.get(userId);
         if (matcher == null) {
             matcher = new PackageMatchingCache(() -> getAssistant(userId));
             mAssistantLookup.put(userId, matcher);
         }
         return matcher;
     }

     private PackageMatchingCache getHomeMatcher(int userId) {
         PackageMatchingCache matcher = mHomeLookup.get(userId);
         if (matcher == null) {
             matcher = new PackageMatchingCache(() -> getDefaultHome(userId));
             mHomeLookup.put(userId, matcher);
         }
         return matcher;
     }

     private String getAssistant(int userId) {
         final ComponentName cn = mAssistUtils.getAssistComponentForUser(userId);
         if (cn == null) {
             return null;
         }
         return cn.getPackageName();
     }

     // Based on getDefaultHome in ShortcutService.
     // TODO: Unify if possible
     @VisibleForTesting
     protected String getDefaultHome(int userId) {
         final long token = Binder.clearCallingIdentity();
         try {
             final List<ResolveInfo> allHomeCandidates = new ArrayList<>();

             // Default launcher from package manager.
             final ComponentName defaultLauncher = mPackageManagerInternal
                     .getHomeActivitiesAsUser(allHomeCandidates, userId);

             ComponentName detected = null;
             if (defaultLauncher != null) {
                 detected = defaultLauncher;
             }

             if (detected == null) {
                 // If we reach here, that means it's the first check since the user was created,
                 // and there's already multiple launchers and there's no default set.
                 // Find the system one with the highest priority.
                 // (We need to check the priority too because of FallbackHome in Settings.)
                 // If there's no system launcher yet, then no one can access slices, until
                 // the user explicitly sets one.
                 final int size = allHomeCandidates.size();

                 int lastPriority = Integer.MIN_VALUE;
                 for (int i = 0; i < size; i++) {
                     final ResolveInfo ri = allHomeCandidates.get(i);
                     if (!ri.activityInfo.applicationInfo.isSystemApp()) {
                         continue;
                     }
                     if (ri.priority < lastPriority) {
                         continue;
                     }
                     detected = ri.activityInfo.getComponentName();
                     lastPriority = ri.priority;
                 }
             }
             return detected != null ? detected.getPackageName() : null;
         } finally {
             Binder.restoreCallingIdentity(token);
         }
     }

     private boolean isGrantedFullAccess(String pkg, int userId) {
         return mPermissions.hasFullAccess(pkg, userId);
     }

     private static ServiceThread createHandler() {
         ServiceThread handlerThread = new ServiceThread(TAG,
                 Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/);
         handlerThread.start();
         return handlerThread;
     }

     private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
         @Override
         public void onReceive(Context context, Intent intent) {
             final int userId  = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
             if (userId == UserHandle.USER_NULL) {
                 Slog.w(TAG, "Intent broadcast does not contain user handle: " + intent);
                 return;
             }
             Uri data = intent.getData();
             String pkg = data != null ? data.getSchemeSpecificPart() : null;
             if (pkg == null) {
                 Slog.w(TAG, "Intent broadcast does not contain package name: " + intent);
                 return;
             }
             switch (intent.getAction()) {
                 case Intent.ACTION_PACKAGE_REMOVED:
                     final boolean replacing =
                             intent.getBooleanExtra(Intent.EXTRA_REPLACING, false);
                     if (!replacing) {
                         mPermissions.removePkg(pkg, userId);
                     }
                     break;
                 case Intent.ACTION_PACKAGE_DATA_CLEARED:
                     mPermissions.removePkg(pkg, userId);
                     break;
             }
         }
     };

     public String[] getAllPackagesGranted(String authority) {
         String pkg = getProviderPkg(new Uri.Builder()
                 .scheme(ContentResolver.SCHEME_CONTENT)
                 .authority(authority)
                 .build(), 0);
         return mPermissions.getAllPackagesGranted(pkg);
     }

