Change checkUidPermission and others in PermissionManagerServiceInterface to... (06c9004f) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+37 −13

Original line number	Diff line number	Diff line
		@@ -42,6 +42,7 @@ import android.app.ActivityManager;
		import android.app.AppOpsManager;
		import android.app.AppOpsManager.AttributionFlags;
		import android.app.IActivityManager;
		import android.companion.virtual.VirtualDeviceManager;
		import android.content.AttributionSource;
		import android.content.AttributionSourceState;
		import android.content.Context;
		@@ -78,6 +79,7 @@ import com.android.internal.util.Preconditions;
		import com.android.internal.util.function.QuadFunction;
		import com.android.internal.util.function.TriFunction;
		import com.android.server.LocalServices;
		import com.android.server.companion.virtual.VirtualDeviceManagerInternal;
		import com.android.server.pm.UserManagerService;
		import com.android.server.pm.permission.PermissionManagerServiceInternal.HotwordDetectionServiceProvider;
		import com.android.server.pm.pkg.AndroidPackage;
		@@ -135,6 +137,9 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		@Nullable
		private HotwordDetectionServiceProvider mHotwordDetectionServiceProvider;

		@Nullable
		private VirtualDeviceManagerInternal mVirtualDeviceManagerInternal;

		PermissionManagerService(@NonNull Context context,
		@NonNull ArrayMap<String, FeatureInfo> availableFeatures) {
		// The package info cache is the cache for package and permission information.
		@@ -146,6 +151,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		mContext = context;
		mPackageManagerInt = LocalServices.getService(PackageManagerInternal.class);
		mAppOpsManager = context.getSystemService(AppOpsManager.class);
		mVirtualDeviceManagerInternal =
		LocalServices.getService(VirtualDeviceManagerInternal.class);

		mAttributionSourceRegistry = new AttributionSourceRegistry(context);

		@@ -246,16 +253,30 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		return PackageManager.PERMISSION_DENIED;
		}

		String persistentDeviceId = getPersistentDeviceId(deviceId);

		final CheckPermissionDelegate checkPermissionDelegate;
		synchronized (mLock) {
		checkPermissionDelegate = mCheckPermissionDelegate;
		}

		if (checkPermissionDelegate == null) {
		return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName, deviceId);
		return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName,
		persistentDeviceId);
		}
		return checkPermissionDelegate.checkUidPermission(uid, permissionName,
		deviceId, mPermissionManagerServiceImpl::checkUidPermission);
		persistentDeviceId, mPermissionManagerServiceImpl::checkUidPermission);
		}

		private String getPersistentDeviceId(int deviceId) {
		if (deviceId == Context.DEVICE_ID_DEFAULT) {
		return VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT;
		}

		if (mVirtualDeviceManagerInternal == null) {
		mVirtualDeviceManagerInternal =
		LocalServices.getService(VirtualDeviceManagerInternal.class);
		}
		return mVirtualDeviceManagerInternal.getPersistentIdForDevice(deviceId);
		}

		@Override
		@@ -608,15 +629,17 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		@Override
		public boolean shouldShowRequestPermissionRationale(String packageName, String permissionName,
		int deviceId, int userId) {
		String persistentDeviceId = getPersistentDeviceId(deviceId);
		return mPermissionManagerServiceImpl.shouldShowRequestPermissionRationale(packageName,
		permissionName, deviceId, userId);
		permissionName, persistentDeviceId, userId);
		}

		@Override
		public boolean isPermissionRevokedByPolicy(String packageName, String permissionName,
		int deviceId, int userId) {
		String persistentDeviceId = getPersistentDeviceId(deviceId);
		return mPermissionManagerServiceImpl.isPermissionRevokedByPolicy(packageName,
		permissionName, deviceId, userId);
		permissionName, persistentDeviceId, userId);
		}

		@Override
		@@ -914,13 +937,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		*
		* @param uid the UID to be checked
		* @param permissionName the name of the permission to be checked
		* @param deviceId The device ID
		* @param persistentDeviceId The persistent device ID
		* @param superImpl the original implementation that can be delegated to
		* @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has
		* the permission, or {@link android.content.pm.PackageManager#PERMISSION_DENIED} otherwise
		*/
		int checkUidPermission(int uid, @NonNull String permissionName, int deviceId,
		TriFunction<Integer, String, Integer, Integer> superImpl);
		int checkUidPermission(int uid, @NonNull String permissionName, String persistentDeviceId,
		TriFunction<Integer, String, String, Integer> superImpl);

		/**
		* @return list of delegated permissions
		@@ -965,17 +988,18 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		}

