Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 099f584f authored by Harsh Lal's avatar Harsh Lal
Browse files

Add privileged APIs with origin 

Permission PROVIDE_DEFAULT_ENABLED_SYSTEM_PROVIDER is used in  http://cs/android-internal/frameworks/base/core/java/android/service/credentials/CredentialProviderInfo.java;l=178;rcl=de4db481486429671cc309f0586125ac308ceb23

Bug: 268097161
API-Coverage-Bug: 247549381
Test: local-deployment
Change-Id: I56c4a4fa5b2a01c8c5a2231e2cc4cab34236298d
parent 7960b206

core/api/current.txt

+3 −0
Original line number Diff line number Diff line
@@ -83,6 +83,7 @@ package android { 
    field public static final String CLEAR_APP_CACHE = "android.permission.CLEAR_APP_CACHE";

    field public static final String CONFIGURE_WIFI_DISPLAY = "android.permission.CONFIGURE_WIFI_DISPLAY";

    field public static final String CONTROL_LOCATION_UPDATES = "android.permission.CONTROL_LOCATION_UPDATES";

    field public static final String CREDENTIAL_MANAGER_SET_ORIGIN = "android.permission.CREDENTIAL_MANAGER_SET_ORIGIN";

    field public static final String DELETE_CACHE_FILES = "android.permission.DELETE_CACHE_FILES";

    field public static final String DELETE_PACKAGES = "android.permission.DELETE_PACKAGES";

    field public static final String DELIVER_COMPANION_MESSAGES = "android.permission.DELIVER_COMPANION_MESSAGES";
@@ -13514,7 +13515,9 @@ package android.credentials { 
  public final class CredentialManager {

    method public void clearCredentialState(@NonNull android.credentials.ClearCredentialStateRequest, @Nullable android.os.CancellationSignal, @NonNull java.util.concurrent.Executor, @NonNull android.os.OutcomeReceiver<java.lang.Void,android.credentials.ClearCredentialStateException>);

    method public void createCredential(@NonNull android.credentials.CreateCredentialRequest, @NonNull android.app.Activity, @Nullable android.os.CancellationSignal, @NonNull java.util.concurrent.Executor, @NonNull android.os.OutcomeReceiver<android.credentials.CreateCredentialResponse,android.credentials.CreateCredentialException>);

    method @RequiresPermission(android.Manifest.permission.CREDENTIAL_MANAGER_SET_ORIGIN) public void createCredentialWithOrigin(@NonNull android.credentials.CreateCredentialRequest, @Nullable String, @NonNull android.app.Activity, @Nullable android.os.CancellationSignal, @NonNull java.util.concurrent.Executor, @NonNull android.os.OutcomeReceiver<android.credentials.CreateCredentialResponse,android.credentials.CreateCredentialException>);

    method public void getCredential(@NonNull android.credentials.GetCredentialRequest, @NonNull android.app.Activity, @Nullable android.os.CancellationSignal, @NonNull java.util.concurrent.Executor, @NonNull android.os.OutcomeReceiver<android.credentials.GetCredentialResponse,android.credentials.GetCredentialException>);

    method @RequiresPermission(android.Manifest.permission.CREDENTIAL_MANAGER_SET_ORIGIN) public void getCredentialWithOrigin(@NonNull android.credentials.GetCredentialRequest, @Nullable String, @NonNull android.app.Activity, @Nullable android.os.CancellationSignal, @NonNull java.util.concurrent.Executor, @NonNull android.os.OutcomeReceiver<android.credentials.GetCredentialResponse,android.credentials.GetCredentialException>);

    method public boolean isEnabledCredentialProviderService(@NonNull android.content.ComponentName);

    method public void registerCredentialDescription(@NonNull android.credentials.RegisterCredentialDescriptionRequest);

    method public void unregisterCredentialDescription(@NonNull android.credentials.UnregisterCredentialDescriptionRequest);

core/api/system-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -246,6 +246,8 @@ package android { 
    field public static final String PERFORM_IMS_SINGLE_REGISTRATION = "android.permission.PERFORM_IMS_SINGLE_REGISTRATION";

    field public static final String PERFORM_SIM_ACTIVATION = "android.permission.PERFORM_SIM_ACTIVATION";

    field public static final String POWER_SAVER = "android.permission.POWER_SAVER";

    field public static final String PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE = "android.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE";

    field public static final String PROVIDE_HYBRID_CREDENTIAL_SERVICE = "android.permission.PROVIDE_HYBRID_CREDENTIAL_SERVICE";

    field public static final String PROVIDE_RESOLVER_RANKER_SERVICE = "android.permission.PROVIDE_RESOLVER_RANKER_SERVICE";

    field public static final String PROVIDE_TRUST_AGENT = "android.permission.PROVIDE_TRUST_AGENT";

    field public static final String PROVISION_DEMO_DEVICE = "android.permission.PROVISION_DEMO_DEVICE";

core/java/android/credentials/CredentialManager.java

+105 −0
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package android.credentials;



import static android.Manifest.permission.CREDENTIAL_MANAGER_SET_ORIGIN;



import static java.util.Objects.requireNonNull;



import android.annotation.CallbackExecutor;
@@ -123,6 +125,57 @@ public final class CredentialManager { 
        }

    }



    /**

     * Launches the necessary flows to retrieve an app credential from the user, for the given

     * origin.

     *

     * <p>The execution can potentially launch UI flows to collect user consent to using a

     * credential, display a picker when multiple credentials exist, etc.