     /**
      * Holder that caches a package that has access to a slice.
      */
     static class PackageMatchingCache {

         private final Supplier<String> mPkgSource;
         private String mCurrentPkg;

         public PackageMatchingCache(Supplier<String> pkgSource) {
             mPkgSource = pkgSource;
         }

         public boolean matches(String pkgCandidate) {
             if (pkgCandidate == null) return false;

             if (Objects.equals(pkgCandidate, mCurrentPkg)) {
                 return true;
             }
             // Failed on cached value, try updating.
             mCurrentPkg = mPkgSource.get();
             return Objects.equals(pkgCandidate, mCurrentPkg);
         }
     }

     public static class Lifecycle extends SystemService {
         private SliceManagerService mService;

         public Lifecycle(Context context) {
             super(context);
         }

         @Override
         public void onStart() {
             mService = new SliceManagerService(getContext());
             publishBinderService(Context.SLICE_SERVICE, mService);
         }

         @Override
         public void onBootPhase(int phase) {
             if (phase == SystemService.PHASE_ACTIVITY_MANAGER_READY) {
                 mService.systemReady();
             }
         }

         @Override
         public void onUnlockUser(int userHandle) {
             mService.onUnlockUser(userHandle);
         }

         @Override
         public void onStopUser(int userHandle) {
             mService.onStopUser(userHandle);
         }
     }

     private class SliceGrant {
         private final Uri mUri;
         private final String mPkg;
         private final int mUserId;

         public SliceGrant(Uri uri, String pkg, int userId) {
             mUri = uri;
             mPkg = pkg;
             mUserId = userId;
         }

         @Override
         public int hashCode() {
             return mUri.hashCode() + mPkg.hashCode();
         }

         @Override
         public boolean equals(Object obj) {
             if (!(obj instanceof SliceGrant)) return false;
             SliceGrant other = (SliceGrant) obj;
             return Objects.equals(other.mUri, mUri) && Objects.equals(other.mPkg, mPkg)
                     && (other.mUserId == mUserId);
         }
     }
 }
	/*
	* Copyright (C) 2017 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.server.slice;

	import static android.app.usage.UsageEvents.Event.SLICE_PINNED;
	import static android.app.usage.UsageEvents.Event.SLICE_PINNED_PRIV;
	import static android.content.ContentProvider.getUriWithoutUserId;
	import static android.content.ContentProvider.getUserIdFromUri;
	import static android.content.ContentProvider.maybeAddUserId;
	import static android.content.pm.PackageManager.PERMISSION_DENIED;
	import static android.content.pm.PackageManager.PERMISSION_GRANTED;
	import static android.os.Process.SYSTEM_UID;

	import android.Manifest.permission;
	import android.app.ActivityManager;
	import android.app.AppOpsManager;
	import android.app.ContentProviderHolder;
	import android.app.IActivityManager;
	import android.app.slice.ISliceManager;
	import android.app.slice.SliceSpec;
	import android.app.usage.UsageStatsManagerInternal;
	import android.content.BroadcastReceiver;
	import android.content.ComponentName;
	import android.content.ContentProvider;
	import android.content.ContentResolver;
	import android.content.Context;
	import android.content.Intent;
	import android.content.IntentFilter;
	import android.content.pm.PackageManager;
	import android.content.pm.PackageManagerInternal;
	import android.content.pm.ProviderInfo;
	import android.content.pm.ResolveInfo;
	import android.net.Uri;
	import android.os.Binder;
	import android.os.Handler;
	import android.os.IBinder;
	import android.os.Looper;
	import android.os.Process;
	import android.os.RemoteException;
	import android.os.ResultReceiver;
	import android.os.ShellCallback;
	import android.os.UserHandle;
	import android.util.ArrayMap;
	import android.util.Slog;
	import android.util.SparseArray;
	import android.util.Xml.Encoding;

	import com.android.internal.annotations.GuardedBy;
	import com.android.internal.annotations.VisibleForTesting;
	import com.android.internal.app.AssistUtils;
	import com.android.internal.util.Preconditions;
	import com.android.server.LocalServices;
	import com.android.server.ServiceThread;
	import com.android.server.SystemService;

