Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08d28c2b authored by Bagus Maulana's avatar Bagus Maulana
Browse files

Make ag/18284930 work on Wear OS 

ag/18284930 assumes both user_setup_complete and
user_setup_personalization_state is always present, which may not be the
case in non-phone form factors (e.g. Wear OS does not set
user_setup_personalization_state, as it does not support deferred setup).
This check should still work if only one or the other is present.

Bug: 343281256
Test: atest FrameworksServicesTests:LegacyPermissionManagerServiceTest
Change-Id: Icb69c11efda253e2b3cc0d0563275cbbdc01fd36
parent ba89d985

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+25 −10
Original line number Diff line number Diff line
@@ -165,6 +165,7 @@ import java.util.Iterator; 
import java.util.List;

import java.util.Map;

import java.util.Objects;

import java.util.Optional;

import java.util.Set;

import java.util.concurrent.CompletableFuture;

import java.util.concurrent.ExecutionException;
@@ -368,18 +369,32 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 
                return false;

            }



            try {

            int userId = UserHandle.getUserId(uid);

                boolean isInSetup = Settings.Secure.getIntForUser(mContext.getContentResolver(),

                        Settings.Secure.USER_SETUP_COMPLETE, userId) == 0;

                boolean isInDeferredSetup = Settings.Secure.getIntForUser(

                        mContext.getContentResolver(),

                        Settings.Secure.USER_SETUP_PERSONALIZATION_STATE, userId)

                        == Settings.Secure.USER_SETUP_PERSONALIZATION_STARTED;

                return isInSetup || isInDeferredSetup;



            boolean isInSetup =

                    getSecureInt(Settings.Secure.USER_SETUP_COMPLETE, userId)

                             .map(setupState -> setupState == 0)

                             .orElse(false);

            if (isInSetup) {

                return true;

            }



            boolean isInDeferredSetup =

                    getSecureInt(Settings.Secure.USER_SETUP_PERSONALIZATION_STATE, userId)

                            .map(state ->

                                    state == Settings.Secure.USER_SETUP_PERSONALIZATION_STARTED)

                            .orElse(false);

            return isInDeferredSetup;

        }



        private Optional<Integer> getSecureInt(String settingName, int userId) {

            try {

                return Optional.of(

                        Settings.Secure.getIntForUser(

                                mContext.getContentResolver(), settingName, userId));

            } catch (Settings.SettingNotFoundException e) {

                Slog.w(LOG_TAG, "Failed to check if the user is in restore: " + e);

                return false;

                Slog.i(LOG_TAG, "Setting " + settingName + " not found", e);

                return Optional.empty();

            }

        }

services/permission/java/com/android/server/permission/access/permission/PermissionService.kt

+22 −29
Original line number Diff line number Diff line
@@ -533,8 +533,7 @@ class PermissionService(private val service: AccessCheckingService) : 
        val packageState =

            packageManagerLocal.withFilteredSnapshot(Binder.getCallingUid(), userId).use {

                it.getPackageState(packageName)

            }

                ?: return PackageManager.PERMISSION_DENIED

            } ?: return PackageManager.PERMISSION_DENIED



        val isPermissionGranted =

            service.getState { isPermissionGranted(packageState, userId, permissionName, deviceId) }
@@ -1164,8 +1163,7 @@ class PermissionService(private val service: AccessCheckingService) : 
        val packageState =

            packageManagerLocal.withFilteredSnapshot(Binder.getCallingUid(), userId).use {

                it.getPackageState(packageName)

            }

                ?: return false

            } ?: return false



        service.getState {

            if (isPermissionGranted(packageState, userId, permissionName, deviceId)) {
@@ -1216,8 +1214,7 @@ class PermissionService(private val service: AccessCheckingService) : 
        val packageState =

            packageManagerLocal.withFilteredSnapshot(callingUid, userId).use {

                it.getPackageState(packageName)

            }

                ?: return false

            } ?: return false

        val appId = packageState.appId

        if (UserHandle.getAppId(callingUid) != appId) {

            return false
@@ -1546,8 +1543,7 @@ class PermissionService(private val service: AccessCheckingService) : 
        val packageState =

            packageManagerLocal.withFilteredSnapshot(callingUid, userId).use {

                it.getPackageState(packageName)

            }

                ?: return null

            } ?: return null

        val androidPackage = packageState.androidPackage ?: return null



        val isCallerPrivileged =
@@ -1710,8 +1706,7 @@ class PermissionService(private val service: AccessCheckingService) : 
                    PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER,

                    userId

                )

                ?.let { ArraySet(permissionNames).apply { this += it }.toList() }

                ?: permissionNames

                ?.let { ArraySet(permissionNames).apply { this += it }.toList() } ?: permissionNames



        setAllowlistedRestrictedPermissionsUnchecked(

            androidPackage,
@@ -2753,26 +2748,24 @@ class PermissionService(private val service: AccessCheckingService) : 
            ) {

                return false

            }

            return try {

                val contentResolver = context.contentResolver



            val userId = UserHandle.getUserId(uid)

                val isInSetup =

                    Settings.Secure.getIntForUser(

                        contentResolver,

                        Settings.Secure.USER_SETUP_COMPLETE,

                        userId

                    ) == 0



            val isInSetup = getSecureInt(Settings.Secure.USER_SETUP_COMPLETE, userId) == 0

            if (isInSetup) return true



            val isInDeferredSetup =

                    Settings.Secure.getIntForUser(

                        contentResolver,

                        Settings.Secure.USER_SETUP_PERSONALIZATION_STATE,

                        userId

                    ) == Settings.Secure.USER_SETUP_PERSONALIZATION_STARTED

                isInSetup || isInDeferredSetup

            } catch (e: Settings.SettingNotFoundException) {

                Slog.w(LOG_TAG, "Failed to check if the user is in restore: $e")

                false

                getSecureInt(Settings.Secure.USER_SETUP_PERSONALIZATION_STATE, userId) ==

                    Settings.Secure.USER_SETUP_PERSONALIZATION_STARTED

            return isInDeferredSetup

        }



        private fun getSecureInt(settingName: String, userId: Int): Int? =

            try {

                Settings.Secure.getIntForUser(context.contentResolver, settingName, userId)

            } catch (e: Settings.SettingNotFoundException) {

                Slog.i(LOG_TAG, "Setting $settingName not found", e)

                null

            }

    }