service/java/com/android/server/healthconnect/HealthConnectPermissionHelper.java - platform/packages/modules/HealthFitness - Git at Google

 /*
  * Copyright (C) 2022 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.server.healthconnect;

 import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;

 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.app.ActivityManager;
 import android.content.Context;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 import android.healthconnect.HealthPermissions;
 import android.os.Binder;
 import android.os.UserHandle;

 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;

 /** A handler for HealthConnect permission-related logic. */
 final class HealthConnectPermissionHelper {

     private final Context mContext;
     private final PackageManager mPackageManager;
     private final Set<String> mHealthPermissions;

     /**
      * Constructs a {@link HealthConnectPermissionHelper}.
      *
      * @param context the service context.
      * @param packageManager a {@link PackageManager} instance.
      * @param healthPermissions a {@link Set} of permissions that are recognized as
      *     HealthConnect-defined permissions.
      */
     HealthConnectPermissionHelper(
             Context context, PackageManager packageManager, Set<String> healthPermissions) {
         mContext = context;
         mPackageManager = packageManager;
         mHealthPermissions = healthPermissions;
     }

     /** See {@link android.healthconnect.HealthConnectManager#grantHealthPermission}. */
     void grantHealthPermission(
             @NonNull String packageName, @NonNull String permissionName, @NonNull UserHandle user) {
         Objects.requireNonNull(packageName);
         Objects.requireNonNull(permissionName);
         // TODO(b/249527134): Add a check to ensure the SHOW_HEALTH_PERMISSION_RATIONALE
         //   intent-filter is listed in the target app's manifest before granting permissions.
         enforceManageHealthPermissions(/* message= */ "grantHealthPermission");
         enforceValidPermission(permissionName);
         UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
         enforceValidPackage(packageName);
         final long token = Binder.clearCallingIdentity();
         try {
             mPackageManager.grantRuntimePermission(packageName, permissionName, checkedUser);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
     }

     /** See {@link android.healthconnect.HealthConnectManager#revokeHealthPermission}. */
     void revokeHealthPermission(
             @NonNull String packageName,
             @NonNull String permissionName,
             @Nullable String reason,
             @NonNull UserHandle user) {
         Objects.requireNonNull(packageName);
         Objects.requireNonNull(permissionName);
         enforceManageHealthPermissions(/* message= */ "revokeHealthPermission");
         enforceValidPermission(permissionName);
         UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
         enforceValidPackage(packageName);
         final long token = Binder.clearCallingIdentity();
         try {
             mPackageManager.revokeRuntimePermission(
                     packageName, permissionName, checkedUser, reason);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
     }

     /** See {@link android.healthconnect.HealthConnectManager#revokeAllHealthPermissions}. */
     void revokeAllHealthPermissions(
             @NonNull String packageName, @Nullable String reason, @NonNull UserHandle user) {
         Objects.requireNonNull(packageName);
         enforceManageHealthPermissions(/* message= */ "revokeAllHealthPermissions");
         UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
         enforceValidPackage(packageName);
         final long token = Binder.clearCallingIdentity();
         try {
             revokeAllHealthPermissionsUnchecked(packageName, checkedUser, reason);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
     }

     /** See {@link android.healthconnect.HealthConnectManager#getGrantedHealthPermissions}. */
     List<String> getGrantedHealthPermissions(
             @NonNull String packageName, @NonNull UserHandle user) {
         Objects.requireNonNull(packageName);
         enforceManageHealthPermissions(/* message= */ "getGrantedHealthPermissions");
         UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
         enforceValidPackage(packageName);
         final long token = Binder.clearCallingIdentity();
         try {
             return getGrantedHealthPermissionsUnchecked(packageName, checkedUser);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
     }

     private List<String> getGrantedHealthPermissionsUnchecked(String packageName, UserHandle user) {
         PackageInfo packageInfo;
         try {
             PackageManager packageManager =
                     mContext.createContextAsUser(user, /* flags= */ 0).getPackageManager();
             packageInfo =
                     packageManager.getPackageInfo(
                             packageName,
                             PackageManager.PackageInfoFlags.of(PackageManager.GET_PERMISSIONS));
         } catch (PackageManager.NameNotFoundException e) {
             throw new IllegalArgumentException("Invalid package", e);
         }
         List<String> grantedHealthPerms = new ArrayList<>(packageInfo.requestedPermissions.length);
         for (int i = 0; i < packageInfo.requestedPermissions.length; i++) {
             String currPerm = packageInfo.requestedPermissions[i];
             if (mHealthPermissions.contains(currPerm)
                     && ((packageInfo.requestedPermissionsFlags[i]
                                     & PackageInfo.REQUESTED_PERMISSION_GRANTED)
                             != 0)) {
                 grantedHealthPerms.add(currPerm);
             }
         }
         return grantedHealthPerms;
     }