	import org.xmlpull.v1.XmlPullParser;
	import org.xmlpull.v1.XmlPullParserException;
	import org.xmlpull.v1.XmlPullParserFactory;
	import org.xmlpull.v1.XmlSerializer;

	import java.io.ByteArrayInputStream;
	import java.io.ByteArrayOutputStream;
	import java.io.FileDescriptor;
	import java.io.IOException;
	import java.util.ArrayList;
	import java.util.List;
	import java.util.Objects;
	import java.util.function.Supplier;

	public class SliceManagerService extends ISliceManager.Stub {

	private static final String TAG = "SliceManagerService";
	private final Object mLock = new Object();

	private final Context mContext;
	private final PackageManagerInternal mPackageManagerInternal;
	private final AppOpsManager mAppOps;
	private final AssistUtils mAssistUtils;

	@GuardedBy("mLock")
	private final ArrayMap<Uri, PinnedSliceState> mPinnedSlicesByUri = new ArrayMap<>();
	@GuardedBy("mLock")
	private final SparseArray<PackageMatchingCache> mAssistantLookup = new SparseArray<>();
	@GuardedBy("mLock")
	private final SparseArray<PackageMatchingCache> mHomeLookup = new SparseArray<>();
	private final Handler mHandler;

	private final SlicePermissionManager mPermissions;
	private final UsageStatsManagerInternal mAppUsageStats;

	public SliceManagerService(Context context) {
	this(context, createHandler().getLooper());
	}

	@VisibleForTesting
	SliceManagerService(Context context, Looper looper) {
	mContext = context;
	mPackageManagerInternal = Preconditions.checkNotNull(
	LocalServices.getService(PackageManagerInternal.class));
	mAppOps = context.getSystemService(AppOpsManager.class);
	mAssistUtils = new AssistUtils(context);
	mHandler = new Handler(looper);

	mAppUsageStats = LocalServices.getService(UsageStatsManagerInternal.class);

	mPermissions = new SlicePermissionManager(mContext, looper);

	IntentFilter filter = new IntentFilter();
	filter.addAction(Intent.ACTION_PACKAGE_DATA_CLEARED);
	filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
	filter.addDataScheme("package");
	mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
	}

	/// ----- Lifecycle stuff -----
	private void systemReady() {
	}

	private void onUnlockUser(int userId) {
	}

	private void onStopUser(int userId) {
	synchronized (mLock) {
	mPinnedSlicesByUri.values().removeIf(s -> getUserIdFromUri(s.getUri()) == userId);
	}
	}

	/// ----- ISliceManager stuff -----
	@Override
	public Uri[] getPinnedSlices(String pkg) {
	verifyCaller(pkg);
	int callingUser = Binder.getCallingUserHandle().getIdentifier();
	ArrayList<Uri> ret = new ArrayList<>();
	synchronized (mLock) {
	for (PinnedSliceState state : mPinnedSlicesByUri.values()) {
	if (Objects.equals(pkg, state.getPkg())) {
	Uri uri = state.getUri();
	int userId = ContentProvider.getUserIdFromUri(uri, callingUser);
	if (userId == callingUser) {
	ret.add(ContentProvider.getUriWithoutUserId(uri));
	}
	}
	}
	}
	return ret.toArray(new Uri[ret.size()]);
	}

	@Override
	public void pinSlice(String pkg, Uri uri, SliceSpec[] specs, IBinder token)
	throws RemoteException {
	verifyCaller(pkg);
	enforceAccess(pkg, uri);
	int user = Binder.getCallingUserHandle().getIdentifier();
	uri = maybeAddUserId(uri, user);
	String slicePkg = getProviderPkg(uri, user);
	getOrCreatePinnedSlice(uri, slicePkg).pin(pkg, specs, token);

	mHandler.post(() -> {
	if (slicePkg != null && !Objects.equals(pkg, slicePkg)) {
	mAppUsageStats.reportEvent(slicePkg, user,
	isAssistant(pkg, user) \|\| isDefaultHomeApp(pkg, user)
	? SLICE_PINNED_PRIV : SLICE_PINNED);
	}
	});
	}

