libs/permission/include/android/permission/PermissionChecker.h - platform/frameworks/native - Git at Google

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #pragma once

 #include <android/content/AttributionSourceState.h>
 #include <android/permission/IPermissionChecker.h>

 #include <utils/threads.h>

 #include <optional>

 #ifdef __ANDROID_VNDK__
 #error "This header is not visible to vendors"
 #endif

 // ---------------------------------------------------------------------------
 namespace android {

 namespace permission {

 using android::content::AttributionSourceState;
 using android::permission::IPermissionChecker;

 class PermissionChecker
 {
 public:

     enum PermissionResult {

         /**
          * The permission is granted.
          */
         PERMISSION_GRANTED = IPermissionChecker::PERMISSION_GRANTED,

         /**
          * The permission is denied. Applicable only to runtime and app op permissions.
          *
          * Returned when:
          *   - the runtime permission is granted, but the corresponding app op is denied
          *       for runtime permissions.
          *   - the app ops is ignored for app op permissions.
          *
          */
         PERMISSION_SOFT_DENIED = IPermissionChecker::PERMISSION_SOFT_DENIED,

         /**
          * The permission is denied.
          *
          * Returned when:
          *  - the permission is denied for non app op permissions.
          *  - the app op is denied or app op is AppOpsManager#MODE_DEFAULT and permission is denied.
          */
         PERMISSION_HARD_DENIED = IPermissionChecker::PERMISSION_HARD_DENIED
     };

     PermissionChecker();

     /**
      * Checks whether a given data access chain described by the given attribution source
      * has a given permission and whether the app op that corresponds to this permission
      * is allowed. Call this method if you are the datasource which would not blame you for
      * access to the data since you are the data.  Use this API if you are the datasource of
      * the protected state.
      *
      * NOTE: The attribution source should be for yourself with its next attribution
      * source being the app that would receive the data from you.
      *
      * NOTE: Use this method only for permission checks at the point where you will deliver
      * the permission protected data to clients.
      *
      * @param permission The permission to check.
      * @param attributionSource The attribution chain to check.
      * @param message A message describing the reason the permission was checked.
      * @param attributedOpCode The op code towards which to blame the access. If this
      *     is a valid app op the op corresponding to the checked permission (if such)
      *     would only be checked to ensure it is allowed and if that succeeds the
      *     noting would be against the attributed op.
      * @return The permission check result which is either PERMISSION_GRANTED,
      *     or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED.
      */
     PermissionChecker::PermissionResult checkPermissionForDataDeliveryFromDatasource(
             const String16& permission, const AttributionSourceState& attributionSource,
             const String16& message, int32_t attributedOpCode);

    /**
      * Checks whether a given data access chain described by the given attribution source
      * has a given permission and whether the app op that corresponds to this permission
      * is allowed. The app ops are not noted/started.
      *
      * NOTE: The attribution source should be for yourself with its next attribution
      * source being the app that would receive the data from you.
      *
      * NOTE: Use this method only for permission checks at the preflight point where you
      * will not deliver the permission protected data to clients but schedule permission
      * data delivery, apps register listeners, etc.
      *
      * @param permission The permission to check.
      * @param attributionSource The attribution chain to check.
      * @param message A message describing the reason the permission was checked.
      * @param attributedOpCode The op code towards which to blame the access. If this
      *     is a valid app op the op corresponding to the checked permission (if such)
      *     would only be checked to ensure it is allowed and if that succeeds the
      *     starting would be against the attributed op.
      * @return The permission check result which is either PERMISSION_GRANTED,
      *     or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED.
      */
     PermissionResult checkPermissionForPreflightFromDatasource(
             const String16& permission, const AttributionSourceState& attributionSource,
             const String16& message, int32_t attributedOpCode);

