3 ** Copyright 2007, The Android Open Source Project
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
9 ** http://www.apache.org/licenses/LICENSE-2.0
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
17 package android.widget;
19 import android.app.AlertDialog;
20 import android.content.Context;
21 import android.content.DialogInterface;
22 import android.content.pm.ApplicationInfo;
23 import android.content.pm.PackageInfo;
24 import android.content.pm.PackageItemInfo;
25 import android.content.pm.PackageManager;
26 import android.content.pm.PackageManager.NameNotFoundException;
27 import android.content.pm.PermissionGroupInfo;
28 import android.content.pm.PermissionInfo;
29 import android.graphics.drawable.Drawable;
30 import android.os.Parcel;
31 import android.os.UserHandle;
32 import android.text.SpannableStringBuilder;
33 import android.text.TextUtils;
34 import android.util.AttributeSet;
35 import android.util.Log;
36 import android.view.LayoutInflater;
37 import android.view.View;
38 import android.view.ViewGroup;
40 import com.android.internal.R;
42 import java.text.Collator;
43 import java.util.ArrayList;
44 import java.util.Collections;
45 import java.util.Comparator;
46 import java.util.HashMap;
47 import java.util.HashSet;
48 import java.util.List;
53 * This class contains the SecurityPermissions view implementation.
54 * Initially the package's advanced or dangerous security permissions
55 * are displayed under categorized
56 * groups. Clicking on the additional permissions presents
57 * extended information consisting of all groups and permissions.
58 * To use this view define a LinearLayout or any ViewGroup and add this
59 * view by instantiating AppSecurityPermissions and invoking getPermissionsView.
63 public class AppSecurityPermissions {
65 public static final int WHICH_NEW = 1<<2;
66 public static final int WHICH_ALL = 0xffff;
68 private final static String TAG = "AppSecurityPermissions";
69 private final static boolean localLOGV = false;
70 private final Context mContext;
71 private final LayoutInflater mInflater;
72 private final PackageManager mPm;
73 private final Map<String, MyPermissionGroupInfo> mPermGroups
74 = new HashMap<String, MyPermissionGroupInfo>();
75 private final List<MyPermissionGroupInfo> mPermGroupsList
76 = new ArrayList<MyPermissionGroupInfo>();
77 private final PermissionGroupInfoComparator mPermGroupComparator =
78 new PermissionGroupInfoComparator();
79 private final PermissionInfoComparator mPermComparator = new PermissionInfoComparator();
80 private final List<MyPermissionInfo> mPermsList = new ArrayList<MyPermissionInfo>();
81 private final CharSequence mNewPermPrefix;
82 private String mPackageName;
85 static class MyPermissionGroupInfo extends PermissionGroupInfo {
88 final ArrayList<MyPermissionInfo> mNewPermissions = new ArrayList<MyPermissionInfo>();
89 final ArrayList<MyPermissionInfo> mAllPermissions = new ArrayList<MyPermissionInfo>();
91 MyPermissionGroupInfo(PermissionInfo perm) {
92 name = perm.packageName;
93 packageName = perm.packageName;
96 MyPermissionGroupInfo(PermissionGroupInfo info) {
100 public Drawable loadGroupIcon(Context context, PackageManager pm) {
102 return loadUnbadgedIcon(pm);
104 return context.getDrawable(R.drawable.ic_perm_device_info);
110 private static class MyPermissionInfo extends PermissionInfo {
114 * PackageInfo.requestedPermissionsFlags for the new package being installed.
119 * PackageInfo.requestedPermissionsFlags for the currently installed
120 * package, if it is installed.
122 int mExistingReqFlags;
125 * True if this should be considered a new permission.