	@Override
	public void unpinSlice(String pkg, Uri uri, IBinder token) throws RemoteException {
	verifyCaller(pkg);
	enforceAccess(pkg, uri);
	uri = maybeAddUserId(uri, Binder.getCallingUserHandle().getIdentifier());
	if (getPinnedSlice(uri).unpin(pkg, token)) {
	removePinnedSlice(uri);
	}
	}

	@Override
	public boolean hasSliceAccess(String pkg) throws RemoteException {
	verifyCaller(pkg);
	return hasFullSliceAccess(pkg, Binder.getCallingUserHandle().getIdentifier());
	}

	@Override
	public SliceSpec[] getPinnedSpecs(Uri uri, String pkg) throws RemoteException {
	verifyCaller(pkg);
	enforceAccess(pkg, uri);
	uri = maybeAddUserId(uri, Binder.getCallingUserHandle().getIdentifier());
	return getPinnedSlice(uri).getSpecs();
	}

	@Override
	public void grantSlicePermission(String pkg, String toPkg, Uri uri) throws RemoteException {
	verifyCaller(pkg);
	int user = Binder.getCallingUserHandle().getIdentifier();
	enforceOwner(pkg, uri, user);
	mPermissions.grantSliceAccess(toPkg, user, pkg, user, uri);
	}

	@Override
	public void revokeSlicePermission(String pkg, String toPkg, Uri uri) throws RemoteException {
	verifyCaller(pkg);
	int user = Binder.getCallingUserHandle().getIdentifier();
	enforceOwner(pkg, uri, user);
	mPermissions.revokeSliceAccess(toPkg, user, pkg, user, uri);
	}

	@Override
	public int checkSlicePermission(Uri uri, String callingPkg, String pkg, int pid, int uid,
	String[] autoGrantPermissions) {
	int userId = UserHandle.getUserId(uid);
	if (pkg == null) {
	for (String p : mContext.getPackageManager().getPackagesForUid(uid)) {
	if (checkSlicePermission(uri, callingPkg, p, pid, uid, autoGrantPermissions)
	== PERMISSION_GRANTED) {
	return PERMISSION_GRANTED;
	}
	}
	return PERMISSION_DENIED;
	}
	if (hasFullSliceAccess(pkg, userId)) {
	return PackageManager.PERMISSION_GRANTED;
	}
	if (mPermissions.hasPermission(pkg, userId, uri)) {
	return PackageManager.PERMISSION_GRANTED;
	}
	if (autoGrantPermissions != null && callingPkg != null) {
	// Need to own the Uri to call in with permissions to grant.
	enforceOwner(callingPkg, uri, userId);
	for (String perm : autoGrantPermissions) {
	if (mContext.checkPermission(perm, pid, uid) == PERMISSION_GRANTED) {
	int providerUser = ContentProvider.getUserIdFromUri(uri, userId);
	String providerPkg = getProviderPkg(uri, providerUser);
	mPermissions.grantSliceAccess(pkg, userId, providerPkg, providerUser, uri);
	return PackageManager.PERMISSION_GRANTED;
	}
	}
	}
	// Fallback to allowing uri permissions through.
	if (mContext.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION)
	== PERMISSION_GRANTED) {
	return PackageManager.PERMISSION_GRANTED;
	}
	return PackageManager.PERMISSION_DENIED;
	}

	@Override
	public void grantPermissionFromUser(Uri uri, String pkg, String callingPkg, boolean allSlices) {
	verifyCaller(callingPkg);
	getContext().enforceCallingOrSelfPermission(permission.MANAGE_SLICE_PERMISSIONS,
	"Slice granting requires MANAGE_SLICE_PERMISSIONS");
	int userId = Binder.getCallingUserHandle().getIdentifier();
	if (allSlices) {
	mPermissions.grantFullAccess(pkg, userId);
	} else {
	// When granting, grant to all slices in the provider.
	Uri grantUri = uri.buildUpon()
	.path("")
	.build();
	int providerUser = ContentProvider.getUserIdFromUri(grantUri, userId);
	String providerPkg = getProviderPkg(grantUri, providerUser);
	mPermissions.grantSliceAccess(pkg, userId, providerPkg, providerUser, grantUri);
	}
	long ident = Binder.clearCallingIdentity();
	try {
	mContext.getContentResolver().notifyChange(uri, null);
	} finally {
	Binder.restoreCallingIdentity(ident);
	}
	}

