Loading services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +4 −2 Original line number Diff line number Diff line Loading @@ -664,7 +664,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub */ @Override public void registerSystemAction(RemoteAction action, int actionId) { mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY, mSecurityPolicy.enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, FUNCTION_REGISTER_SYSTEM_ACTION); mSystemActionPerformer.registerSystemAction(actionId, action); } Loading @@ -676,7 +677,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub */ @Override public void unregisterSystemAction(int actionId) { mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY, mSecurityPolicy.enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, FUNCTION_UNREGISTER_SYSTEM_ACTION); mSystemActionPerformer.unregisterSystemAction(actionId); } Loading services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java +13 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,8 @@ import android.util.Slog; import android.view.accessibility.AccessibilityEvent; import com.android.internal.util.ArrayUtils; import com.android.server.LocalServices; import com.android.server.wm.ActivityTaskManagerInternal; import libcore.util.EmptyArray; Loading Loading @@ -86,6 +88,7 @@ public class AccessibilitySecurityPolicy { private final AccessibilityUserManager mAccessibilityUserManager; private AccessibilityWindowManager mAccessibilityWindowManager; private final ActivityTaskManagerInternal mAtmInternal; /** * Constructor for AccessibilityManagerService. Loading @@ -97,6 +100,7 @@ public class AccessibilitySecurityPolicy { mPackageManager = mContext.getPackageManager(); mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class); } /** Loading Loading @@ -563,4 +567,13 @@ public class AccessibilitySecurityPolicy { + permission); } } /** * Enforcing permission check to IPC caller or grant it if it's recents. * * @param permission The permission to check */ public void enforceCallerIsRecentsOrHasPermission(@NonNull String permission, String func) { mAtmInternal.enforceCallerIsRecentsOrHasPermission(permission, func); } } services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java +8 −6 Original line number Diff line number Diff line Loading @@ -145,7 +145,8 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase { @SmallTest public void testRegisterSystemActionWithoutPermission() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission( doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION); Loading @@ -165,7 +166,8 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase { @SmallTest public void testUnregisterSystemActionWithoutPermission() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission( doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION); Loading services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java +18 −0 Original line number Diff line number Diff line Loading @@ -47,6 +47,9 @@ import android.util.ArraySet; import android.view.accessibility.AccessibilityEvent; import android.view.accessibility.AccessibilityWindowInfo; import com.android.server.LocalServices; import com.android.server.wm.ActivityTaskManagerInternal; import org.junit.Before; import org.junit.Rule; import org.junit.Test; Loading @@ -67,6 +70,9 @@ public class AccessibilitySecurityPolicyTest { private static final int WINDOWID2 = 0x000b; private static final int APP_UID = 10400; private static final String PERMISSION = "test-permission"; private static final String FUNCTION = "test-function-name"; private static final int[] ALWAYS_DISPATCH_EVENTS = { AccessibilityEvent.TYPE_WINDOW_STATE_CHANGED, AccessibilityEvent.TYPE_NOTIFICATION_STATE_CHANGED, Loading Loading @@ -111,6 +117,7 @@ public class AccessibilitySecurityPolicyTest { @Mock private AccessibilityWindowManager mMockA11yWindowManager; @Mock private AppWidgetManagerInternal mMockAppWidgetManager; @Mock private AccessibilitySecurityPolicy.AccessibilityUserManager mMockA11yUserManager; @Mock private ActivityTaskManagerInternal mMockActivityTaskManagerInternal; @Before public void setUp() { Loading @@ -119,6 +126,10 @@ public class AccessibilitySecurityPolicyTest { when(mMockContext.getSystemService(Context.USER_SERVICE)).thenReturn(mMockUserManager); when(mMockContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mMockAppOpsManager); LocalServices.removeServiceForTest(ActivityTaskManagerInternal.class); LocalServices.addService( ActivityTaskManagerInternal.class, mMockActivityTaskManagerInternal); mA11ySecurityPolicy = new AccessibilitySecurityPolicy(mMockContext, mMockA11yUserManager); mA11ySecurityPolicy.setAccessibilityWindowManager(mMockA11yWindowManager); mA11ySecurityPolicy.setAppWidgetManager(mMockAppWidgetManager); Loading Loading @@ -469,4 +480,11 @@ public class AccessibilitySecurityPolicyTest { verify(mMockAppOpsManager).noteOpNoThrow(AppOpsManager.OPSTR_ACCESS_ACCESSIBILITY, APP_UID, PACKAGE_NAME); } @Test public void testEnforceCallerIsRecentsOrHasPermission() { mA11ySecurityPolicy.enforceCallerIsRecentsOrHasPermission(PERMISSION, FUNCTION); verify(mMockActivityTaskManagerInternal).enforceCallerIsRecentsOrHasPermission( PERMISSION, FUNCTION); } } Loading