129 MyPermissionInfo(PermissionInfo info) {
135 public static class PermissionItemView extends LinearLayout implements View.OnClickListener {
136 MyPermissionGroupInfo mGroup;
137 MyPermissionInfo mPerm;
139 private boolean mShowRevokeUI = false;
140 private String mPackageName;
142 public PermissionItemView(Context context, AttributeSet attrs) {
143 super(context, attrs);
147 public void setPermission(MyPermissionGroupInfo grp, MyPermissionInfo perm,
148 boolean first, CharSequence newPermPrefix, String packageName,
149 boolean showRevokeUI) {
152 mShowRevokeUI = showRevokeUI;
153 mPackageName = packageName;
155 ImageView permGrpIcon = findViewById(R.id.perm_icon);
156 TextView permNameView = findViewById(R.id.perm_name);
158 PackageManager pm = getContext().getPackageManager();
159 Drawable icon = null;
161 icon = grp.loadGroupIcon(getContext(), pm);
163 CharSequence label = perm.mLabel;
164 if (perm.mNew && newPermPrefix != null) {
165 // If this is a new permission, format it appropriately.
166 SpannableStringBuilder builder = new SpannableStringBuilder();
167 Parcel parcel = Parcel.obtain();
168 TextUtils.writeToParcel(newPermPrefix, parcel, 0);
169 parcel.setDataPosition(0);
170 CharSequence newStr = TextUtils.CHAR_SEQUENCE_CREATOR.createFromParcel(parcel);
172 builder.append(newStr);
173 builder.append(label);
177 permGrpIcon.setImageDrawable(icon);
178 permNameView.setText(label);
179 setOnClickListener(this);
180 if (localLOGV) Log.i(TAG, "Made perm item " + perm.name
181 + ": " + label + " in group " + grp.name);
185 public void onClick(View v) {
186 if (mGroup != null && mPerm != null) {
187 if (mDialog != null) {
190 PackageManager pm = getContext().getPackageManager();
191 AlertDialog.Builder builder = new AlertDialog.Builder(getContext());
192 builder.setTitle(mGroup.mLabel);
193 if (mPerm.descriptionRes != 0) {
194 builder.setMessage(mPerm.loadDescription(pm));
196 CharSequence appName;
198 ApplicationInfo app = pm.getApplicationInfo(mPerm.packageName, 0);
199 appName = app.loadLabel(pm);
200 } catch (NameNotFoundException e) {
201 appName = mPerm.packageName;
203 StringBuilder sbuilder = new StringBuilder(128);
204 sbuilder.append(getContext().getString(
205 R.string.perms_description_app, appName));
206 sbuilder.append("\n\n");
207 sbuilder.append(mPerm.name);
208 builder.setMessage(sbuilder.toString());
210 builder.setCancelable(true);
211 builder.setIcon(mGroup.loadGroupIcon(getContext(), pm));
212 addRevokeUIIfNecessary(builder);
213 mDialog = builder.show();
214 mDialog.setCanceledOnTouchOutside(true);
219 protected void onDetachedFromWindow() {
220 super.onDetachedFromWindow();
221 if (mDialog != null) {
226 private void addRevokeUIIfNecessary(AlertDialog.Builder builder) {
227 if (!mShowRevokeUI) {
231 final boolean isRequired =
232 ((mPerm.mExistingReqFlags & PackageInfo.REQUESTED_PERMISSION_REQUIRED) != 0);
238 DialogInterface.OnClickListener ocl = new DialogInterface.OnClickListener() {
240 public void onClick(DialogInterface dialog, int which) {
241 PackageManager pm = getContext().getPackageManager();
242 pm.revokeRuntimePermission(mPackageName, mPerm.name,
243 new UserHandle(mContext.getUserId()));
244 PermissionItemView.this.setVisibility(View.GONE);
247 builder.setNegativeButton(R.string.revoke, ocl);
248 builder.setPositiveButton(R.string.ok, null);
252 private AppSecurityPermissions(Context context) {
254 mInflater = (LayoutInflater) mContext.getSystemService(Context.LAYOUT_INFLATER_SERVICE);
255 mPm = mContext.getPackageManager();
256 // Pick up from framework resources instead.