		@Override
		public int checkUidPermission(int uid, @NonNull String permissionName, int deviceId,
		@NonNull TriFunction<Integer, String, Integer, Integer> superImpl) {
		public int checkUidPermission(int uid, @NonNull String permissionName,
		String persistentDeviceId,
		@NonNull TriFunction<Integer, String, String, Integer> superImpl) {
		if (uid == mDelegatedUid && isDelegatedPermission(permissionName)) {
		final long identity = Binder.clearCallingIdentity();
		try {
		return superImpl.apply(Process.SHELL_UID, permissionName, deviceId);
		return superImpl.apply(Process.SHELL_UID, permissionName, persistentDeviceId);
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		}
		return superImpl.apply(uid, permissionName, deviceId);
		return superImpl.apply(uid, permissionName, persistentDeviceId);
		}

		@Override

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+14 −15

Original line number	Diff line number	Diff line
		@@ -682,7 +682,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}

		@Override
		public int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
		public int getPermissionFlags(String packageName, String permName, String deviceId,
		int userId) {
		final int callingUid = Binder.getCallingUid();
		return getPermissionFlagsInternal(packageName, permName, callingUid, userId);
		@@ -726,8 +726,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt

		@Override
		public void updatePermissionFlags(String packageName, String permName, int flagMask,
		int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
		int userId) {
		int flagValues, boolean checkAdjustPolicyFlagPermission, String deviceId, int userId) {
		final int callingUid = Binder.getCallingUid();
		boolean overridePolicy = false;

		@@ -917,8 +916,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}

		@Override
		public int checkPermission(String pkgName, String permName, String persistentDeviceId,
		int userId) {
		public int checkPermission(String pkgName, String permName, String deviceId, int userId) {
		if (!mUserManagerInt.exists(userId)) {
		return PackageManager.PERMISSION_DENIED;
		}
		@@ -985,11 +983,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}

		private int checkUidPermission(int uid, String permName) {
		return checkUidPermission(uid, permName, Context.DEVICE_ID_DEFAULT);
		return checkUidPermission(uid, permName, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT);
		}

		@Override
		public int checkUidPermission(int uid, String permName, int deviceId) {
		public int checkUidPermission(int uid, String permName, String deviceId) {
		final int userId = UserHandle.getUserId(uid);
		if (!mUserManagerInt.exists(userId)) {
		return PackageManager.PERMISSION_DENIED;
		@@ -1001,7 +999,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt

		@Override
		public Map<String, PermissionManager.PermissionState> getAllPermissionStates(
		@NonNull String packageName, @NonNull String persistentDeviceId, int userId) {
		@NonNull String packageName, @NonNull String deviceId, int userId) {
		throw new UnsupportedOperationException(
		"This method is supported in newer implementation only");
		}
		@@ -1315,8 +1313,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}

		@Override
		public void grantRuntimePermission(String packageName, String permName,
		String persistentDeviceId, int userId) {
		public void grantRuntimePermission(String packageName, String permName, String deviceId,
		int userId) {
		final int callingUid = Binder.getCallingUid();
		final boolean overridePolicy =
		checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY)
		@@ -1489,12 +1487,13 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}

		@Override
		public void revokeRuntimePermission(String packageName, String permName,
		String persistentDeviceId, int userId, String reason) {
		public void revokeRuntimePermission(String packageName, String permName, String deviceId,
		int userId, String reason) {
		final int callingUid = Binder.getCallingUid();
		final boolean overridePolicy =
		checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY,
		Context.DEVICE_ID_DEFAULT) == PackageManager.PERMISSION_GRANTED;
		VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT)
		== PackageManager.PERMISSION_GRANTED;

		revokeRuntimePermissionInternal(packageName, permName, overridePolicy, callingUid, userId,
		reason, mDefaultPermissionCallback);
		@@ -1880,7 +1879,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt

		@Override
		public boolean shouldShowRequestPermissionRationale(String packageName, String permName,
		int deviceId, @UserIdInt int userId) {
		String deviceId, @UserIdInt int userId) {
		final int callingUid = Binder.getCallingUid();
		if (UserHandle.getCallingUserId() != userId) {
		mContext.enforceCallingPermission(
		@@ -1943,7 +1942,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}

		@Override
		public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId,
		public boolean isPermissionRevokedByPolicy(String packageName, String permName, String deviceId,
		int userId) {
		if (UserHandle.getCallingUserId() != userId) {
		mContext.enforceCallingPermission(

services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java

+17 −17

Original line number	Diff line number	Diff line
		@@ -141,11 +141,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		*
		* @param packageName the package name for which to get the flags
		* @param permName the permission for which to get the flags
		* @param persistentDeviceId The device for which to get the flags
		* @param deviceId The device for which to get the flags
		* @param userId the user for which to get permission flags
		* @return the permission flags
		*/
		int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
		int getPermissionFlags(String packageName, String permName, String deviceId,
		@UserIdInt int userId);