	// Backup/restore interface
	@Override
	public byte[] getBackupPayload(int user) {
	if (Binder.getCallingUid() != SYSTEM_UID) {
	throw new SecurityException("Caller must be system");
	}
	//TODO: http://b/22388012
	if (user != UserHandle.USER_SYSTEM) {
	Slog.w(TAG, "getBackupPayload: cannot backup policy for user " + user);
	return null;
	}
	final ByteArrayOutputStream baos = new ByteArrayOutputStream();
	try {
	XmlSerializer out = XmlPullParserFactory.newInstance().newSerializer();
	out.setOutput(baos, Encoding.UTF_8.name());

	mPermissions.writeBackup(out);

	out.flush();
	return baos.toByteArray();
	} catch (IOException \| XmlPullParserException e) {
	Slog.w(TAG, "getBackupPayload: error writing payload for user " + user, e);
	}
	return null;
	}

	@Override
	public void applyRestore(byte[] payload, int user) {
	if (Binder.getCallingUid() != SYSTEM_UID) {
	throw new SecurityException("Caller must be system");
	}
	if (payload == null) {
	Slog.w(TAG, "applyRestore: no payload to restore for user " + user);
	return;
	}
	//TODO: http://b/22388012
	if (user != UserHandle.USER_SYSTEM) {
	Slog.w(TAG, "applyRestore: cannot restore policy for user " + user);
	return;
	}
	final ByteArrayInputStream bais = new ByteArrayInputStream(payload);
	try {
	XmlPullParser parser = XmlPullParserFactory.newInstance().newPullParser();
	parser.setInput(bais, Encoding.UTF_8.name());
	mPermissions.readRestore(parser);
	} catch (NumberFormatException \| XmlPullParserException \| IOException e) {
	Slog.w(TAG, "applyRestore: error reading payload", e);
	}
	}

	@Override
	public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
	String[] args, ShellCallback callback, ResultReceiver resultReceiver) {
	new SliceShellCommand(this).exec(this, in, out, err, args, callback, resultReceiver);
	}

	/// ----- internal code -----
	private void enforceOwner(String pkg, Uri uri, int user) {
	if (!Objects.equals(getProviderPkg(uri, user), pkg) \|\| pkg == null) {
	throw new SecurityException("Caller must own " + uri);
	}
	}

	protected void removePinnedSlice(Uri uri) {
	synchronized (mLock) {
	mPinnedSlicesByUri.remove(uri).destroy();
	}
	}

	private PinnedSliceState getPinnedSlice(Uri uri) {
	synchronized (mLock) {
	PinnedSliceState manager = mPinnedSlicesByUri.get(uri);
	if (manager == null) {
	throw new IllegalStateException(String.format("Slice %s not pinned",
	uri.toString()));
	}
	return manager;
	}
	}

	private PinnedSliceState getOrCreatePinnedSlice(Uri uri, String pkg) {
	synchronized (mLock) {
	PinnedSliceState manager = mPinnedSlicesByUri.get(uri);
	if (manager == null) {
	manager = createPinnedSlice(uri, pkg);
	mPinnedSlicesByUri.put(uri, manager);
	}
	return manager;
	}
	}