257 mNewPermPrefix = mContext.getText(R.string.perms_new_perm_prefix);
260 public AppSecurityPermissions(Context context, String packageName) {
262 mPackageName = packageName;
263 Set<MyPermissionInfo> permSet = new HashSet<MyPermissionInfo>();
266 pkgInfo = mPm.getPackageInfo(packageName, PackageManager.GET_PERMISSIONS);
267 } catch (NameNotFoundException e) {
268 Log.w(TAG, "Couldn't retrieve permissions for package:"+packageName);
271 // Extract all user permissions
272 if((pkgInfo.applicationInfo != null) && (pkgInfo.applicationInfo.uid != -1)) {
273 getAllUsedPermissions(pkgInfo.applicationInfo.uid, permSet);
275 mPermsList.addAll(permSet);
276 setPermissions(mPermsList);
279 public AppSecurityPermissions(Context context, PackageInfo info) {
281 Set<MyPermissionInfo> permSet = new HashSet<MyPermissionInfo>();
285 mPackageName = info.packageName;
287 // Convert to a PackageInfo
288 PackageInfo installedPkgInfo = null;
289 // Get requested permissions
290 if (info.requestedPermissions != null) {
292 installedPkgInfo = mPm.getPackageInfo(info.packageName,
293 PackageManager.GET_PERMISSIONS);
294 } catch (NameNotFoundException e) {
296 extractPerms(info, permSet, installedPkgInfo);
298 // Get permissions related to shared user if any
299 if (info.sharedUserId != null) {
302 sharedUid = mPm.getUidForSharedUser(info.sharedUserId);
303 getAllUsedPermissions(sharedUid, permSet);
304 } catch (NameNotFoundException e) {
305 Log.w(TAG, "Couldn't retrieve shared user id for: " + info.packageName);
308 // Retrieve list of permissions
309 mPermsList.addAll(permSet);
310 setPermissions(mPermsList);
314 * Utility to retrieve a view displaying a single permission. This provides
315 * the old UI layout for permissions; it is only here for the device admin
316 * settings to continue to use.
318 public static View getPermissionItemView(Context context,
319 CharSequence grpName, CharSequence description, boolean dangerous) {
320 LayoutInflater inflater = (LayoutInflater)context.getSystemService(
321 Context.LAYOUT_INFLATER_SERVICE);
322 Drawable icon = context.getDrawable(dangerous
323 ? R.drawable.ic_bullet_key_permission : R.drawable.ic_text_dot);
324 return getPermissionItemViewOld(context, inflater, grpName,
325 description, dangerous, icon);
328 private void getAllUsedPermissions(int sharedUid, Set<MyPermissionInfo> permSet) {
329 String sharedPkgList[] = mPm.getPackagesForUid(sharedUid);
330 if(sharedPkgList == null || (sharedPkgList.length == 0)) {
333 for(String sharedPkg : sharedPkgList) {
334 getPermissionsForPackage(sharedPkg, permSet);
338 private void getPermissionsForPackage(String packageName, Set<MyPermissionInfo> permSet) {
340 PackageInfo pkgInfo = mPm.getPackageInfo(packageName, PackageManager.GET_PERMISSIONS);
341 extractPerms(pkgInfo, permSet, pkgInfo);
342 } catch (NameNotFoundException e) {
343 Log.w(TAG, "Couldn't retrieve permissions for package: " + packageName);
347 private void extractPerms(PackageInfo info, Set<MyPermissionInfo> permSet,
348 PackageInfo installedPkgInfo) {
349 String[] strList = info.requestedPermissions;
350 int[] flagsList = info.requestedPermissionsFlags;
351 if ((strList == null) || (strList.length == 0)) {
354 for (int i=0; i<strList.length; i++) {
355 String permName = strList[i];
357 PermissionInfo tmpPermInfo = mPm.getPermissionInfo(permName, 0);
358 if (tmpPermInfo == null) {
361 int existingIndex = -1;
362 if (installedPkgInfo != null
363 && installedPkgInfo.requestedPermissions != null) {
364 for (int j=0; j<installedPkgInfo.requestedPermissions.length; j++) {
365 if (permName.equals(installedPkgInfo.requestedPermissions[j])) {
371 final int existingFlags = existingIndex >= 0 ?
