Maintain map of nanoapps that are permanently denied (1f78c988) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/location/contexthub/ContextHubClientBroker.java

+14 −5

Original line number	Diff line number	Diff line
		@@ -47,9 +47,11 @@ import android.util.proto.ProtoOutputStream;
		import com.android.server.location.ClientBrokerProto;

		import java.util.Collections;
		import java.util.HashSet;
		import java.util.Iterator;
		import java.util.List;
		import java.util.Map;
		import java.util.Set;
		import java.util.concurrent.ConcurrentHashMap;
		import java.util.concurrent.atomic.AtomicBoolean;
		import java.util.function.Supplier;
		@@ -205,14 +207,19 @@ public class ContextHubClientBroker extends IContextHubClient.Stub
		* allowed to communicate over that channel. A channel is defined to have been opened if the
		* client has sent or received messages from the particular nanoapp.
		*/
		private final Map<Long, Integer> mMessageChannelNanoappIdMap =
		new ConcurrentHashMap<Long, Integer>();
		private final Map<Long, Integer> mMessageChannelNanoappIdMap = new ConcurrentHashMap<>();

		/**
		* Set containing all nanoapps that have been forcefully transitioned to the denied
		* authorization state (via CLI) to ensure they don't transition back to the granted state
		* later if, for example, a permission check is performed due to another nanoapp
		*/
		private final Set<Long> mForceDeniedNapps = new HashSet<>();

		/**
		* Map containing all nanoapps that have active auth state denial timers.
		*/
		private final Map<Long, AuthStateDenialTimer> mNappToAuthTimerMap =
		new ConcurrentHashMap<Long, AuthStateDenialTimer>();
		private final Map<Long, AuthStateDenialTimer> mNappToAuthTimerMap = new ConcurrentHashMap<>();

		/**
		* Callback used to obtain the latest set of nanoapp permissions and verify this client has
		@@ -637,7 +644,8 @@ public class ContextHubClientBroker extends IContextHubClient.Stub
		private int updateNanoAppAuthState(
		long nanoAppId, List<String> nanoappPermissions, boolean gracePeriodExpired) {
		return updateNanoAppAuthState(
		nanoAppId, nanoappPermissions, gracePeriodExpired, false /* forceDenied */);
		nanoAppId, nanoappPermissions, gracePeriodExpired,
		mForceDeniedNapps.contains(nanoAppId) /* forceDenied */);
		}

		/**
		@@ -679,6 +687,7 @@ public class ContextHubClientBroker extends IContextHubClient.Stub
		// any state -> DENIED if "forceDenied" is true
		if (forceDenied) {
		newAuthState = AUTHORIZATION_DENIED;
		mForceDeniedNapps.add(nanoAppId);
		} else if (gracePeriodExpired) {
		if (curAuthState == AUTHORIZATION_DENIED_GRACE_PERIOD) {
		newAuthState = AUTHORIZATION_DENIED;