1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.sdksandbox; 18 19 import android.annotation.FlaggedApi; 20 import android.annotation.NonNull; 21 import android.annotation.SdkConstant; 22 import android.annotation.SystemApi; 23 import android.content.Intent; 24 import android.content.IntentFilter; 25 import android.content.pm.ApplicationInfo; 26 import android.content.pm.PackageManager.NameNotFoundException; 27 import android.content.pm.ProviderInfo; 28 import android.os.IBinder; 29 30 import com.android.sdksandbox.flags.Flags; 31 import com.android.tools.r8.keepanno.annotations.KeepForApi; 32 import com.android.tools.r8.keepanno.annotations.KeepItemKind; 33 import com.android.tools.r8.keepanno.annotations.KeepTarget; 34 import com.android.tools.r8.keepanno.annotations.MemberAccessFlags; 35 36 /** 37 * Exposes APIs to {@code system_server} components outside of the module boundaries. 38 * 39 * @hide 40 */ 41 @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) 42 public interface SdkSandboxManagerLocal { 43 44 @SdkConstant(SdkConstant.SdkConstantType.SERVICE_ACTION) 45 String SERVICE_INTERFACE = "com.android.sdksandbox.SdkSandboxService"; 46 47 /** 48 * Broadcast Receiver listen to sufficient verifier requests from Package Manager when install 49 * new SDK, to verifier SDK code during installation time and terminate install if SDK not 50 * compatible with privacy sandbox restrictions. 51 */ 52 @SdkConstant(SdkConstant.SdkConstantType.BROADCAST_INTENT_ACTION) 53 @KeepForApi( 54 description = 55 "Package Manager reflects on the class denoted by this field. See b/255754931", 56 additionalTargets = { 57 @KeepTarget( 58 kind = KeepItemKind.CLASS_AND_MEMBERS, 59 classConstant = SdkSandboxVerifierReceiver.class, 60 memberAccess = {MemberAccessFlags.PUBLIC}) 61 }) 62 String VERIFIER_RECEIVER = "com.android.server.sdksandbox.SdkSandboxVerifierReceiver"; 63 64 /** 65 * Enforces that the sdk sandbox process is allowed to broadcast a given intent. 66 * 67 * @deprecated Use {@link SdkSandboxManagerLocal#canSendBroadcast(Intent)} instead. 68 * @param intent the intent to check. 69 * @throws SecurityException if the intent is not allowed to be broadcast. 70 */ 71 @Deprecated enforceAllowedToSendBroadcast(@onNull Intent intent)72 void enforceAllowedToSendBroadcast(@NonNull Intent intent); 73 74 /** 75 * Whether the sdk sandbox process is allowed to broadcast a given intent. 76 * 77 * @param intent the intent to check. 78 * @return true if the intent is allowed to be broadcast, otherwise false 79 */ canSendBroadcast(@onNull Intent intent)80 boolean canSendBroadcast(@NonNull Intent intent); 81 82 /** 83 * Enforces that the sdk sandbox process is allowed to start an activity with a given intent. 84 * 85 * @param intent the intent to check. 86 * @throws SecurityException if the activity is not allowed to be started. 87 */ enforceAllowedToStartActivity(@onNull Intent intent)88 void enforceAllowedToStartActivity(@NonNull Intent intent); 89 90 /** 91 * Enforces that the sdk sandbox process is allowed to start or bind to a service with a given 92 * intent. 93 * 94 * @param intent the intent to check. 95 * @throws SecurityException if the service is not allowed to be started or bound to. 96 */ enforceAllowedToStartOrBindService(@onNull Intent intent)97 void enforceAllowedToStartOrBindService(@NonNull Intent intent); 98 99 /** 100 * Whether the sdk sandbox process is allowed to access a given ContentProvider. 101 * 102 * @param providerInfo info about the Content Provider being accessed. 103 * @return true if the sandbox uid is allowed to access the ContentProvider, false otherwise. 104 */ canAccessContentProviderFromSdkSandbox(@onNull ProviderInfo providerInfo)105 boolean canAccessContentProviderFromSdkSandbox(@NonNull ProviderInfo providerInfo); 106 107 /** 108 * Enforces that the caller app is allowed to start a {@code SandboxedActivity} inside its 109 * sandbox process. 110 * 111 * @param intent the activity intent 112 * @param clientAppUid uid of the client app 113 * @param clientAppPackageName package name of the client app 114 * @throws SecurityException if the caller app is not allowed to start {@code 115 * SandboxedActivity}. 116 */ enforceAllowedToHostSandboxedActivity( @onNull Intent intent, int clientAppUid, @NonNull String clientAppPackageName)117 void enforceAllowedToHostSandboxedActivity( 118 @NonNull Intent intent, int clientAppUid, @NonNull String clientAppPackageName); 119 120 /** 121 * Whether the sdk sandbox process is allowed to register a broadcast receiver with a given 122 * intentFilter. 123 * 124 * @param intentFilter the intentFilter to check. 