372 installedPkgInfo.requestedPermissionsFlags[existingIndex] : 0;
373 if (!isDisplayablePermission(tmpPermInfo, flagsList[i], existingFlags)) {
374 // This is not a permission that is interesting for the user
375 // to see, so skip it.
378 final String origGroupName = tmpPermInfo.group;
379 String groupName = origGroupName;
380 if (groupName == null) {
381 groupName = tmpPermInfo.packageName;
382 tmpPermInfo.group = groupName;
384 MyPermissionGroupInfo group = mPermGroups.get(groupName);
386 PermissionGroupInfo grp = null;
387 if (origGroupName != null) {
388 grp = mPm.getPermissionGroupInfo(origGroupName, 0);
391 group = new MyPermissionGroupInfo(grp);
393 // We could be here either because the permission
394 // didn't originally specify a group or the group it
395 // gave couldn't be found. In either case, we consider
396 // its group to be the permission's package name.
397 tmpPermInfo.group = tmpPermInfo.packageName;
398 group = mPermGroups.get(tmpPermInfo.group);
400 group = new MyPermissionGroupInfo(tmpPermInfo);
402 group = new MyPermissionGroupInfo(tmpPermInfo);
404 mPermGroups.put(tmpPermInfo.group, group);
406 final boolean newPerm = installedPkgInfo != null
407 && (existingFlags&PackageInfo.REQUESTED_PERMISSION_GRANTED) == 0;
408 MyPermissionInfo myPerm = new MyPermissionInfo(tmpPermInfo);
409 myPerm.mNewReqFlags = flagsList[i];
410 myPerm.mExistingReqFlags = existingFlags;
411 // This is a new permission if the app is already installed and
412 // doesn't currently hold this permission.
413 myPerm.mNew = newPerm;
415 } catch (NameNotFoundException e) {
416 Log.i(TAG, "Ignoring unknown permission:"+permName);
421 public int getPermissionCount() {
422 return getPermissionCount(WHICH_ALL);
425 private List<MyPermissionInfo> getPermissionList(MyPermissionGroupInfo grp, int which) {
426 if (which == WHICH_NEW) {
427 return grp.mNewPermissions;
429 return grp.mAllPermissions;
433 public int getPermissionCount(int which) {
435 for (int i=0; i<mPermGroupsList.size(); i++) {
436 N += getPermissionList(mPermGroupsList.get(i), which).size();
441 public View getPermissionsView() {
442 return getPermissionsView(WHICH_ALL, false);
445 public View getPermissionsViewWithRevokeButtons() {
446 return getPermissionsView(WHICH_ALL, true);
449 public View getPermissionsView(int which) {
450 return getPermissionsView(which, false);
453 private View getPermissionsView(int which, boolean showRevokeUI) {
454 LinearLayout permsView = (LinearLayout) mInflater.inflate(R.layout.app_perms_summary, null);
455 LinearLayout displayList = permsView.findViewById(R.id.perms_list);
456 View noPermsView = permsView.findViewById(R.id.no_permissions);
458 displayPermissions(mPermGroupsList, displayList, which, showRevokeUI);
459 if (displayList.getChildCount() <= 0) {
460 noPermsView.setVisibility(View.VISIBLE);
467 * Utility method that displays permissions from a map containing group name and
468 * list of permission descriptions.
