1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17 package com.android.providers.calendar.enterprise; 18 19 import android.app.admin.DevicePolicyManager; 20 import android.content.Context; 21 import android.content.pm.PackageManager; 22 import android.net.Uri; 23 import android.os.UserHandle; 24 import android.provider.CalendarContract; 25 import android.provider.Settings; 26 import android.util.ArraySet; 27 import android.util.Log; 28 29 import java.util.Set; 30 31 /** 32 * Helper class for cross profile calendar related policies. 33 */ 34 public class CrossProfileCalendarHelper { 35 36 private static final String LOG_TAG = "CrossProfileCalendarHelper"; 37 38 final private Context mContext; 39 40 public static final Set<String> EVENTS_TABLE_ALLOWED_LIST; 41 public static final Set<String> CALENDARS_TABLE_ALLOWED_LIST; 42 public static final Set<String> INSTANCES_TABLE_ALLOWED_LIST; 43 44 static { 45 EVENTS_TABLE_ALLOWED_LIST = new ArraySet<>(); 46 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events._ID); 47 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.CALENDAR_ID); 48 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.TITLE); 49 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.EVENT_LOCATION); 50 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.EVENT_COLOR); 51 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.STATUS); 52 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.DTSTART); 53 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.DTEND); 54 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.EVENT_TIMEZONE); 55 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.EVENT_END_TIMEZONE); 56 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.DURATION); 57 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.ALL_DAY); 58 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.AVAILABILITY); 59 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.RRULE); 60 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.RDATE); 61 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.EXRULE); 62 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.EXDATE); 63 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.LAST_DATE); 64 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.SELF_ATTENDEE_STATUS); 65 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Events.DISPLAY_COLOR); 66 67 CALENDARS_TABLE_ALLOWED_LIST = new ArraySet<>(); 68 CALENDARS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars._ID); 69 CALENDARS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.CALENDAR_COLOR); 70 CALENDARS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.VISIBLE); 71 CALENDARS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.CALENDAR_LOCATION); 72 CALENDARS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.CALENDAR_TIME_ZONE); 73 CALENDARS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.IS_PRIMARY); 74 75 INSTANCES_TABLE_ALLOWED_LIST = new ArraySet<>(); 76 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances._ID); 77 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.EVENT_ID); 78 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.BEGIN); 79 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.END); 80 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.START_DAY); 81 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.END_DAY); 82 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.START_MINUTE); 83 INSTANCES_TABLE_ALLOWED_LIST.add(CalendarContract.Instances.END_MINUTE); 84 85 // Add calendar columns. 86 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.CALENDAR_COLOR); 87 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.VISIBLE); 88 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.CALENDAR_TIME_ZONE); 89 EVENTS_TABLE_ALLOWED_LIST.add(CalendarContract.Calendars.IS_PRIMARY); 90 addAll(EVENTS_TABLE_ALLOWED_LIST)91 ((ArraySet<String>) INSTANCES_TABLE_ALLOWED_LIST).addAll(EVENTS_TABLE_ALLOWED_LIST); 92 } 93 CrossProfileCalendarHelper(Context context)94 public CrossProfileCalendarHelper(Context context) { 95 mContext = context; 96 } 97 98 /** 99 * @return a context created from the given context for the given user, or null if it fails. 100 */ createPackageContextAsUser(Context context, int userId)101 private Context createPackageContextAsUser(Context context, int userId) { 102 try { 103 return context.createPackageContextAsUser( 104 context.getPackageName(), 0 /* flags */, UserHandle.of(userId)); 105 } catch (PackageManager.NameNotFoundException e) { 106 Log.e(LOG_TAG, "Failed to create user context", e); 107 } 108 return null; 109 } 110 111 /** 112 * Returns whether a package is allowed to access cross-profile calendar APIs. 113 * 114 * A package is allowed to access cross-profile calendar APIs if it's allowed by the 115 * profile owner of a managed profile to access the managed profile calendar provider, 116 * and the setting {@link Settings.Secure#CROSS_PROFILE_CALENDAR_ENABLED} is turned 117 * on in the managed profile. 118 * 119 * @param packageName the name of the package 120 * @param managedProfileUserId the user id of the managed profile 121 * @return {@code true} if the package is allowed, {@false} otherwise. 122 */ isPackageAllowedToAccessCalendar(String packageName, int managedProfileUserId)123 public boolean isPackageAllowedToAccessCalendar(String packageName, int managedProfileUserId) { 124 final Context managedProfileUserContext = createPackageContextAsUser( 125 mContext, managedProfileUserId); 126 final DevicePolicyManager mDpm = managedProfileUserContext.getSystemService( 127 DevicePolicyManager.class); 128 return mDpm.isPackageAllowedToAccessCalendar(packageName); 129 } 130 ensureProjectionAllowed(String[] projection, Set<String> validColumnsSet)131 private static void ensureProjectionAllowed(String[] projection, Set<String> validColumnsSet) { 132 for (String column : projection) { 133 if (!validColumnsSet.contains(column)) { 134 throw new IllegalArgumentException(String.format("Column %s is not " 135 + "allowed to be accessed from cross profile Uris", column)); 136 } 137 } 138 } 139 140 /** 141 * Returns the calibrated version of projection for a given table. 142 * 143 * If the input projection is empty, return an array of all the allowed list of columns for a 144 * given table. Table is determined by the input uri. 145 * 146 * @param projection the original projection 147 * @param localUri the local uri for the query of the projection 148 * @return the original value of the input projection if it's not empty, otherwise an array of 149 * all the allowed list of columns. 150 * @throws IllegalArgumentException if the input projection contains a column that is not 151 * in the allowed list for a given table. 152 */ getCalibratedProjection(String[] projection, Uri localUri)153 public String[] getCalibratedProjection(String[] projection, Uri localUri) { 154 // If projection is not empty, check if it's valid. Otherwise fill it with all 155 // allowed columns. 156 Set<String> validColumnsSet = new ArraySet<String>(); 157 if (CalendarContract.Events.CONTENT_URI.equals(localUri)) { 158 validColumnsSet = EVENTS_TABLE_ALLOWED_LIST; 159 } else if (CalendarContract.Calendars.CONTENT_URI.equals(localUri)) { 160 validColumnsSet = CALENDARS_TABLE_ALLOWED_LIST; 161 } else if (CalendarContract.Instances.CONTENT_URI.equals(localUri) 162 || CalendarContract.Instances.CONTENT_BY_DAY_URI.equals(localUri) 163 || CalendarContract.Instances.CONTENT_SEARCH_URI.equals(localUri) 164 || CalendarContract.Instances.CONTENT_SEARCH_BY_DAY_URI.equals(localUri)) { 165 validColumnsSet = INSTANCES_TABLE_ALLOWED_LIST; 166 } else { 167 throw new IllegalArgumentException(String.format("Cross profile version of %s is not " 168 + "supported", localUri.toSafeString())); 169 } 170 171 if (projection != null && projection.length > 0) { 172 // If there exists some columns in original projection, check if these columns are 173 // allowed. 174 ensureProjectionAllowed(projection, validColumnsSet); 175 return projection; 176 } 177 // Query of content provider will return cursor that contains all columns if projection is 178 // null or empty. To be consistent with this behavior, we fill projection with all allowed 179 // columns if it's null or empty for cross profile Uris. 180 return validColumnsSet.toArray(new String[validColumnsSet.size()]); 181 } 182 } 183