    /**
      * Checks whether a given data access chain described by the given attribution source
      * has a given permission and whether the app op that corresponds to this permission
      * is allowed. The app ops are also marked as started. This is useful for long running
      * permissions like camera and microphone. Use this API if you are the datasource of
      * the protected state.
      *
      * NOTE: The attribution source should be for yourself with its next attribution
      * source being the app that would receive the data from you.
      *
      * NOTE: Use this method only for permission checks at the point where you will deliver
      * the permission protected data to clients.
      *
      * @param permission The permission to check.
      * @param attributionSource The attribution chain to check.
      * @param message A message describing the reason the permission was checked.
      * @param attributedOpCode The op code towards which to blame the access. If this
      *     is a valid app op the op corresponding to the checked permission (if such)
      *     would only be checked to ensure it is allowed and if that succeeds the
      *     starting would be against the attributed op.
      * @return The permission check result which is either PERMISSION_GRANTED,
      *     or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED.
      */
     PermissionResult checkPermissionForStartDataDeliveryFromDatasource(
             const String16& permission, const AttributionSourceState& attributionSource,
             const String16& message, int32_t attributedOpCode);

     /**
      * Finishes an ongoing op for data access chain described by the given
      * attribution source. Use this API if you are the datasource of the protected
      * state. Use this API if you are the datasource of the protected state.
      *
      * NOTE: The attribution source should be for yourself with its next attribution
      * source being the app that would receive the data from you.
      *
      * @param op The op to finish.
      * @param attributionSource The attribution chain for which to finish data delivery.
      * @param attributedOpCode The op code towards which to blame the access. If this
      *     is a valid app op it is the op that would be finished.
      */
     void finishDataDeliveryFromDatasource(int32_t op,
             const AttributionSourceState& attributionSource);

 private:
     Mutex mLock;
     sp<IPermissionChecker> mService;
     sp<IPermissionChecker> getService();

     PermissionResult checkPermission(const String16& permission,
             const AttributionSourceState& attributionSource,
             const String16& message, bool forDataDelivery, bool startDataDelivery,
             bool fromDatasource, int32_t attributedOpCode);
 };

 } // namespace permission

 } // namespace android

 // ---------------------------------------------------------------------------
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#pragma once

	#include <android/content/AttributionSourceState.h>
	#include <android/permission/IPermissionChecker.h>

	#include <utils/threads.h>

	#include <optional>

	#ifdef __ANDROID_VNDK__
	#error "This header is not visible to vendors"
	#endif

	// ---------------------------------------------------------------------------
	namespace android {

	namespace permission {

	using android::content::AttributionSourceState;
	using android::permission::IPermissionChecker;

	class PermissionChecker
	{
	public:

	enum PermissionResult {

	/**
	* The permission is granted.
	*/
	PERMISSION_GRANTED = IPermissionChecker::PERMISSION_GRANTED,

	/**
	* The permission is denied. Applicable only to runtime and app op permissions.
	*
	* Returned when:
	* - the runtime permission is granted, but the corresponding app op is denied
	* for runtime permissions.
	* - the app ops is ignored for app op permissions.
	*
	*/
	PERMISSION_SOFT_DENIED = IPermissionChecker::PERMISSION_SOFT_DENIED,

	/**
	* The permission is denied.
	*
	* Returned when:
	* - the permission is denied for non app op permissions.
	* - the app op is denied or app op is AppOpsManager#MODE_DEFAULT and permission is denied.
	*/
	PERMISSION_HARD_DENIED = IPermissionChecker::PERMISSION_HARD_DENIED
	};

	PermissionChecker();