     private void revokeAllHealthPermissionsUnchecked(
             String packageName, UserHandle user, String reason) {
         List<String> grantedHealthPermissions =
                 getGrantedHealthPermissionsUnchecked(packageName, user);
         for (String perm : grantedHealthPermissions) {
             mPackageManager.revokeRuntimePermission(packageName, perm, user, reason);
         }
     }

     private void enforceValidPermission(String permissionName) {
         if (!mHealthPermissions.contains(permissionName)) {
             throw new IllegalArgumentException("invalid health permission");
         }
     }

     private void enforceValidPackage(String packageName) {
         try {
             mPackageManager.getPackageInfo(packageName, PackageManager.PackageInfoFlags.of(0));
         } catch (PackageManager.NameNotFoundException e) {
             throw new IllegalArgumentException("invalid package", e);
         }
     }

     private void enforceManageHealthPermissions(String message) {
         mContext.enforceCallingOrSelfPermission(
                 HealthPermissions.MANAGE_HEALTH_PERMISSIONS, message);
     }

     /**
      * Returns the target userId after handling the incoming user for packages with {@link
      * INTERACT_ACROSS_USERS_FULL}.
      *
      * @throws java.lang.SecurityException if the caller is affecting different users without
      *     holding the {@link INTERACT_ACROSS_USERS_FULL} permission.
      */
     private int handleIncomingUser(int userId) {
         int callingUserId = UserHandle.getUserHandleForUid(Binder.getCallingUid()).getIdentifier();
         if (userId == callingUserId) {
             return userId;
         }

         boolean canInteractAcrossUsersFull =
                 mContext.checkCallingPermission(INTERACT_ACROSS_USERS_FULL)
                         == PackageManager.PERMISSION_GRANTED;
         if (canInteractAcrossUsersFull) {
             if (userId == UserHandle.CURRENT.getIdentifier()) {
                 return ActivityManager.getCurrentUser();
             }
             return userId;
         }

         throw new SecurityException(
                 "Permission denied. Need to run as either the calling user id ("
                         + callingUserId
                         + "), or with "
                         + INTERACT_ACROSS_USERS_FULL
                         + " permission");
     }
 }
	/*
	* Copyright (C) 2022 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.server.healthconnect;

	import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;

	import android.annotation.NonNull;
	import android.annotation.Nullable;
	import android.app.ActivityManager;
	import android.content.Context;
	import android.content.pm.PackageInfo;
	import android.content.pm.PackageManager;
	import android.healthconnect.HealthPermissions;
	import android.os.Binder;
	import android.os.UserHandle;

	import java.util.ArrayList;
	import java.util.List;
	import java.util.Objects;
	import java.util.Set;

	/** A handler for HealthConnect permission-related logic. */
	final class HealthConnectPermissionHelper {

	private final Context mContext;
	private final PackageManager mPackageManager;
	private final Set<String> mHealthPermissions;

	/**
	* Constructs a {@link HealthConnectPermissionHelper}.
	*
	* @param context the service context.
	* @param packageManager a {@link PackageManager} instance.
	* @param healthPermissions a {@link Set} of permissions that are recognized as
	* HealthConnect-defined permissions.
	*/
	HealthConnectPermissionHelper(
	Context context, PackageManager packageManager, Set<String> healthPermissions) {
	mContext = context;
	mPackageManager = packageManager;
	mHealthPermissions = healthPermissions;
	}

	/** See {@link android.healthconnect.HealthConnectManager#grantHealthPermission}. */
	void grantHealthPermission(
	@NonNull String packageName, @NonNull String permissionName, @NonNull UserHandle user) {
	Objects.requireNonNull(packageName);
	Objects.requireNonNull(permissionName);
	// TODO(b/249527134): Add a check to ensure the SHOW_HEALTH_PERMISSION_RATIONALE
	// intent-filter is listed in the target app's manifest before granting permissions.
	enforceManageHealthPermissions(/* message= */ "grantHealthPermission");
	enforceValidPermission(permissionName);
	UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
	enforceValidPackage(packageName);
	final long token = Binder.clearCallingIdentity();
	try {
	mPackageManager.grantRuntimePermission(packageName, permissionName, checkedUser);
	} finally {
	Binder.restoreCallingIdentity(token);
	}
	}

	/** See {@link android.healthconnect.HealthConnectManager#revokeHealthPermission}. */
	void revokeHealthPermission(
	@NonNull String packageName,
	@NonNull String permissionName,
	@Nullable String reason,
	@NonNull UserHandle user) {
	Objects.requireNonNull(packageName);
	Objects.requireNonNull(permissionName);
	enforceManageHealthPermissions(/* message= */ "revokeHealthPermission");
	enforceValidPermission(permissionName);
	UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
	enforceValidPackage(packageName);
	final long token = Binder.clearCallingIdentity();
	try {
	mPackageManager.revokeRuntimePermission(
	packageName, permissionName, checkedUser, reason);
	} finally {
	Binder.restoreCallingIdentity(token);
	}
	}

