Move new unified permission subsystem into platform. (2337c999) · Commits · e / os / android_frameworks_base

services/permission/java/com/android/server/permission/access/AccessCheckingService.kt

0 → 100644

+85 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2021 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission.access

		import com.android.internal.annotations.Keep
		import com.android.server.permission.access.external.PackageState

		@Keep
		class AccessCheckingService {
		@Volatile
		private lateinit var state: AccessState
		private val stateLock = Any()

		private val policy = AccessPolicy()

		private val persistence = AccessPersistence(policy)

		fun init() {
		val state = AccessState()
		state.systemState.userIds.apply {
		// TODO: Get and add all user IDs.
		// TODO: Maybe get and add all packages?
		}
		persistence.read(state)
		this.state = state
		}

		fun getDecision(subject: AccessUri, `object`: AccessUri): Int =
		policy.getDecision(subject, `object`, state)

		fun setDecision(subject: AccessUri, `object`: AccessUri, decision: Int) {
		mutateState { oldState, newState ->
		policy.setDecision(subject, `object`, decision, oldState, newState)
		}
		}

		fun onUserAdded(userId: Int) {
		mutateState { oldState, newState ->
		policy.onUserAdded(userId, oldState, newState)
		}
		}

		fun onUserRemoved(userId: Int) {
		mutateState { oldState, newState ->
		policy.onUserRemoved(userId, oldState, newState)
		}
		}

		fun onPackageAdded(packageState: PackageState) {
		mutateState { oldState, newState ->
		policy.onPackageAdded(packageState, oldState, newState)
		}
		}

		fun onPackageRemoved(packageState: PackageState) {
		mutateState { oldState, newState ->
		policy.onPackageRemoved(packageState, oldState, newState)
		}
		}

		// TODO: Replace (oldState, newState) with Kotlin context receiver once it's stabilized.
		private inline fun mutateState(action: (oldState: AccessState, newState: AccessState) -> Unit) {
		synchronized(stateLock) {
		val oldState = state
		val newState = oldState.copy()
		action(oldState, newState)
		persistence.write(newState)
		state = newState
		}
		}
		}

services/permission/java/com/android/server/permission/access/AccessPersistence.kt

0 → 100644

+114 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2021 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission.access

		import android.util.AtomicFile
		import android.util.Log
		import com.android.modules.utils.BinaryXmlPullParser
		import com.android.modules.utils.BinaryXmlSerializer
		import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports
		import com.android.server.permission.access.util.PermissionApex
		import com.android.server.permission.access.util.parseBinaryXml
		import com.android.server.permission.access.util.read
		import com.android.server.permission.access.util.serializeBinaryXml
		import com.android.server.permission.access.util.writeInlined
		import java.io.File
		import java.io.FileNotFoundException

		class AccessPersistence(
		private val policy: AccessPolicy
		) {
		fun read(state: AccessState) {
		readSystemState(state.systemState)
		val userStates = state.userStates
		state.systemState.userIds.forEachIndexed { _, userId ->
		readUserState(userId, userStates[userId])
		}
		}

		private fun readSystemState(systemState: SystemState) {
		systemFile.parse {
		// This is the canonical way to call an extension function in a different class.
		// TODO(b/259469752): Use context receiver for this when it becomes stable.
		with(policy) { this@parse.parseSystemState(systemState) }
		}
		}

		private fun readUserState(userId: Int, userState: UserState) {
		getUserFile(userId).parse {
		with(policy) { this@parse.parseUserState(userId, userState) }
		}
		}

		private inline fun File.parse(block: BinaryXmlPullParser.() -> Unit) {
		try {
		AtomicFile(this).read { it.parseBinaryXml(block) }
		} catch (e: FileNotFoundException) {
		Log.i(LOG_TAG, "$this not found")
		} catch (e: Exception) {
		throw IllegalStateException("Failed to read $this", e)
		}
		}

		fun write(state: AccessState) {
		writeState(state.systemState, ::writeSystemState)
		state.userStates.forEachIndexed { _, userId, userState ->
		writeState(userState) { writeUserState(userId, it) }
		}
		}