470 private void displayPermissions(List<MyPermissionGroupInfo> groups,
471 LinearLayout permListView, int which, boolean showRevokeUI) {
472 permListView.removeAllViews();
474 int spacing = (int)(8*mContext.getResources().getDisplayMetrics().density);
476 for (int i=0; i<groups.size(); i++) {
477 MyPermissionGroupInfo grp = groups.get(i);
478 final List<MyPermissionInfo> perms = getPermissionList(grp, which);
479 for (int j=0; j<perms.size(); j++) {
480 MyPermissionInfo perm = perms.get(j);
481 View view = getPermissionItemView(grp, perm, j == 0,
482 which != WHICH_NEW ? mNewPermPrefix : null, showRevokeUI);
483 LinearLayout.LayoutParams lp = new LinearLayout.LayoutParams(
484 ViewGroup.LayoutParams.MATCH_PARENT,
485 ViewGroup.LayoutParams.WRAP_CONTENT);
487 lp.topMargin = spacing;
489 if (j == grp.mAllPermissions.size()-1) {
490 lp.bottomMargin = spacing;
492 if (permListView.getChildCount() == 0) {
495 permListView.addView(view, lp);
500 private PermissionItemView getPermissionItemView(MyPermissionGroupInfo grp,
501 MyPermissionInfo perm, boolean first, CharSequence newPermPrefix, boolean showRevokeUI) {
502 return getPermissionItemView(mContext, mInflater, grp, perm, first, newPermPrefix,
503 mPackageName, showRevokeUI);
506 private static PermissionItemView getPermissionItemView(Context context, LayoutInflater inflater,
507 MyPermissionGroupInfo grp, MyPermissionInfo perm, boolean first,
508 CharSequence newPermPrefix, String packageName, boolean showRevokeUI) {
509 PermissionItemView permView = (PermissionItemView)inflater.inflate(
510 (perm.flags & PermissionInfo.FLAG_COSTS_MONEY) != 0
511 ? R.layout.app_permission_item_money : R.layout.app_permission_item,
513 permView.setPermission(grp, perm, first, newPermPrefix, packageName, showRevokeUI);
517 private static View getPermissionItemViewOld(Context context, LayoutInflater inflater,
518 CharSequence grpName, CharSequence permList, boolean dangerous, Drawable icon) {
519 View permView = inflater.inflate(R.layout.app_permission_item_old, null);
521 TextView permGrpView = permView.findViewById(R.id.permission_group);
522 TextView permDescView = permView.findViewById(R.id.permission_list);
524 ImageView imgView = (ImageView)permView.findViewById(R.id.perm_icon);
525 imgView.setImageDrawable(icon);
526 if(grpName != null) {
527 permGrpView.setText(grpName);
528 permDescView.setText(permList);
530 permGrpView.setText(permList);
531 permDescView.setVisibility(View.GONE);
536 private boolean isDisplayablePermission(PermissionInfo pInfo, int newReqFlags,
537 int existingReqFlags) {
538 final int base = pInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE;
539 final boolean isNormal = (base == PermissionInfo.PROTECTION_NORMAL);
541 // We do not show normal permissions in the UI.
546 final boolean isDangerous = (base == PermissionInfo.PROTECTION_DANGEROUS)
547 || ((pInfo.protectionLevel&PermissionInfo.PROTECTION_FLAG_PRE23) != 0);
548 final boolean isRequired =
549 ((newReqFlags&PackageInfo.REQUESTED_PERMISSION_REQUIRED) != 0);
550 final boolean isDevelopment =
551 ((pInfo.protectionLevel&PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0);
552 final boolean wasGranted =
553 ((existingReqFlags&PackageInfo.REQUESTED_PERMISSION_GRANTED) != 0);
554 final boolean isGranted =
555 ((newReqFlags&PackageInfo.REQUESTED_PERMISSION_GRANTED) != 0);
557 // Dangerous and normal permissions are always shown to the user if the permission
558 // is required, or it was previously granted
559 if (isDangerous && (isRequired || wasGranted || isGranted)) {
563 // Development permissions are only shown to the user if they are already
564 // granted to the app -- if we are installing an app and they are not
565 // already granted, they will not be granted as part of the install.
