framework: Added AOSP Security Bridge hooks

/*

 * Copyright (c) 2013, Linux Foundation. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions are

 * met:

 *     * Redistributions of source code must retain the above copyright

 *       notice, this list of conditions and the following disclaimer.

 *     * Redistributions in binary form must reproduce the above

 *       copyright notice, this list of conditions and the following

 *       disclaimer in the documentation and/or other materials provided

 *       with the distribution.

 *     * Neither the name of The Linux Foundation nor the names of its

 *       contributors may be used to endorse or promote products derived

 *       from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE

 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN

 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

package com.android.services.SecurityBridge.api;

import android.content.ClipData;

/**

 * This class defines an interface to a clipboard manager security bridge

 */

public class ClipboardManagerMonitor {

    /**

     * This method handles request approval for the clipboard paste event.

     * @param appID Paste appliaction UID

     * @param clipData The clip data structure

     * @return true if it is allowed to continue pasting. otherwise - false.

     * @hide

     */

    public boolean approvePasteRequest(int appID, final ClipData clipData) {

        return true;

    }

    /**

     * This method handles notification for the clipboard copy event

     * @param appID Copy appliaction UID

     * @param clipData The clip data structure

     * @return none

     * @hide

     */

    public void notifyCopy(int appID, final ClipData clipData) {

    }

}

/*

 * Copyright (c) 2013, Linux Foundation. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions are

 * met:

 *     * Redistributions of source code must retain the above copyright

 *       notice, this list of conditions and the following disclaimer.

 *     * Redistributions in binary form must reproduce the above

 *       copyright notice, this list of conditions and the following

 *       disclaimer in the documentation and/or other materials provided

 *       with the distribution.

 *     * Neither the name of The Linux Foundation nor the names of its

 *       contributors may be used to endorse or promote products derived

 *       from this software without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS

 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE

 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN

 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

package com.android.services.SecurityBridge.api;

/**

 * This class defines an interface to a package manager security bridge.

 */

public class PackageManagerMonitor {

    /**

     * This method handles approval requests for APK installations

     * @param apkFilePath Package APK file path

     * @param originalAPKFilePath Original package APK file path

     * @return true if it is allowed to continue with the installation. otherwise - false.

     * @hide

     */

    public boolean approveAppInstallRequest(String apkFilePath, String originalAPKFilePath) {

        return true;

    }

}

import java.util.HashSet;

import java.util.List;

import com.android.services.SecurityBridge.api.ClipboardManagerMonitor;

/**

 * Implementation of the clipboard for copy and paste.

    private final AppOpsManager mAppOps;

    private final IBinder mPermissionOwner;

    private static final String SECURITY_BRIDGE_NAME = "com.android.services.SecurityBridge.core.ClipboardManagerSB";

    private ClipboardManagerMonitor mSecurityBridge;

    private class ListenerInfo {

        final int mUid;

        final String mPackageName;

                }

            }

        }, userFilter);

        Object bridgeObject;

        try {

            /*

             * load and create the security bridge

             */

            bridgeObject = getClass().getClassLoader().loadClass(SECURITY_BRIDGE_NAME).newInstance();

            mSecurityBridge = (ClipboardManagerMonitor)bridgeObject;

        } catch (Exception e){

            Slog.w(TAG, "No security bridge jar found, using default");

            mSecurityBridge = new ClipboardManagerMonitor();

        }

    }

    @Override

            }

            throw e;

        }

    }

    private PerUserClipboard getClipboard() {

            final int userId = UserHandle.getUserId(callingUid);

            PerUserClipboard clipboard = getClipboard(userId);

            revokeUris(clipboard);

            mSecurityBridge.notifyCopy(Binder.getCallingUid(), clip);

            setPrimaryClipInternal(clipboard, clip);

            List<UserInfo> related = getRelatedProfiles(userId);

            if (related != null) {

                return null;

            }

            addActiveOwnerLocked(Binder.getCallingUid(), pkg);

            return getClipboard().primaryClip;

            ClipData clip = getClipboard().primaryClip;

            if (clip != null) {

                if (true != mSecurityBridge.approvePasteRequest(Binder.getCallingUid(), clip)) {

                    clip = null;

                }

            }

            return clip;

        }

    }

                    callingPackage) != AppOpsManager.MODE_ALLOWED) {

                return false;

            }

            return getClipboard().primaryClip != null;

            boolean hasClip = false;

            if (getClipboard().primaryClip != null) {

                hasClip = mSecurityBridge.approvePasteRequest(Binder.getCallingUid(), getClipboard().primaryClip);

            }

            return hasClip;

        }

    }

import libcore.io.IoUtils;

import libcore.util.EmptyArray;

import com.android.services.SecurityBridge.api.PackageManagerMonitor;

/**

 * Keep track of all those .apks everywhere.

 * 

    static final int REMOVE_CHATTY = 1<<16;

    private static final String SECURITY_BRIDGE_NAME = "com.android.services.SecurityBridge.core.PackageManagerSB";

    private PackageManagerMonitor mSecurityBridge;

    /**

     * Timeout (in milliseconds) after which the watchdog should declare that

     * our handler thread is wedged.  The usual default for such things is one

            Slog.w(TAG, "**** ro.build.version.sdk not set!");

        }

        Object bridgeObject;

        try {

            /*

             * load and create the security bridge

             */

            bridgeObject = getClass().getClassLoader().loadClass(SECURITY_BRIDGE_NAME).newInstance();

            mSecurityBridge = (PackageManagerMonitor)bridgeObject;

        } catch (Exception e){

            Slog.w(TAG, "No security bridge jar found, using default");

            mSecurityBridge = new PackageManagerMonitor();

        }

        mContext = context;

        mFactoryTest = factoryTest;

        mOnlyCore = onlyCore;

        res.returnCode = PackageManager.INSTALL_SUCCEEDED;

        if (DEBUG_INSTALL) Slog.d(TAG, "installPackageLI: path=" + tmpPackageFile);

        if (true != mSecurityBridge.approveAppInstallRequest(

                        args.getResourcePath(),

                        Uri.fromFile(args.originFile).toSafeString())) {

            res.returnCode = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE;

            return;

        }

        // Retrieve PackageSettings and parse package

        final int parseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY

                | (forwardLocked ? PackageParser.PARSE_FORWARD_LOCK : 0)