		private inline fun <T : WritableState> writeState(state: T, write: (T) -> Unit) {
		when (val writeMode = state.writeMode) {
		WriteMode.NONE -> {}
		WriteMode.SYNC -> write(state)
		WriteMode.ASYNC -> TODO()
		else -> error(writeMode)
		}
		}

		private fun writeSystemState(systemState: SystemState) {
		systemFile.serialize {
		with(policy) { this@serialize.serializeSystemState(systemState) }
		}
		}

		private fun writeUserState(userId: Int, userState: UserState) {
		getUserFile(userId).serialize {
		with(policy) { this@serialize.serializeUserState(userId, userState) }
		}
		}

		private inline fun File.serialize(block: BinaryXmlSerializer.() -> Unit) {
		try {
		AtomicFile(this).writeInlined { it.serializeBinaryXml(block) }
		} catch (e: Exception) {
		Log.e(LOG_TAG, "Failed to serialize $this", e)
		}
		}

		private val systemFile: File
		get() = File(PermissionApex.systemDataDirectory, FILE_NAME)

		private fun getUserFile(userId: Int): File =
		File(PermissionApex.getUserDataDirectory(userId), FILE_NAME)

		companion object {
		private val LOG_TAG = AccessPersistence::class.java.simpleName

		private const val FILE_NAME = "access.abx"
		}
		}

services/permission/java/com/android/server/permission/access/AccessPolicy.kt

0 → 100644

+255 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2021 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission.access

		import android.util.Log
		import com.android.modules.utils.BinaryXmlPullParser
		import com.android.modules.utils.BinaryXmlSerializer
		import com.android.server.permission.access.appop.PackageAppOpPolicy
		import com.android.server.permission.access.appop.UidAppOpPolicy
		import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports
		import com.android.server.permission.access.external.PackageState
		import com.android.server.permission.access.permission.UidPermissionPolicy
		import com.android.server.permission.access.util.forEachTag
		import com.android.server.permission.access.util.tag
		import com.android.server.permission.access.util.tagName

		class AccessPolicy private constructor(
		private val schemePolicies: IndexedMap<String, IndexedMap<String, SchemePolicy>>
		) {
		constructor() : this(
		IndexedMap<String, IndexedMap<String, SchemePolicy>>().apply {
		fun addPolicy(policy: SchemePolicy) =
		getOrPut(policy.subjectScheme) { IndexedMap() }.put(policy.objectScheme, policy)
		addPolicy(UidPermissionPolicy())
		addPolicy(UidAppOpPolicy())
		addPolicy(PackageAppOpPolicy())
		}
		)

		fun getDecision(subject: AccessUri, `object`: AccessUri, state: AccessState): Int =
		getSchemePolicy(subject, `object`).getDecision(subject, `object`, state)

		fun setDecision(
		subject: AccessUri,
		`object`: AccessUri,
		decision: Int,
		oldState: AccessState,
		newState: AccessState
		) {
		getSchemePolicy(subject, `object`)
		.setDecision(subject, `object`, decision, oldState, newState)
		}

		private fun getSchemePolicy(subject: AccessUri, `object`: AccessUri): SchemePolicy =
		checkNotNull(schemePolicies[subject.scheme]?.get(`object`.scheme)) {
		"Scheme policy for subject=$subject object=$`object` does not exist"
		}

		fun onUserAdded(userId: Int, oldState: AccessState, newState: AccessState) {
		newState.systemState.userIds += userId
		newState.userStates[userId] = UserState()
		forEachSchemePolicy { it.onUserAdded(userId, oldState, newState) }
		}

		fun onUserRemoved(userId: Int, oldState: AccessState, newState: AccessState) {
		newState.systemState.userIds -= userId
		newState.userStates -= userId
		forEachSchemePolicy { it.onUserRemoved(userId, oldState, newState) }
		}