     *

     * @param request the request specifying type(s) of credentials to get from the user

     * @param origin the origin of the calling app. Callers of this special API (e.g. browsers)

     * can set this origin for an app different from their own, to be able to get credentials

     * on behalf of that app.

     * @param activity the activity used to launch any UI needed

     * @param cancellationSignal an optional signal that allows for cancelling this call

     * @param executor the callback will take place on this {@link Executor}

     * @param callback the callback invoked when the request succeeds or fails

     */

    @RequiresPermission(CREDENTIAL_MANAGER_SET_ORIGIN)

    public void getCredentialWithOrigin(

            @NonNull GetCredentialRequest request,

            @Nullable String origin,

            @NonNull Activity activity,

            @Nullable CancellationSignal cancellationSignal,

            @CallbackExecutor @NonNull Executor executor,

            @NonNull OutcomeReceiver<GetCredentialResponse, GetCredentialException> callback) {

        requireNonNull(request, "request must not be null");

        requireNonNull(activity, "activity must not be null");

        requireNonNull(executor, "executor must not be null");

        requireNonNull(callback, "callback must not be null");



        if (cancellationSignal != null && cancellationSignal.isCanceled()) {

            Log.w(TAG, "getCredential already canceled");

            return;

        }



        ICancellationSignal cancelRemote = null;

        try {

            cancelRemote =

                mService.executeGetCredentialWithOrigin(

                    request,

                    new GetCredentialTransport(activity, executor, callback),

                    mContext.getOpPackageName(),

                    origin);

        } catch (RemoteException e) {

            e.rethrowFromSystemServer();

        }



        if (cancellationSignal != null && cancelRemote != null) {

            cancellationSignal.setRemote(cancelRemote);

        }

    }



    /**

     * Launches the necessary flows to register an app credential for the user.

     *
@@ -168,6 +221,58 @@ public final class CredentialManager { 
        }

    }



    /**

     * Launches the necessary flows to register an app credential for the user.

     *

     * <p>The execution can potentially launch UI flows to collect user consent to creating or

     * storing the new credential, etc.

     *

     * @param request the request specifying type(s) of credentials to get from the user, for the

     * given origin

     * @param origin the origin of the calling app. Callers of this special API (e.g. browsers)

     * can set this origin for an app different from their own, to be able to get credentials

     * on behalf of that app.

     * @param activity the activity used to launch any UI needed

     * @param cancellationSignal an optional signal that allows for cancelling this call

     * @param executor the callback will take place on this {@link Executor}

     * @param callback the callback invoked when the request succeeds or fails

     */

    @RequiresPermission(CREDENTIAL_MANAGER_SET_ORIGIN)

    public void createCredentialWithOrigin(

            @NonNull CreateCredentialRequest request,

            @Nullable String origin,

            @NonNull Activity activity,

            @Nullable CancellationSignal cancellationSignal,

            @CallbackExecutor @NonNull Executor executor,

            @NonNull

            OutcomeReceiver<CreateCredentialResponse, CreateCredentialException> callback) {

        requireNonNull(request, "request must not be null");

        requireNonNull(activity, "activity must not be null");

        requireNonNull(executor, "executor must not be null");

        requireNonNull(callback, "callback must not be null");



        if (cancellationSignal != null && cancellationSignal.isCanceled()) {

            Log.w(TAG, "createCredential already canceled");

            return;

        }



        ICancellationSignal cancelRemote = null;

        try {

            cancelRemote =

                mService.executeCreateCredentialWithOrigin(

                    request,

                    new CreateCredentialTransport(activity, executor, callback),

                    mContext.getOpPackageName(),

                    origin);

        } catch (RemoteException e) {

            e.rethrowFromSystemServer();

        }



        if (cancellationSignal != null && cancelRemote != null) {

            cancellationSignal.setRemote(cancelRemote);

        }

    }



    /**

     * Clears the current user credential state from all credential providers.

     *

core/java/android/credentials/ICredentialManager.aidl

+4 −0
Original line number Diff line number Diff line
@@ -40,8 +40,12 @@ interface ICredentialManager { 


    @nullable ICancellationSignal executeGetCredential(in GetCredentialRequest request, in IGetCredentialCallback callback, String callingPackage);



    @nullable ICancellationSignal executeGetCredentialWithOrigin(in GetCredentialRequest request, in IGetCredentialCallback callback, String callingPackage, String origin);



    @nullable ICancellationSignal executeCreateCredential(in CreateCredentialRequest request, in ICreateCredentialCallback callback, String callingPackage);



    @nullable ICancellationSignal executeCreateCredentialWithOrigin(in CreateCredentialRequest request, in ICreateCredentialCallback callback, String callingPackage, String origin);



    @nullable ICancellationSignal clearCredentialState(in ClearCredentialStateRequest request, in IClearCredentialStateCallback callback, String callingPackage);



    @nullable ICancellationSignal listEnabledProviders(in IListEnabledProvidersCallback callback);

core/java/android/service/credentials/CredentialProviderInfo.java

+2 −1
Original line number Diff line number Diff line
@@ -175,7 +175,8 @@ public final class CredentialProviderInfo { 
                        serviceInfo.packageName,

                        PackageManager.ApplicationInfoFlags.of(PackageManager.MATCH_SYSTEM_ONLY));

                if (appInfo != null

                        && context.checkPermission(Manifest.permission.SYSTEM_CREDENTIAL_PROVIDER,

                        && context.checkPermission(

                                Manifest.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE,

                        /*pId=*/-1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) {

                    services.add(new CredentialProviderInfo(context, serviceInfo,

                            /*isSystemProvider=*/true));