		/**
		@@ -156,11 +156,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		* @param permName The permission for which to update the flags
		* @param flagMask The flags which to replace
		* @param flagValues The flags with which to replace
		* @param persistentDeviceId The device for which to update the permission flags
		* @param deviceId The device for which to update the permission flags
		* @param userId The user for which to update the permission flags
		*/
		void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues,
		boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
		boolean checkAdjustPolicyFlagPermission, String deviceId,
		@UserIdInt int userId);

		/**
		@@ -295,12 +295,12 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		*
		* @param packageName the package to which to grant the permission
		* @param permName the permission name to grant
		* @param persistentDeviceId the device for which to grant the permission
		* @param deviceId the device for which to grant the permission
		* @param userId the user for which to grant the permission
		*
		* @see #revokeRuntimePermission(String, String, String, int, String)
		*/
		void grantRuntimePermission(String packageName, String permName, String persistentDeviceId,
		void grantRuntimePermission(String packageName, String permName, String deviceId,
		@UserIdInt int userId);

		/**
		@@ -316,13 +316,13 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		*
		* @param packageName the package from which to revoke the permission
		* @param permName the permission name to revoke
		* @param persistentDeviceId the device for which to revoke the permission
		* @param deviceId the device for which to revoke the permission
		* @param userId the user for which to revoke the permission
		* @param reason the reason for the revoke, or {@code null} for unspecified
		*
		* @see #grantRuntimePermission(String, String, String, int)
		*/
		void revokeRuntimePermission(String packageName, String permName, String persistentDeviceId,
		void revokeRuntimePermission(String packageName, String permName, String deviceId,
		@UserIdInt int userId, String reason);

		/**
		@@ -347,7 +347,7 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		* @return whether you can show permission rationale UI
		*/
		boolean shouldShowRequestPermissionRationale(String packageName, String permName,
		int deviceId, @UserIdInt int userId);
		String deviceId, @UserIdInt int userId);

		/**
		* Checks whether a particular permission has been revoked for a package by policy. Typically,
		@@ -361,8 +361,8 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		* @param userId the device for which you are checking the permission
		* @return whether the permission is restricted by policy
		*/
		boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId,
		@UserIdInt int userId);
		boolean isPermissionRevokedByPolicy(String packageName, String permName,
		String deviceId, @UserIdInt int userId);

		/**
		* Get set of permissions that have been split into more granular or dependent permissions.
		@@ -389,11 +389,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		*
		* @param pkgName package name
		* @param permName permission name
		* @param persistentDeviceId persistent device ID
		* @param deviceId persistent device ID
		* @param userId user ID
		* @return permission result {@link PackageManager.PermissionResult}
		*/
		int checkPermission(String pkgName, String permName, String persistentDeviceId,
		int checkPermission(String pkgName, String permName, String deviceId,
		@UserIdInt int userId);

		/**
		@@ -401,23 +401,23 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte
		*
		* @param uid UID
		* @param permName permission name
		* @param deviceId device ID
		* @param deviceId persistent device ID
		* @return permission result {@link PackageManager.PermissionResult}
		*/
		int checkUidPermission(int uid, String permName, int deviceId);
		int checkUidPermission(int uid, String permName, String deviceId);

		/**
		* Gets the permission states for requested package, persistent device and user.
		*
		* @param packageName name of the package you are checking against
		* @param persistentDeviceId id of the persistent device you are checking against
		* @param deviceId id of the persistent device you are checking against
		* @param userId id of the user for which to get permission flags
		* @return mapping of all permission states keyed by their permission names
		*
		* @hide
		*/
		Map<String, PermissionState> getAllPermissionStates(@NonNull String packageName,
		@NonNull String persistentDeviceId, @UserIdInt int userId);
		@NonNull String deviceId, @UserIdInt int userId);

		/**
		* Get all the package names requesting app op permissions.

services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java

+30 −32

Original line number	Diff line number	Diff line
		@@ -121,24 +121,22 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag
		}

		@Override
		public int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
		public int getPermissionFlags(String packageName, String permName, String deviceId,
		int userId) {
		Log.i(LOG_TAG, "getPermissionFlags(packageName = " + packageName + ", permName = "
		+ permName + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId
		+ ")");
		return mService.getPermissionFlags(packageName, permName, persistentDeviceId, userId);
		+ permName + ", deviceId = " + deviceId + ", userId = " + userId + ")");
		return mService.getPermissionFlags(packageName, permName, deviceId, userId);
		}

