Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08274cd5 authored by Sunny Goyal's avatar Sunny Goyal Committed by Automerger Merge Worker
Browse files

Merge "Replacing some explicit recents components checks with permission...

Merge "Replacing some explicit recents components checks with permission checks" into sc-dev am: af31ae70

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13419109

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I376e20db898dc030bba1a9175d1ef7a0f6534185
parents bf25f91b af31ae70
Loading
Loading
Loading
Loading
+8 −8
Original line number Diff line number Diff line
@@ -2541,7 +2541,7 @@
    <!-- Allows an application to start a task from a ActivityManager#RecentTaskInfo.
         @hide -->
    <permission android:name="android.permission.START_TASKS_FROM_RECENTS"
        android:protectionLevel="signature|privileged" />
        android:protectionLevel="signature|privileged|recents" />

    <!-- @SystemApi @hide Allows an application to call APIs that allow it to do interactions
         across the users on the device, using singleton services and
@@ -2606,7 +2606,7 @@

    <!-- @SystemApi @TestApi @hide Allows an application to change to remove/kill tasks -->
    <permission android:name="android.permission.REMOVE_TASKS"
        android:protectionLevel="signature|documenter" />
        android:protectionLevel="signature|documenter|recents" />

    <!-- @deprecated Use MANAGE_ACTIVITY_TASKS instead.
         @SystemApi @TestApi @hide Allows an application to create/manage/remove stacks -->
@@ -2615,7 +2615,7 @@

    <!-- @SystemApi @TestApi @hide Allows an application to create/manage/remove tasks -->
    <permission android:name="android.permission.MANAGE_ACTIVITY_TASKS"
        android:protectionLevel="signature" />
        android:protectionLevel="signature|recents" />

    <!-- @SystemApi @TestApi @hide Allows an application to embed other activities -->
    <permission android:name="android.permission.ACTIVITY_EMBEDDING"
@@ -3284,7 +3284,7 @@
         and its icons.
         <p>Not for use by third-party applications. -->
    <permission android:name="android.permission.STATUS_BAR"
        android:protectionLevel="signature|privileged" />
        android:protectionLevel="signature|privileged|recents" />

    <!-- Allows an application to trigger bugreport via shell using the bugreport API.
        <p>Not for use by third-party applications.
@@ -3451,7 +3451,7 @@
         critical UI such as the home screen.
         @hide -->
    <permission android:name="android.permission.STOP_APP_SWITCHES"
        android:protectionLevel="signature|privileged" />
        android:protectionLevel="signature|privileged|recents" />

    <!-- @SystemApi Allows an application to retrieve private information about
         the current top activity, such as any assist context it can provide.
@@ -3836,7 +3836,7 @@
         @hide
    -->
    <permission android:name="android.permission.SET_ORIENTATION"
        android:protectionLevel="signature" />
        android:protectionLevel="signature|recents" />

    <!-- @SystemApi Allows low-level access to setting the pointer speed.
         <p>Not for use by third-party applications.
@@ -4100,7 +4100,7 @@
          @hide
          @removed -->
    <permission android:name="android.permission.READ_FRAME_BUFFER"
        android:protectionLevel="signature" />
        android:protectionLevel="signature|recents" />

    <!-- Allows an application to use InputFlinger's low level features.
         @hide -->
@@ -5277,7 +5277,7 @@
    <!-- @SystemApi Allows modifying accessibility state.
         @hide -->
    <permission android:name="android.permission.MANAGE_ACCESSIBILITY"
        android:protectionLevel="signature|setup" />
        android:protectionLevel="signature|setup|recents" />

    <!-- @SystemApi Allows an app to grant a profile owner access to device identifiers.
         <p>Not for use by third-party applications.
+3 −0
Original line number Diff line number Diff line
@@ -21,5 +21,8 @@
        <permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/>
        <permission name="android.permission.WRITE_SECURE_SETTINGS"/>
        <permission name="android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS"/>
        <permission name="android.permission.START_TASKS_FROM_RECENTS"/>
        <permission name="android.permission.STATUS_BAR"/>
        <permission name="android.permission.STOP_APP_SWITCHES"/>
    </privapp-permissions>
</permissions>
+2 −8
Original line number Diff line number Diff line
@@ -166,8 +166,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
    //       their capabilities are ready.
    private static final int WAIT_MOTION_INJECTOR_TIMEOUT_MILLIS = 1000;

    static final String FUNCTION_REGISTER_SYSTEM_ACTION = "registerSystemAction";
    static final String FUNCTION_UNREGISTER_SYSTEM_ACTION = "unregisterSystemAction";
    private static final String FUNCTION_REGISTER_UI_TEST_AUTOMATION_SERVICE =
        "registerUiTestAutomationService";

@@ -748,9 +746,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
     */
    @Override
    public void registerSystemAction(RemoteAction action, int actionId) {
        mSecurityPolicy.enforceCallerIsRecentsOrHasPermission(
                Manifest.permission.MANAGE_ACCESSIBILITY,
                FUNCTION_REGISTER_SYSTEM_ACTION);
        mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY);
        getSystemActionPerformer().registerSystemAction(actionId, action);
    }

@@ -761,9 +757,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
     */
    @Override
    public void unregisterSystemAction(int actionId) {
        mSecurityPolicy.enforceCallerIsRecentsOrHasPermission(
                Manifest.permission.MANAGE_ACCESSIBILITY,
                FUNCTION_UNREGISTER_SYSTEM_ACTION);
        mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY);
        getSystemActionPerformer().unregisterSystemAction(actionId);
    }

+0 −13
Original line number Diff line number Diff line
@@ -38,8 +38,6 @@ import android.util.Slog;
import android.view.accessibility.AccessibilityEvent;

import com.android.internal.util.ArrayUtils;
import com.android.server.LocalServices;
import com.android.server.wm.ActivityTaskManagerInternal;

import libcore.util.EmptyArray;

@@ -88,7 +86,6 @@ public class AccessibilitySecurityPolicy {

    private final AccessibilityUserManager mAccessibilityUserManager;
    private AccessibilityWindowManager mAccessibilityWindowManager;
    private final ActivityTaskManagerInternal mAtmInternal;

    /**
     * Constructor for AccessibilityManagerService.
@@ -100,7 +97,6 @@ public class AccessibilitySecurityPolicy {
        mPackageManager = mContext.getPackageManager();
        mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
        mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
        mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class);
    }

    /**
@@ -572,13 +568,4 @@ public class AccessibilitySecurityPolicy {
                    + permission);
        }
    }

    /**
     * Enforcing permission check to IPC caller or grant it if it's recents.
     *
     * @param permission The permission to check
     */
    public void enforceCallerIsRecentsOrHasPermission(@NonNull String permission, String func) {
        mAtmInternal.enforceCallerIsRecentsOrHasPermission(permission, func);
    }
}
+0 −6
Original line number Diff line number Diff line
@@ -278,12 +278,6 @@ public abstract class ActivityTaskManagerInternal {
     */
    public abstract void cancelRecentsAnimation(boolean restoreHomeRootTaskPosition);

    /**
     * This enforces {@code func} can only be called if either the caller is Recents activity or
     * has {@code permission}.
     */
    public abstract void enforceCallerIsRecentsOrHasPermission(String permission, String func);

    /**
     * Returns true if the app can close system dialogs. Otherwise it either throws a {@link
     * SecurityException} or returns false with a logcat message depending on whether the app
Loading