	@VisibleForTesting
	protected PinnedSliceState createPinnedSlice(Uri uri, String pkg) {
	return new PinnedSliceState(this, uri, pkg);
	}

	public Object getLock() {
	return mLock;
	}

	public Context getContext() {
	return mContext;
	}

	public Handler getHandler() {
	return mHandler;
	}

	protected int checkAccess(String pkg, Uri uri, int uid, int pid) {
	return checkSlicePermission(uri, null, pkg, uid, pid, null);
	}

	private String getProviderPkg(Uri uri, int user) {
	long ident = Binder.clearCallingIdentity();
	try {
	String providerName = getUriWithoutUserId(uri).getAuthority();
	ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
	providerName, 0, getUserIdFromUri(uri, user));
	return provider.packageName;
	} finally {
	Binder.restoreCallingIdentity(ident);
	}
	}

	private void enforceCrossUser(String pkg, Uri uri) {
	int user = Binder.getCallingUserHandle().getIdentifier();
	if (getUserIdFromUri(uri, user) != user) {
	getContext().enforceCallingOrSelfPermission(permission.INTERACT_ACROSS_USERS_FULL,
	"Slice interaction across users requires INTERACT_ACROSS_USERS_FULL");
	}
	}

	private void enforceAccess(String pkg, Uri uri) throws RemoteException {
	if (checkAccess(pkg, uri, Binder.getCallingUid(), Binder.getCallingPid())
	!= PERMISSION_GRANTED) {
	int userId = ContentProvider.getUserIdFromUri(uri,
	Binder.getCallingUserHandle().getIdentifier());
	if (!Objects.equals(pkg, getProviderPkg(uri, userId))) {
	throw new SecurityException("Access to slice " + uri + " is required");
	}
	}
	enforceCrossUser(pkg, uri);
	}

	private void verifyCaller(String pkg) {
	mAppOps.checkPackage(Binder.getCallingUid(), pkg);
	}

	private boolean hasFullSliceAccess(String pkg, int userId) {
	long ident = Binder.clearCallingIdentity();
	try {
	boolean ret = isDefaultHomeApp(pkg, userId) \|\| isAssistant(pkg, userId)
	\|\| isGrantedFullAccess(pkg, userId);
	return ret;
	} finally {
	Binder.restoreCallingIdentity(ident);
	}
	}

	private boolean isAssistant(String pkg, int userId) {
	return getAssistantMatcher(userId).matches(pkg);
	}

	private boolean isDefaultHomeApp(String pkg, int userId) {
	return getHomeMatcher(userId).matches(pkg);
	}

	private PackageMatchingCache getAssistantMatcher(int userId) {
	PackageMatchingCache matcher = mAssistantLookup.get(userId);
	if (matcher == null) {
	matcher = new PackageMatchingCache(() -> getAssistant(userId));
	mAssistantLookup.put(userId, matcher);
	}
	return matcher;
	}

	private PackageMatchingCache getHomeMatcher(int userId) {
	PackageMatchingCache matcher = mHomeLookup.get(userId);
	if (matcher == null) {
	matcher = new PackageMatchingCache(() -> getDefaultHome(userId));
	mHomeLookup.put(userId, matcher);
	}
	return matcher;
	}

	private String getAssistant(int userId) {
	final ComponentName cn = mAssistUtils.getAssistComponentForUser(userId);
	if (cn == null) {
	return null;
	}
	return cn.getPackageName();
	}

	// Based on getDefaultHome in ShortcutService.
	// TODO: Unify if possible
	@VisibleForTesting
	protected String getDefaultHome(int userId) {
	final long token = Binder.clearCallingIdentity();
	try {
	final List<ResolveInfo> allHomeCandidates = new ArrayList<>();

	// Default launcher from package manager.
	final ComponentName defaultLauncher = mPackageManagerInternal
	.getHomeActivitiesAsUser(allHomeCandidates, userId);

	ComponentName detected = null;
	if (defaultLauncher != null) {
	detected = defaultLauncher;
	}

	if (detected == null) {
	// If we reach here, that means it's the first check since the user was created,
	// and there's already multiple launchers and there's no default set.
	// Find the system one with the highest priority.
	// (We need to check the priority too because of FallbackHome in Settings.)
	// If there's no system launcher yet, then no one can access slices, until
	// the user explicitly sets one.
	final int size = allHomeCandidates.size();