	/**
	* Checks whether a given data access chain described by the given attribution source
	* has a given permission and whether the app op that corresponds to this permission
	* is allowed. Call this method if you are the datasource which would not blame you for
	* access to the data since you are the data. Use this API if you are the datasource of
	* the protected state.
	*
	* NOTE: The attribution source should be for yourself with its next attribution
	* source being the app that would receive the data from you.
	*
	* NOTE: Use this method only for permission checks at the point where you will deliver
	* the permission protected data to clients.
	*
	* @param permission The permission to check.
	* @param attributionSource The attribution chain to check.
	* @param message A message describing the reason the permission was checked.
	* @param attributedOpCode The op code towards which to blame the access. If this
	* is a valid app op the op corresponding to the checked permission (if such)
	* would only be checked to ensure it is allowed and if that succeeds the
	* noting would be against the attributed op.
	* @return The permission check result which is either PERMISSION_GRANTED,
	* or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED.
	*/
	PermissionChecker::PermissionResult checkPermissionForDataDeliveryFromDatasource(
	const String16& permission, const AttributionSourceState& attributionSource,
	const String16& message, int32_t attributedOpCode);

	/**
	* Checks whether a given data access chain described by the given attribution source
	* has a given permission and whether the app op that corresponds to this permission
	* is allowed. The app ops are not noted/started.
	*
	* NOTE: The attribution source should be for yourself with its next attribution
	* source being the app that would receive the data from you.
	*
	* NOTE: Use this method only for permission checks at the preflight point where you
	* will not deliver the permission protected data to clients but schedule permission
	* data delivery, apps register listeners, etc.
	*
	* @param permission The permission to check.
	* @param attributionSource The attribution chain to check.
	* @param message A message describing the reason the permission was checked.
	* @param attributedOpCode The op code towards which to blame the access. If this
	* is a valid app op the op corresponding to the checked permission (if such)
	* would only be checked to ensure it is allowed and if that succeeds the
	* starting would be against the attributed op.
	* @return The permission check result which is either PERMISSION_GRANTED,
	* or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED.
	*/
	PermissionResult checkPermissionForPreflightFromDatasource(
	const String16& permission, const AttributionSourceState& attributionSource,
	const String16& message, int32_t attributedOpCode);

	/**
	* Checks whether a given data access chain described by the given attribution source
	* has a given permission and whether the app op that corresponds to this permission
	* is allowed. The app ops are also marked as started. This is useful for long running
	* permissions like camera and microphone. Use this API if you are the datasource of
	* the protected state.
	*
	* NOTE: The attribution source should be for yourself with its next attribution
	* source being the app that would receive the data from you.
	*
	* NOTE: Use this method only for permission checks at the point where you will deliver
	* the permission protected data to clients.
	*
	* @param permission The permission to check.
	* @param attributionSource The attribution chain to check.
	* @param message A message describing the reason the permission was checked.
	* @param attributedOpCode The op code towards which to blame the access. If this
	* is a valid app op the op corresponding to the checked permission (if such)
	* would only be checked to ensure it is allowed and if that succeeds the
	* starting would be against the attributed op.
	* @return The permission check result which is either PERMISSION_GRANTED,
	* or PERMISSION_SOFT_DENIED or PERMISSION_HARD_DENIED.
	*/
	PermissionResult checkPermissionForStartDataDeliveryFromDatasource(
	const String16& permission, const AttributionSourceState& attributionSource,
	const String16& message, int32_t attributedOpCode);

	/**
	* Finishes an ongoing op for data access chain described by the given
	* attribution source. Use this API if you are the datasource of the protected
	* state. Use this API if you are the datasource of the protected state.
	*
	* NOTE: The attribution source should be for yourself with its next attribution
	* source being the app that would receive the data from you.
	*
	* @param op The op to finish.
	* @param attributionSource The attribution chain for which to finish data delivery.
	* @param attributedOpCode The op code towards which to blame the access. If this
	* is a valid app op it is the op that would be finished.
	*/
	void finishDataDeliveryFromDatasource(int32_t op,
	const AttributionSourceState& attributionSource);

	private:
	Mutex mLock;
	sp<IPermissionChecker> mService;
	sp<IPermissionChecker> getService();

	PermissionResult checkPermission(const String16& permission,
	const AttributionSourceState& attributionSource,
	const String16& message, bool forDataDelivery, bool startDataDelivery,
	bool fromDatasource, int32_t attributedOpCode);
	};

	} // namespace permission

	} // namespace android

	// ---------------------------------------------------------------------------