	/** See {@link android.healthconnect.HealthConnectManager#revokeAllHealthPermissions}. */
	void revokeAllHealthPermissions(
	@NonNull String packageName, @Nullable String reason, @NonNull UserHandle user) {
	Objects.requireNonNull(packageName);
	enforceManageHealthPermissions(/* message= */ "revokeAllHealthPermissions");
	UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
	enforceValidPackage(packageName);
	final long token = Binder.clearCallingIdentity();
	try {
	revokeAllHealthPermissionsUnchecked(packageName, checkedUser, reason);
	} finally {
	Binder.restoreCallingIdentity(token);
	}
	}

	/** See {@link android.healthconnect.HealthConnectManager#getGrantedHealthPermissions}. */
	List<String> getGrantedHealthPermissions(
	@NonNull String packageName, @NonNull UserHandle user) {
	Objects.requireNonNull(packageName);
	enforceManageHealthPermissions(/* message= */ "getGrantedHealthPermissions");
	UserHandle checkedUser = UserHandle.of(handleIncomingUser(user.getIdentifier()));
	enforceValidPackage(packageName);
	final long token = Binder.clearCallingIdentity();
	try {
	return getGrantedHealthPermissionsUnchecked(packageName, checkedUser);
	} finally {
	Binder.restoreCallingIdentity(token);
	}
	}

	private List<String> getGrantedHealthPermissionsUnchecked(String packageName, UserHandle user) {
	PackageInfo packageInfo;
	try {
	PackageManager packageManager =
	mContext.createContextAsUser(user, /* flags= */ 0).getPackageManager();
	packageInfo =
	packageManager.getPackageInfo(
	packageName,
	PackageManager.PackageInfoFlags.of(PackageManager.GET_PERMISSIONS));
	} catch (PackageManager.NameNotFoundException e) {
	throw new IllegalArgumentException("Invalid package", e);
	}
	List<String> grantedHealthPerms = new ArrayList<>(packageInfo.requestedPermissions.length);
	for (int i = 0; i < packageInfo.requestedPermissions.length; i++) {
	String currPerm = packageInfo.requestedPermissions[i];
	if (mHealthPermissions.contains(currPerm)
	&& ((packageInfo.requestedPermissionsFlags[i]
	& PackageInfo.REQUESTED_PERMISSION_GRANTED)
	!= 0)) {
	grantedHealthPerms.add(currPerm);
	}
	}
	return grantedHealthPerms;
	}

	private void revokeAllHealthPermissionsUnchecked(
	String packageName, UserHandle user, String reason) {
	List<String> grantedHealthPermissions =
	getGrantedHealthPermissionsUnchecked(packageName, user);
	for (String perm : grantedHealthPermissions) {
	mPackageManager.revokeRuntimePermission(packageName, perm, user, reason);
	}
	}

	private void enforceValidPermission(String permissionName) {
	if (!mHealthPermissions.contains(permissionName)) {
	throw new IllegalArgumentException("invalid health permission");
	}
	}

	private void enforceValidPackage(String packageName) {
	try {
	mPackageManager.getPackageInfo(packageName, PackageManager.PackageInfoFlags.of(0));
	} catch (PackageManager.NameNotFoundException e) {
	throw new IllegalArgumentException("invalid package", e);
	}
	}

	private void enforceManageHealthPermissions(String message) {
	mContext.enforceCallingOrSelfPermission(
	HealthPermissions.MANAGE_HEALTH_PERMISSIONS, message);
	}

	/**
	* Returns the target userId after handling the incoming user for packages with {@link
	* INTERACT_ACROSS_USERS_FULL}.
	*
	* @throws java.lang.SecurityException if the caller is affecting different users without
	* holding the {@link INTERACT_ACROSS_USERS_FULL} permission.
	*/
	private int handleIncomingUser(int userId) {
	int callingUserId = UserHandle.getUserHandleForUid(Binder.getCallingUid()).getIdentifier();
	if (userId == callingUserId) {
	return userId;
	}

	boolean canInteractAcrossUsersFull =
	mContext.checkCallingPermission(INTERACT_ACROSS_USERS_FULL)
	== PackageManager.PERMISSION_GRANTED;
	if (canInteractAcrossUsersFull) {
	if (userId == UserHandle.CURRENT.getIdentifier()) {
	return ActivityManager.getCurrentUser();
	}
	return userId;
	}

	throw new SecurityException(
	"Permission denied. Need to run as either the calling user id ("
	+ callingUserId
	+ "), or with "
	+ INTERACT_ACROSS_USERS_FULL
	+ " permission");
	}
	}