Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f2a5879 authored by Yeabkal Wubshit's avatar Yeabkal Wubshit Committed by Android (Google) Code Review
Browse files

Merge "Use PermissionManager for broadcast-delivery permission check" into main

parents b01916c3 ed20d052

services/core/java/com/android/server/am/BroadcastSkipPolicy.java

+46 −10
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.server.am; 
import static com.android.server.am.ActivityManagerDebugConfig.DEBUG_PERMISSIONS_REVIEW;

import static com.android.server.am.ActivityManagerService.checkComponentPermission;

import static com.android.server.am.BroadcastQueue.TAG;

import static com.android.server.am.Flags.usePermissionManagerForBroadcastDeliveryCheck;



import android.annotation.NonNull;

import android.annotation.Nullable;
@@ -27,6 +28,7 @@ import android.app.AppGlobals; 
import android.app.AppOpsManager;

import android.app.BroadcastOptions;

import android.app.PendingIntent;

import android.content.AttributionSource;

import android.content.ComponentName;

import android.content.IIntentSender;

import android.content.Intent;
@@ -39,6 +41,7 @@ import android.os.Process; 
import android.os.RemoteException;

import android.os.UserHandle;

import android.permission.IPermissionManager;

import android.permission.PermissionManager;

import android.util.Slog;



import com.android.internal.util.ArrayUtils;
@@ -54,6 +57,9 @@ import java.util.Objects; 
public class BroadcastSkipPolicy {

    private final ActivityManagerService mService;



    @Nullable

    private PermissionManager mPermissionManager;



    public BroadcastSkipPolicy(@NonNull ActivityManagerService service) {

        mService = Objects.requireNonNull(service);

    }
@@ -283,14 +289,35 @@ public class BroadcastSkipPolicy { 


        if (info.activityInfo.applicationInfo.uid != Process.SYSTEM_UID &&

                r.requiredPermissions != null && r.requiredPermissions.length > 0) {

            final AttributionSource attributionSource;

            if (usePermissionManagerForBroadcastDeliveryCheck()) {

                attributionSource =

                        new AttributionSource.Builder(info.activityInfo.applicationInfo.uid)

                                .setPackageName(info.activityInfo.packageName)

                                .build();

            } else {

                attributionSource = null;

            }

            for (int i = 0; i < r.requiredPermissions.length; i++) {

                String requiredPermission = r.requiredPermissions[i];

                try {

                    perm = AppGlobals.getPackageManager().

                            checkPermission(requiredPermission,

                    if (usePermissionManagerForBroadcastDeliveryCheck()) {

                        final PermissionManager permissionManager = getPermissionManager();

                        if (permissionManager != null) {

                            perm = permissionManager.checkPermissionForDataDelivery(

                                    requiredPermission, attributionSource, null /* message */);

                        } else {

                            // Assume permission denial if PermissionManager is not yet available.

                            perm = PackageManager.PERMISSION_DENIED;

                        }

                    } else {

                        perm = AppGlobals.getPackageManager()

                                .checkPermission(

                                        requiredPermission,

                                        info.activityInfo.applicationInfo.packageName,

                                        UserHandle

                                                .getUserId(info.activityInfo.applicationInfo.uid));

                    }

                } catch (RemoteException e) {

                    perm = PackageManager.PERMISSION_DENIED;

                }
@@ -302,6 +329,7 @@ public class BroadcastSkipPolicy { 
                            + " due to sender " + r.callerPackage

                            + " (uid " + r.callingUid + ")";

                }

                if (!usePermissionManagerForBroadcastDeliveryCheck()) {

                    int appOp = AppOpsManager.permissionToOpCode(requiredPermission);

                    if (appOp != AppOpsManager.OP_NONE && appOp != r.appOp) {

                        if (!noteOpForManifestReceiver(appOp, r, info, component)) {
@@ -311,6 +339,7 @@ public class BroadcastSkipPolicy { 
                    }

                }

            }

        }

        if (r.appOp != AppOpsManager.OP_NONE) {

            if (!noteOpForManifestReceiver(r.appOp, r, info, component)) {

                return "Skipping delivery to " + info.activityInfo.packageName
@@ -694,4 +723,11 @@ public class BroadcastSkipPolicy { 


        return false;

    }



    private PermissionManager getPermissionManager() {

        if (mPermissionManager == null) {

            mPermissionManager = mService.mContext.getSystemService(PermissionManager.class);

        }

        return mPermissionManager;

    }

}

services/core/java/com/android/server/am/flags.aconfig

+8 −0
Original line number Diff line number Diff line
@@ -86,3 +86,11 @@ flag { 
        purpose: PURPOSE_BUGFIX

    }

}



flag {

    namespace: "backstage_power"

    name: "use_permission_manager_for_broadcast_delivery_check"

    description: "Use PermissionManager API for broadcast delivery permission checks."

    bug: "315468967"

    is_fixed_read_only: true

}