566 if (isDevelopment && wasGranted) {
567 if (localLOGV) Log.i(TAG, "Special perm " + pInfo.name
568 + ": protlevel=0x" + Integer.toHexString(pInfo.protectionLevel));
574 private static class PermissionGroupInfoComparator implements Comparator<MyPermissionGroupInfo> {
575 private final Collator sCollator = Collator.getInstance();
577 public final int compare(MyPermissionGroupInfo a, MyPermissionGroupInfo b) {
578 return sCollator.compare(a.mLabel, b.mLabel);
582 private static class PermissionInfoComparator implements Comparator<MyPermissionInfo> {
583 private final Collator sCollator = Collator.getInstance();
584 PermissionInfoComparator() {
586 public final int compare(MyPermissionInfo a, MyPermissionInfo b) {
587 return sCollator.compare(a.mLabel, b.mLabel);
591 private void addPermToList(List<MyPermissionInfo> permList,
592 MyPermissionInfo pInfo) {
593 if (pInfo.mLabel == null) {
594 pInfo.mLabel = pInfo.loadSafeLabel(mPm, 20000, PackageItemInfo.SAFE_LABEL_FLAG_TRIM
595 | PackageItemInfo.SAFE_LABEL_FLAG_FIRST_LINE);
597 int idx = Collections.binarySearch(permList, pInfo, mPermComparator);
598 if(localLOGV) Log.i(TAG, "idx="+idx+", list.size="+permList.size());
601 permList.add(idx, pInfo);
605 private void setPermissions(List<MyPermissionInfo> permList) {
606 if (permList != null) {
607 // First pass to group permissions
608 for (MyPermissionInfo pInfo : permList) {
609 if(localLOGV) Log.i(TAG, "Processing permission:"+pInfo.name);
610 if(!isDisplayablePermission(pInfo, pInfo.mNewReqFlags, pInfo.mExistingReqFlags)) {
611 if(localLOGV) Log.i(TAG, "Permission:"+pInfo.name+" is not displayable");
614 MyPermissionGroupInfo group = mPermGroups.get(pInfo.group);
616 pInfo.mLabel = pInfo.loadSafeLabel(mPm, 20000,
617 PackageItemInfo.SAFE_LABEL_FLAG_TRIM
618 | PackageItemInfo.SAFE_LABEL_FLAG_FIRST_LINE);
619 addPermToList(group.mAllPermissions, pInfo);
621 addPermToList(group.mNewPermissions, pInfo);
627 for (MyPermissionGroupInfo pgrp : mPermGroups.values()) {
628 if (pgrp.labelRes != 0 || pgrp.nonLocalizedLabel != null) {
629 pgrp.mLabel = pgrp.loadSafeLabel(mPm, 20000, PackageItemInfo.SAFE_LABEL_FLAG_TRIM
630 | PackageItemInfo.SAFE_LABEL_FLAG_FIRST_LINE);
634 app = mPm.getApplicationInfo(pgrp.packageName, 0);
635 pgrp.mLabel = app.loadSafeLabel(mPm, 20000, PackageItemInfo.SAFE_LABEL_FLAG_TRIM
636 | PackageItemInfo.SAFE_LABEL_FLAG_FIRST_LINE);
637 } catch (NameNotFoundException e) {
638 pgrp.mLabel = pgrp.loadSafeLabel(mPm, 20000,
639 PackageItemInfo.SAFE_LABEL_FLAG_TRIM
640 | PackageItemInfo.SAFE_LABEL_FLAG_FIRST_LINE);
643 mPermGroupsList.add(pgrp);
645 Collections.sort(mPermGroupsList, mPermGroupComparator);