		fun onPackageAdded(packageState: PackageState, oldState: AccessState, newState: AccessState) {
		var isAppIdAdded = false
		newState.systemState.apply {
		packageStates[packageState.packageName] = packageState
		appIds.getOrPut(packageState.appId) {
		isAppIdAdded = true
		IndexedListSet()
		}.add(packageState.packageName)
		}
		if (isAppIdAdded) {
		forEachSchemePolicy { it.onAppIdAdded(packageState.appId, oldState, newState) }
		}
		forEachSchemePolicy { it.onPackageAdded(packageState, oldState, newState) }
		}

		fun onPackageRemoved(packageState: PackageState, oldState: AccessState, newState: AccessState) {
		var isAppIdRemoved = false
		newState.systemState.apply {
		packageStates -= packageState.packageName
		appIds.apply appIds@{
		this[packageState.appId]?.apply {
		this -= packageState.packageName
		if (isEmpty()) {
		this@appIds -= packageState.appId
		isAppIdRemoved = true
		}
		}
		}
		}
		forEachSchemePolicy { it.onPackageRemoved(packageState, oldState, newState) }
		if (isAppIdRemoved) {
		forEachSchemePolicy { it.onAppIdRemoved(packageState.appId, oldState, newState) }
		}
		}

		fun BinaryXmlPullParser.parseSystemState(systemState: SystemState) {
		forEachTag {
		when (tagName) {
		TAG_ACCESS -> {
		forEachTag {
		forEachSchemePolicy {
		with(it) { this@parseSystemState.parseSystemState(systemState) }
		}
		}
		}
		else -> Log.w(LOG_TAG, "Ignoring unknown tag $tagName when parsing system state")
		}
		}
		}

		fun BinaryXmlSerializer.serializeSystemState(systemState: SystemState) {
		tag(TAG_ACCESS) {
		forEachSchemePolicy {
		with(it) { this@serializeSystemState.serializeSystemState(systemState) }
		}
		}
		}

		fun BinaryXmlPullParser.parseUserState(userId: Int, userState: UserState) {
		forEachTag {
		when (tagName) {
		TAG_ACCESS -> {
		forEachTag {
		forEachSchemePolicy {
		with(it) { this@parseUserState.parseUserState(userId, userState) }
		}
		}
		}
		else -> {
		Log.w(
		LOG_TAG,
		"Ignoring unknown tag $tagName when parsing user state for user $userId"
		)
		}
		}
		}
		}

		fun BinaryXmlSerializer.serializeUserState(userId: Int, userState: UserState) {
		tag(TAG_ACCESS) {
		forEachSchemePolicy {
		with(it) { this@serializeUserState.serializeUserState(userId, userState) }
		}
		}
		}

		private inline fun forEachSchemePolicy(action: (SchemePolicy) -> Unit) {
		schemePolicies.forEachValueIndexed { _, objectSchemePolicies ->
		objectSchemePolicies.forEachValueIndexed { _, schemePolicy ->
		action(schemePolicy)
		}
		}
		}

		companion object {
		private val LOG_TAG = AccessPolicy::class.java.simpleName

		private const val TAG_ACCESS = "access"
		}
		}

		abstract class SchemePolicy {
		@Volatile
		private var onDecisionChangedListeners = IndexedListSet<OnDecisionChangedListener>()
		private val onDecisionChangedListenersLock = Any()

		abstract val subjectScheme: String

		abstract val objectScheme: String

		abstract fun getDecision(subject: AccessUri, `object`: AccessUri, state: AccessState): Int

		abstract fun setDecision(
		subject: AccessUri,
		`object`: AccessUri,
		decision: Int,
		oldState: AccessState,
		newState: AccessState
		)

		fun addOnDecisionChangedListener(listener: OnDecisionChangedListener) {
		synchronized(onDecisionChangedListenersLock) {
		onDecisionChangedListeners = onDecisionChangedListeners + listener
		}
		}

		fun removeOnDecisionChangedListener(listener: OnDecisionChangedListener) {
		synchronized(onDecisionChangedListenersLock) {
		onDecisionChangedListeners = onDecisionChangedListeners - listener
		}
		}