		@Override
		public void updatePermissionFlags(String packageName, String permName, int flagMask,
		int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
		int userId) {
		int flagValues, boolean checkAdjustPolicyFlagPermission, String deviceId, int userId) {
		Log.i(LOG_TAG, "updatePermissionFlags(packageName = " + packageName + ", permName = "
		+ permName + ", flagMask = " + flagMask + ", flagValues = " + flagValues
		+ ", checkAdjustPolicyFlagPermission = " + checkAdjustPolicyFlagPermission
		+ ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId + ")");
		+ ", deviceId = " + deviceId + ", userId = " + userId + ")");
		mService.updatePermissionFlags(packageName, permName, flagMask, flagValues,
		checkAdjustPolicyFlagPermission, persistentDeviceId, userId);
		checkAdjustPolicyFlagPermission, deviceId, userId);
		}

		@Override
		@@ -186,21 +184,20 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag
		}

		@Override
		public void grantRuntimePermission(String packageName, String permName,
		String persistentDeviceId, int userId) {
		public void grantRuntimePermission(String packageName, String permName, String deviceId,
		int userId) {
		Log.i(LOG_TAG, "grantRuntimePermission(packageName = " + packageName + ", permName = "
		+ permName + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId
		+ ")");
		mService.grantRuntimePermission(packageName, permName, persistentDeviceId, userId);
		+ permName + ", deviceId = " + deviceId + ", userId = " + userId + ")");
		mService.grantRuntimePermission(packageName, permName, deviceId, userId);
		}

		@Override
		public void revokeRuntimePermission(String packageName, String permName,
		String persistentDeviceId, int userId, String reason) {
		public void revokeRuntimePermission(String packageName, String permName, String deviceId,
		int userId, String reason) {
		Log.i(LOG_TAG, "revokeRuntimePermission(packageName = " + packageName + ", permName = "
		+ permName + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId
		+ ", reason = " + reason + ")");
		mService.revokeRuntimePermission(packageName, permName, persistentDeviceId, userId, reason);
		+ permName + ", deviceId = " + deviceId + ", userId = " + userId + ", reason = "
		+ reason + ")");
		mService.revokeRuntimePermission(packageName, permName, deviceId, userId, reason);
		}

		@Override
		@@ -212,16 +209,16 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag

		@Override
		public boolean shouldShowRequestPermissionRationale(String packageName, String permName,
		int deviceId, int userId) {
		String deviceId, int userId) {
		Log.i(LOG_TAG, "shouldShowRequestPermissionRationale(packageName = " + packageName
		+ ", permName = " + permName + ", deviceId = " + deviceId
		+ ", userId = " + userId + ")");
		+ ", permName = " + permName + ", deviceId = " + deviceId + ", userId = "
		+ userId + ")");
		return mService.shouldShowRequestPermissionRationale(packageName, permName, deviceId,
		userId);
		}

		@Override
		public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId,
		public boolean isPermissionRevokedByPolicy(String packageName, String permName, String deviceId,
		int userId) {
		Log.i(LOG_TAG, "isPermissionRevokedByPolicy(packageName = " + packageName + ", permName = "
		+ permName + ", deviceId = " + deviceId + ", userId = " + userId + ")");
		@@ -235,26 +232,27 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag
		}

		@Override
		public int checkPermission(String pkgName, String permName, String persistentDeviceId,
		public int checkPermission(String pkgName, String permName, String deviceId,
		int userId) {
		Log.i(LOG_TAG, "checkPermission(pkgName = " + pkgName + ", permName = " + permName
		+ ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId + ")");
		return mService.checkPermission(pkgName, permName, persistentDeviceId, userId);
		+ ", deviceId = " + deviceId + ", userId = " + userId + ")");
		return mService.checkPermission(pkgName, permName, deviceId, userId);
		}

		@Override
		public int checkUidPermission(int uid, String permName, int deviceId) {
		Log.i(LOG_TAG, "checkUidPermission(uid = " + uid + ", permName = "
		+ permName + ", deviceId = " + deviceId + ")");
		public int checkUidPermission(int uid, String permName, String deviceId) {
		Log.i(LOG_TAG, "checkUidPermission(uid = " + uid + ", permName = " + permName
		+ ", deviceId = " + deviceId + ")");
		return mService.checkUidPermission(uid, permName, deviceId);
		}

		@Override
		public Map<String, PermissionState> getAllPermissionStates(@NonNull String packageName,
		@NonNull String persistentDeviceId, int userId) {
		Log.i(LOG_TAG, "getAllPermissionStates(packageName = " + packageName
		+ ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId + ")");
		return mService.getAllPermissionStates(packageName, persistentDeviceId, userId);
		@NonNull String deviceId, int userId) {
		Log.i(LOG_TAG,
		"getAllPermissionStates(packageName = " + packageName + ", deviceId = " + deviceId
		+ ", userId = " + userId + ")");
		return mService.getAllPermissionStates(packageName, deviceId, userId);
		}

		@Override

services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java

+22 −31

File changed.

Preview size limit exceeded, changes collapsed.