	int lastPriority = Integer.MIN_VALUE;
	for (int i = 0; i < size; i++) {
	final ResolveInfo ri = allHomeCandidates.get(i);
	if (!ri.activityInfo.applicationInfo.isSystemApp()) {
	continue;
	}
	if (ri.priority < lastPriority) {
	continue;
	}
	detected = ri.activityInfo.getComponentName();
	lastPriority = ri.priority;
	}
	}
	return detected != null ? detected.getPackageName() : null;
	} finally {
	Binder.restoreCallingIdentity(token);
	}
	}

	private boolean isGrantedFullAccess(String pkg, int userId) {
	return mPermissions.hasFullAccess(pkg, userId);
	}

	private static ServiceThread createHandler() {
	ServiceThread handlerThread = new ServiceThread(TAG,
	Process.THREAD_PRIORITY_BACKGROUND, true /allowIo/);
	handlerThread.start();
	return handlerThread;
	}

	private final BroadcastReceiver mReceiver = new BroadcastReceiver() {
	@Override
	public void onReceive(Context context, Intent intent) {
	final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
	if (userId == UserHandle.USER_NULL) {
	Slog.w(TAG, "Intent broadcast does not contain user handle: " + intent);
	return;
	}
	Uri data = intent.getData();
	String pkg = data != null ? data.getSchemeSpecificPart() : null;
	if (pkg == null) {
	Slog.w(TAG, "Intent broadcast does not contain package name: " + intent);
	return;
	}
	switch (intent.getAction()) {
	case Intent.ACTION_PACKAGE_REMOVED:
	final boolean replacing =
	intent.getBooleanExtra(Intent.EXTRA_REPLACING, false);
	if (!replacing) {
	mPermissions.removePkg(pkg, userId);
	}
	break;
	case Intent.ACTION_PACKAGE_DATA_CLEARED:
	mPermissions.removePkg(pkg, userId);
	break;
	}
	}
	};

	public String[] getAllPackagesGranted(String authority) {
	String pkg = getProviderPkg(new Uri.Builder()
	.scheme(ContentResolver.SCHEME_CONTENT)
	.authority(authority)
	.build(), 0);
	return mPermissions.getAllPackagesGranted(pkg);
	}

	/**
	* Holder that caches a package that has access to a slice.
	*/
	static class PackageMatchingCache {

	private final Supplier<String> mPkgSource;
	private String mCurrentPkg;

	public PackageMatchingCache(Supplier<String> pkgSource) {
	mPkgSource = pkgSource;
	}

	public boolean matches(String pkgCandidate) {
	if (pkgCandidate == null) return false;

	if (Objects.equals(pkgCandidate, mCurrentPkg)) {
	return true;
	}
	// Failed on cached value, try updating.
	mCurrentPkg = mPkgSource.get();
	return Objects.equals(pkgCandidate, mCurrentPkg);
	}
	}

	public static class Lifecycle extends SystemService {
	private SliceManagerService mService;

	public Lifecycle(Context context) {
	super(context);
	}

	@Override
	public void onStart() {
	mService = new SliceManagerService(getContext());
	publishBinderService(Context.SLICE_SERVICE, mService);
	}

	@Override
	public void onBootPhase(int phase) {
	if (phase == SystemService.PHASE_ACTIVITY_MANAGER_READY) {
	mService.systemReady();
	}
	}

	@Override
	public void onUnlockUser(int userHandle) {
	mService.onUnlockUser(userHandle);
	}

	@Override
	public void onStopUser(int userHandle) {
	mService.onStopUser(userHandle);
	}
	}

	private class SliceGrant {
	private final Uri mUri;
	private final String mPkg;
	private final int mUserId;

	public SliceGrant(Uri uri, String pkg, int userId) {
	mUri = uri;
	mPkg = pkg;
	mUserId = userId;
	}

	@Override
	public int hashCode() {
	return mUri.hashCode() + mPkg.hashCode();
	}

	@Override
	public boolean equals(Object obj) {
	if (!(obj instanceof SliceGrant)) return false;
	SliceGrant other = (SliceGrant) obj;
	return Objects.equals(other.mUri, mUri) && Objects.equals(other.mPkg, mPkg)
	&& (other.mUserId == mUserId);
	}
	}
	}