		protected fun notifyOnDecisionChangedListeners(
		subject: AccessUri,
		`object`: AccessUri,
		oldDecision: Int,
		newDecision: Int
		) {
		val listeners = onDecisionChangedListeners
		listeners.forEachIndexed { _, it ->
		it.onDecisionChanged(subject, `object`, oldDecision, newDecision)
		}
		}

		open fun onUserAdded(userId: Int, oldState: AccessState, newState: AccessState) {}

		open fun onUserRemoved(userId: Int, oldState: AccessState, newState: AccessState) {}

		open fun onAppIdAdded(appId: Int, oldState: AccessState, newState: AccessState) {}

		open fun onAppIdRemoved(appId: Int, oldState: AccessState, newState: AccessState) {}

		open fun onPackageAdded(
		packageState: PackageState,
		oldState: AccessState,
		newState: AccessState
		) {}

		open fun onPackageRemoved(
		packageState: PackageState,
		oldState: AccessState,
		newState: AccessState
		) {}

		open fun BinaryXmlPullParser.parseSystemState(systemState: SystemState) {}

		open fun BinaryXmlSerializer.serializeSystemState(systemState: SystemState) {}

		open fun BinaryXmlPullParser.parseUserState(userId: Int, userState: UserState) {}

		open fun BinaryXmlSerializer.serializeUserState(userId: Int, userState: UserState) {}

		fun interface OnDecisionChangedListener {
		fun onDecisionChanged(
		subject: AccessUri,
		`object`: AccessUri,
		oldDecision: Int,
		newDecision: Int
		)
		}
		}

services/permission/java/com/android/server/permission/access/AccessState.kt

0 → 100644

+126 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2021 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission.access

		import android.content.pm.PermissionGroupInfo
		import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports
		import com.android.server.permission.access.data.Permission
		import com.android.server.permission.access.external.PackageState

		class AccessState private constructor(
		val systemState: SystemState,
		val userStates: IntMap<UserState>
		) {
		constructor() : this(SystemState(), IntMap())

		fun copy(): AccessState = AccessState(systemState.copy(), userStates.copy { it.copy() })
		}

		class SystemState private constructor(
		val userIds: IntSet,
		val packageStates: IndexedMap<String, PackageState>,
		val disabledSystemPackageStates: IndexedMap<String, PackageState>,
		val appIds: IntMap<IndexedListSet<String>>,
		// A map of KnownPackagesInt to a set of known package names
		val knownPackages: IntMap<IndexedListSet<String>>,
		// A map of userId to packageName
		val deviceAndProfileOwners: IntMap<String>,
		// A map of packageName to (A map of oem permission name to whether it's granted)
		val oemPermissions: IndexedMap<String, IndexedMap<String, Boolean>>,
		val privilegedPermissionAllowlistSourcePackageNames: IndexedListSet<String>,
		// A map of packageName to a set of vendor priv app permission names
		val vendorPrivAppPermissions: Map<String, Set<String>>,
		val productPrivAppPermissions: Map<String, Set<String>>,
		val systemExtPrivAppPermissions: Map<String, Set<String>>,
		val privAppPermissions: Map<String, Set<String>>,
		val apexPrivAppPermissions: Map<String, Map<String, Set<String>>>,
		val vendorPrivAppDenyPermissions: Map<String, Set<String>>,
		val productPrivAppDenyPermissions: Map<String, Set<String>>,
		val systemExtPrivAppDenyPermissions: Map<String, Set<String>>,
		val apexPrivAppDenyPermissions: Map<String, Map<String, Set<String>>>,
		val privAppDenyPermissions: Map<String, Set<String>>,
		val implicitToSourcePermissions: Map<String, Set<String>>,
		val permissionGroups: IndexedMap<String, PermissionGroupInfo>,
		val permissionTrees: IndexedMap<String, Permission>,
		val permissions: IndexedMap<String, Permission>
		) : WritableState() {
		constructor() : this(
		IntSet(), IndexedMap(), IndexedMap(), IntMap(), IntMap(), IntMap(), IndexedMap(),
		IndexedListSet(), IndexedMap(), IndexedMap(), IndexedMap(), IndexedMap(), IndexedMap(),
		IndexedMap(), IndexedMap(), IndexedMap(), IndexedMap(), IndexedMap(), IndexedMap(),
		IndexedMap(), IndexedMap(), IndexedMap()
		)