125 * @param flags flags that the ActivityManagerService.registerReceiver method was called with. 126 * @param onlyProtectedBroadcasts true if all actions in {@link android.content.IntentFilter} 127 * are protected broadcasts 128 * @return true if sandbox is allowed to register a broadcastReceiver, otherwise false. 129 */ canRegisterBroadcastReceiver( @onNull IntentFilter intentFilter, int flags, boolean onlyProtectedBroadcasts)130 boolean canRegisterBroadcastReceiver( 131 @NonNull IntentFilter intentFilter, int flags, boolean onlyProtectedBroadcasts); 132 133 /** 134 * Returns name of the sdk sandbox process that corresponds to the given client app. 135 * 136 * @param clientAppInfo {@link ApplicationInfo} of the given client app 137 * @return name of the sdk sandbox process to be instrumented 138 */ 139 @NonNull getSdkSandboxProcessNameForInstrumentation(@onNull ApplicationInfo clientAppInfo)140 String getSdkSandboxProcessNameForInstrumentation(@NonNull ApplicationInfo clientAppInfo); 141 142 /** 143 * Returns the application info of the sdk sandbox process that corresponds to the given client 144 * app. 145 * 146 * @param clientAppInfo {@link ApplicationInfo} of the client app 147 * @param isSdkInSandbox specifies whether to create an application info for the sandbox or for 148 * an Sdk running inside the sandbox. 149 * @return {@link ApplicationInfo} of the sdk sandbox process to be instrumented 150 * @throws NameNotFoundException if the sandbox package name cannot be found. 151 */ 152 @NonNull 153 @FlaggedApi(Flags.FLAG_SDK_SANDBOX_INSTRUMENTATION_INFO) getSdkSandboxApplicationInfoForInstrumentation( @onNull ApplicationInfo clientAppInfo, boolean isSdkInSandbox)154 ApplicationInfo getSdkSandboxApplicationInfoForInstrumentation( 155 @NonNull ApplicationInfo clientAppInfo, boolean isSdkInSandbox) 156 throws NameNotFoundException; 157 158 /** 159 * Called by the {@code ActivityManagerService} to notify that instrumentation of the 160 * sdk sandbox process that belongs to the client app is about to start. 161 * 162 * <p>If there is a running instance of the sdk sandbox process, then it will be stopped. 163 * While the instrumentation for the sdk sandbox is running, the corresponding client app 164 * won't be allowed to connect to the instrumented sdk sandbox process. 165 * 166 * @param clientAppPackageName package name of the client app 167 * @param clientAppUid uid of the client app 168 */ notifyInstrumentationStarted(@onNull String clientAppPackageName, int clientAppUid)169 void notifyInstrumentationStarted(@NonNull String clientAppPackageName, int clientAppUid); 170 171 /** 172 * Called by the {@code ActivityManagerService} to notify that instrumentation of the 173 * sdk sandbox process that belongs to the client app finished. 174 * 175 * <p>This method must be called after the instrumented sdk sandbox process has been stopped. 176 * 177 * <p>Once the instrumentation finishes, the client app will be able to connect to the new 178 * instance of its sdk sandbox process. 179 * 180 * @param clientAppPackageName package name of the client app 181 * @param clientAppUid uid of the client app 182 */ notifyInstrumentationFinished(@onNull String clientAppPackageName, int clientAppUid)183 void notifyInstrumentationFinished(@NonNull String clientAppPackageName, int clientAppUid); 184 185 /** 186 * Returns true if instrumentation of the sdk sandbox process belonging to the client app is 187 * currently running, false otherwise. 188 * 189 * @param clientAppPackageName package name of the client app 190 * @param clientAppUid uid of the client app 191 * @hide 192 */ isInstrumentationRunning(@onNull String clientAppPackageName, int clientAppUid)193 boolean isInstrumentationRunning(@NonNull String clientAppPackageName, int clientAppUid); 194 195 // TODO(b/282239822): Remove this workaround on Android VIC 196 /** 197 * Register the AdServicesManager System Service 198 * 199 * @param iBinder The AdServicesManagerService Binder. 200 * @hide 201 */ registerAdServicesManagerService(IBinder iBinder, boolean published)202 void registerAdServicesManagerService(IBinder iBinder, boolean published); 203 204 /** 205 * Returns the effective target Sdk version for the sdk sandbox process. 206 * 207 * <p>Sdk sandbox process hosts multiple SDKs inside it with each having its own 208 * targetSdkVersion. We allocate a targetSdkVersion for the host process such that it is 209 * compatible with all the SDKs it's hosting. 210 * 211 * @param sdkSandboxUid uid of the sdk sandbox process. 212 * @return effective target Sdk version for the sdk sandbox process. 213 * @throws NameNotFoundException if the client package for the given sdk sandbox uid is not 214 * found. 215 * @hide 216 */ getEffectiveTargetSdkVersion(int sdkSandboxUid)217 int getEffectiveTargetSdkVersion(int sdkSandboxUid) throws NameNotFoundException; 218 } 219