services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +4 −2 Original line number Diff line number Diff line Loading @@ -664,7 +664,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub */ @Override public void registerSystemAction(RemoteAction action, int actionId) { mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY, mSecurityPolicy.enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, FUNCTION_REGISTER_SYSTEM_ACTION); mSystemActionPerformer.registerSystemAction(actionId, action); } Loading @@ -676,7 +677,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub */ @Override public void unregisterSystemAction(int actionId) { mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY, mSecurityPolicy.enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, FUNCTION_UNREGISTER_SYSTEM_ACTION); mSystemActionPerformer.unregisterSystemAction(actionId); } Loading
services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java +13 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,8 @@ import android.util.Slog; import android.view.accessibility.AccessibilityEvent; import com.android.internal.util.ArrayUtils; import com.android.server.LocalServices; import com.android.server.wm.ActivityTaskManagerInternal; import libcore.util.EmptyArray; Loading Loading @@ -86,6 +88,7 @@ public class AccessibilitySecurityPolicy { private final AccessibilityUserManager mAccessibilityUserManager; private AccessibilityWindowManager mAccessibilityWindowManager; private final ActivityTaskManagerInternal mAtmInternal; /** * Constructor for AccessibilityManagerService. Loading @@ -97,6 +100,7 @@ public class AccessibilitySecurityPolicy { mPackageManager = mContext.getPackageManager(); mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class); } /** Loading Loading @@ -563,4 +567,13 @@ public class AccessibilitySecurityPolicy { + permission); } } /** * Enforcing permission check to IPC caller or grant it if it's recents. * * @param permission The permission to check */ public void enforceCallerIsRecentsOrHasPermission(@NonNull String permission, String func) { mAtmInternal.enforceCallerIsRecentsOrHasPermission(permission, func); } }
services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java +8 −6 Original line number Diff line number Diff line Loading @@ -145,7 +145,8 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase { @SmallTest public void testRegisterSystemActionWithoutPermission() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission( doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION); Loading @@ -165,7 +166,8 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase { @SmallTest public void testUnregisterSystemActionWithoutPermission() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission( doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallerIsRecentsOrHasPermission( Manifest.permission.MANAGE_ACCESSIBILITY, AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION); Loading
services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java +18 −0 Original line number Diff line number Diff line Loading @@ -47,6 +47,9 @@ import android.util.ArraySet; import android.view.accessibility.AccessibilityEvent; import android.view.accessibility.AccessibilityWindowInfo; import com.android.server.LocalServices; import com.android.server.wm.ActivityTaskManagerInternal; import org.junit.Before; import org.junit.Rule; import org.junit.Test; Loading @@ -67,6 +70,9 @@ public class AccessibilitySecurityPolicyTest { private static final int WINDOWID2 = 0x000b; private static final int APP_UID = 10400; private static final String PERMISSION = "test-permission"; private static final String FUNCTION = "test-function-name"; private static final int[] ALWAYS_DISPATCH_EVENTS = { AccessibilityEvent.TYPE_WINDOW_STATE_CHANGED, AccessibilityEvent.TYPE_NOTIFICATION_STATE_CHANGED, Loading Loading @@ -111,6 +117,7 @@ public class AccessibilitySecurityPolicyTest { @Mock private AccessibilityWindowManager mMockA11yWindowManager; @Mock private AppWidgetManagerInternal mMockAppWidgetManager; @Mock private AccessibilitySecurityPolicy.AccessibilityUserManager mMockA11yUserManager; @Mock private ActivityTaskManagerInternal mMockActivityTaskManagerInternal; @Before public void setUp() { Loading @@ -119,6 +126,10 @@ public class AccessibilitySecurityPolicyTest { when(mMockContext.getSystemService(Context.USER_SERVICE)).thenReturn(mMockUserManager); when(mMockContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mMockAppOpsManager); LocalServices.removeServiceForTest(ActivityTaskManagerInternal.class); LocalServices.addService( ActivityTaskManagerInternal.class, mMockActivityTaskManagerInternal); mA11ySecurityPolicy = new AccessibilitySecurityPolicy(mMockContext, mMockA11yUserManager); mA11ySecurityPolicy.setAccessibilityWindowManager(mMockA11yWindowManager); mA11ySecurityPolicy.setAppWidgetManager(mMockAppWidgetManager); Loading Loading @@ -469,4 +480,11 @@ public class AccessibilitySecurityPolicyTest { verify(mMockAppOpsManager).noteOpNoThrow(AppOpsManager.OPSTR_ACCESS_ACCESSIBILITY, APP_UID, PACKAGE_NAME); } @Test public void testEnforceCallerIsRecentsOrHasPermission() { mA11ySecurityPolicy.enforceCallerIsRecentsOrHasPermission(PERMISSION, FUNCTION); verify(mMockActivityTaskManagerInternal).enforceCallerIsRecentsOrHasPermission( PERMISSION, FUNCTION); } }