		fun copy(): SystemState =
		SystemState(
		userIds.copy(),
		packageStates.copy { it },
		disabledSystemPackageStates.copy { it },
		appIds.copy { it.copy() },
		knownPackages.copy { it.copy() },
		deviceAndProfileOwners.copy { it },
		oemPermissions.copy { it.copy { it } },
		privilegedPermissionAllowlistSourcePackageNames.copy(),
		vendorPrivAppPermissions,
		productPrivAppPermissions,
		systemExtPrivAppPermissions,
		privAppPermissions,
		apexPrivAppPermissions,
		vendorPrivAppDenyPermissions,
		productPrivAppDenyPermissions,
		systemExtPrivAppDenyPermissions,
		apexPrivAppDenyPermissions,
		privAppDenyPermissions,
		implicitToSourcePermissions,
		permissionGroups.copy { it },
		permissionTrees.copy { it },
		permissions.copy { it }
		)
		}

		class UserState private constructor(
		// A map of (appId to a map of (permissionName to permissionFlags))
		val permissionFlags: IntMap<IndexedMap<String, Int>>,
		val uidAppOpModes: IntMap<IndexedMap<String, Int>>,
		val packageAppOpModes: IndexedMap<String, IndexedMap<String, Int>>
		) : WritableState() {
		constructor() : this(IntMap(), IntMap(), IndexedMap())

		fun copy(): UserState = UserState(permissionFlags.copy { it.copy { it } },
		uidAppOpModes.copy { it.copy { it } }, packageAppOpModes.copy { it.copy { it } })
		}

		object WriteMode {
		const val NONE = 0
		const val SYNC = 1
		const val ASYNC = 2
		}

		abstract class WritableState {
		var writeMode: Int = WriteMode.NONE
		private set

		fun requestWrite(sync: Boolean = false) {
		if (sync) {
		writeMode = WriteMode.SYNC
		} else {
		if (writeMode != WriteMode.SYNC) {
		writeMode = WriteMode.ASYNC
		}
		}
		}
		}

services/permission/java/com/android/server/permission/access/AccessUri.kt

0 → 100644

+83 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2021 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission.access

		import com.android.server.permission.access.external.UserHandle
		import com.android.server.permission.access.external.UserHandleCompat

		sealed class AccessUri(
		val scheme: String
		) {
		override fun equals(other: Any?): Boolean {
		throw NotImplementedError()
		}

		override fun hashCode(): Int {
		throw NotImplementedError()
		}

		override fun toString(): String {
		throw NotImplementedError()
		}
		}

		data class AppOpUri(
		val appOpName: String
		) : AccessUri(SCHEME) {
		override fun toString(): String = "$scheme:///$appOpName"

		companion object {
		const val SCHEME = "app-op"
		}
		}

		data class PackageUri(
		val packageName: String,
		val userId: Int
		) : AccessUri(SCHEME) {
		override fun toString(): String = "$scheme:///$packageName/$userId"

		companion object {
		const val SCHEME = "package"
		}
		}

		data class PermissionUri(
		val permissionName: String
		) : AccessUri(SCHEME) {
		override fun toString(): String = "$scheme:///$permissionName"

		companion object {
		const val SCHEME = "permission"
		}
		}

		data class UidUri(
		val uid: Int
		) : AccessUri(SCHEME) {
		val userId: Int
		get() = UserHandleCompat.getUserId(uid)

		val appId: Int
		get() = UserHandle.getAppId(uid)

		override fun toString(): String = "$scheme:///$uid"

		companion object {
		const val SCHEME = "uid"
		}
		}