Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e931d10 authored by Thiébaud Weksteen's avatar Thiébaud Weksteen
Browse files

Migrate DynamicSystemService to @EnforcePermission 

Test: Manually inspect IDynamicSystemService.java; permission checks are
      correctly generated
Bug: 197828948
Change-Id: Ibe060a072e0fa8af140b89d74e6fba0535abd84b
parent c9d4f279

core/java/android/os/image/IDynamicSystemService.aidl

+15 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ interface IDynamicSystemService 
     * @param dsuSlot Name used to identify this installation

     * @return true if the call succeeds

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean startInstallation(@utf8InCpp String dsuSlot);



    /**
@@ -36,6 +37,7 @@ interface IDynamicSystemService 
     * @param readOnly True if this partition is readOnly

     * @return true if the call succeeds

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean createPartition(@utf8InCpp String name, long size, boolean readOnly);



    /**
@@ -43,12 +45,14 @@ interface IDynamicSystemService 
     *

     * @return true if the partition installation completes without error.

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean closePartition();



    /**

     * Finish a previously started installation. Installations without

     * a cooresponding finishInstallation() will be cleaned up during device boot.

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean finishInstallation();



    /**
@@ -57,6 +61,7 @@ interface IDynamicSystemService 
     *

     * @return GsiProgress

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    GsiProgress getInstallationProgress();



    /**
@@ -66,21 +71,25 @@ interface IDynamicSystemService 
     *

     * @return true if the call succeeds

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean abort();



    /**

     * @return true if the device is running an DynamicAnroid image

     */

    @RequiresNoPermission

    boolean isInUse();



    /**

     * @return true if the device has an DynamicSystem image installed

     */

    @RequiresNoPermission

    boolean isInstalled();



    /**

     * @return true if the device has an DynamicSystem image enabled

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean isEnabled();



    /**
@@ -88,6 +97,7 @@ interface IDynamicSystemService 
     *

     * @return true if the call succeeds

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean remove();



    /**
@@ -97,6 +107,7 @@ interface IDynamicSystemService 
     *

     * @return true if the call succeeds

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean setEnable(boolean enable, boolean oneShot);



    /**
@@ -106,6 +117,7 @@ interface IDynamicSystemService 
     * @param fd            fd that points to a ashmem

     * @param size          size of the ashmem file

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean setAshmem(in ParcelFileDescriptor fd, long size);



    /**
@@ -115,6 +127,7 @@ interface IDynamicSystemService 
     * @param bytes         number of bytes that can be read from stream.

     * @return              true on success, false otherwise.

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean submitFromAshmem(long bytes);



    /**
@@ -124,10 +137,12 @@ interface IDynamicSystemService 
     * @return              true on success, false if partition doesn't have a

     *                      valid VBMeta block to retrieve the AVB key from.

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    boolean getAvbPublicKey(out AvbPublicKey dst);



    /**

     * Returns the suggested scratch partition size for overlayFS.

     */

    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")

    long suggestScratchSize();

}

services/core/java/com/android/server/DynamicSystemService.java

+17 −9
Original line number Diff line number Diff line
@@ -16,8 +16,9 @@ 


package com.android.server;



import android.annotation.EnforcePermission;

import android.annotation.RequiresNoPermission;

import android.content.Context;

import android.content.pm.PackageManager;

import android.gsi.AvbPublicKey;

import android.gsi.GsiProgress;

import android.gsi.IGsiService;
@@ -53,20 +54,12 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    private IGsiService getGsiService() {

        checkPermission();

        if (mGsiService != null) {

            return mGsiService;

        }

        return IGsiService.Stub.asInterface(ServiceManager.waitForService("gsiservice"));

    }



    private void checkPermission() {

        if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

                != PackageManager.PERMISSION_GRANTED) {

            throw new SecurityException("Requires MANAGE_DYNAMIC_SYSTEM permission");

        }

    }



    class GsiServiceCallback extends IGsiServiceCallback.Stub {

        // 0 for success

        private int mResult = -1;
@@ -82,6 +75,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean startInstallation(String dsuSlot) throws RemoteException {

        IGsiService service = getGsiService();

        mGsiService = service;
@@ -124,6 +118,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean createPartition(String name, long size, boolean readOnly)

            throws RemoteException {

        IGsiService service = getGsiService();
@@ -135,6 +130,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean closePartition() throws RemoteException {

        IGsiService service = getGsiService();

        if (service.closePartition() != 0) {
@@ -145,6 +141,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean finishInstallation() throws RemoteException {

        IGsiService service = getGsiService();

        if (service.closeInstall() != 0) {
@@ -155,21 +152,25 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public GsiProgress getInstallationProgress() throws RemoteException {

        return getGsiService().getInstallProgress();

    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean abort() throws RemoteException {

        return getGsiService().cancelGsiInstall();

    }



    @Override

    @RequiresNoPermission

    public boolean isInUse() {

        return SystemProperties.getBoolean("ro.gsid.image_running", false);

    }



    @Override

    @RequiresNoPermission

    public boolean isInstalled() {

        boolean installed = SystemProperties.getBoolean("gsid.image_installed", false);

        Slog.i(TAG, "isInstalled(): " + installed);
@@ -177,11 +178,13 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean isEnabled() throws RemoteException {

        return getGsiService().isGsiEnabled();

    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean remove() throws RemoteException {

        try {

            GsiServiceCallback callback = new GsiServiceCallback();
@@ -197,6 +200,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean setEnable(boolean enable, boolean oneShot) throws RemoteException {

        IGsiService gsiService = getGsiService();

        if (enable) {
@@ -220,6 +224,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean setAshmem(ParcelFileDescriptor ashmem, long size) {

        try {

            return getGsiService().setGsiAshmem(ashmem, size);
@@ -229,6 +234,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean submitFromAshmem(long size) {

        try {

            return getGsiService().commitGsiChunkFromAshmem(size);
@@ -238,6 +244,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public boolean getAvbPublicKey(AvbPublicKey dst) {

        try {

            return getGsiService().getAvbPublicKey(dst) == 0;
@@ -247,6 +254,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { 
    }



    @Override

    @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)

    public long suggestScratchSize() throws RemoteException {

        return getGsiService().suggestScratchSize();

    }