Merge "Revert "Add API to allow apps with location permission to access data blobs."" into sc-dev

    public @NonNull ParcelFileDescriptor openBlob(@NonNull BlobHandle blobHandle)

    public @NonNull ParcelFileDescriptor openBlob(@NonNull BlobHandle blobHandle)

            throws IOException {

            throws IOException {

        try {

        try {

            return mService.openBlob(blobHandle, mContext.getOpPackageName(),

            return mService.openBlob(blobHandle, mContext.getOpPackageName());

                    mContext.getAttributionTag());

        } catch (ParcelableException e) {

        } catch (ParcelableException e) {

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(IOException.class);

            throw new RuntimeException(e);

            throw new RuntimeException(e);

            @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException {

            @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException {

        try {

        try {

            mService.acquireLease(blobHandle, descriptionResId, null, leaseExpiryTimeMillis,

            mService.acquireLease(blobHandle, descriptionResId, null, leaseExpiryTimeMillis,

                    mContext.getOpPackageName(), mContext.getAttributionTag());

                    mContext.getOpPackageName());

        } catch (ParcelableException e) {

        } catch (ParcelableException e) {

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(LimitExceededException.class);

            e.maybeRethrow(LimitExceededException.class);

            @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException {

            @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException {

        try {

        try {

            mService.acquireLease(blobHandle, INVALID_RES_ID, description, leaseExpiryTimeMillis,

            mService.acquireLease(blobHandle, INVALID_RES_ID, description, leaseExpiryTimeMillis,

                    mContext.getOpPackageName(), mContext.getAttributionTag());

                    mContext.getOpPackageName());

        } catch (ParcelableException e) {

        } catch (ParcelableException e) {

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(LimitExceededException.class);

            e.maybeRethrow(LimitExceededException.class);

     */

     */

    public void releaseLease(@NonNull BlobHandle blobHandle) throws IOException {

    public void releaseLease(@NonNull BlobHandle blobHandle) throws IOException {

        try {

        try {

            mService.releaseLease(blobHandle, mContext.getOpPackageName(),

            mService.releaseLease(blobHandle, mContext.getOpPackageName());

                    mContext.getAttributionTag());

        } catch (ParcelableException e) {

        } catch (ParcelableException e) {

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(IOException.class);

            throw new RuntimeException(e);

            throw new RuntimeException(e);

    @Nullable

    @Nullable

    public LeaseInfo getLeaseInfo(@NonNull BlobHandle blobHandle) throws IOException {

    public LeaseInfo getLeaseInfo(@NonNull BlobHandle blobHandle) throws IOException {

        try {

        try {

            return mService.getLeaseInfo(blobHandle, mContext.getOpPackageName(),

            return mService.getLeaseInfo(blobHandle, mContext.getOpPackageName());

                    mContext.getAttributionTag());

        } catch (ParcelableException e) {

        } catch (ParcelableException e) {

            e.maybeRethrow(IOException.class);

            e.maybeRethrow(IOException.class);

            throw new RuntimeException(e);

            throw new RuntimeException(e);

            }

            }

        }

        }

        /**

         * Allow apps with location permission to access this blob data once it is committed using

         * a {@link BlobHandle} representing the blob.

         *

         * <p> This needs to be called before committing the blob using

         * {@link #commit(Executor, Consumer)}.

         *

         * Note that if a caller allows access to the blob using this API in addition to other APIs

         * like {@link #allowPackageAccess(String, byte[])}, then apps satisfying any one of these

         * access conditions will be allowed to access the blob.

         *

         * @param permissionName the name of the location permission that needs to be granted

         *                       for the app. This can be either one of

         *                       {@link android.Manifest.permission#ACCESS_FINE_LOCATION} or

         *                       {@link android.Manifest.permission#ACCESS_COARSE_LOCATION}.

         *

         * @throws IOException when there is an I/O error while changing the access.

         * @throws SecurityException when the caller is not the owner of the session.

         * @throws IllegalStateException when the caller tries to change access for a blob which is

         *                               already committed.

         */

        public void allowPackagesWithLocationPermission(@NonNull String permissionName)

                throws IOException {

            try {

                mSession.allowPackagesWithLocationPermission(permissionName);

            } catch (ParcelableException e) {

                e.maybeRethrow(IOException.class);

                throw new RuntimeException(e);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        /**

         * Returns {@code true} if access has been allowed for apps with location permission by

         * using {@link #allowPackagesWithLocationPermission(String)}.

         *

         * @param permissionName the name of the location permission that needs to be granted

         *                       for the app. This can be either one of

         *                       {@link android.Manifest.permission#ACCESS_FINE_LOCATION} or

         *                       {@link android.Manifest.permission#ACCESS_COARSE_LOCATION}.

         *

         * @throws IOException when there is an I/O error while getting the access type.

         * @throws IllegalStateException when the caller tries to get access type from a session

         *                               which is closed or abandoned.

         */

        public boolean arePackagesWithLocationPermissionAllowed(@NonNull String permissionName)

                throws IOException {

            try {

                return mSession.arePackagesWithLocationPermissionAllowed(permissionName);

            } catch (ParcelableException e) {

                e.maybeRethrow(IOException.class);

                throw new RuntimeException(e);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        /**

        /**

         * Commit the file that was written so far to this session to the blob store maintained by

         * Commit the file that was written so far to this session to the blob store maintained by

         * the system.

         * the system.

interface IBlobStoreManager {

interface IBlobStoreManager {

    long createSession(in BlobHandle handle, in String packageName);

    long createSession(in BlobHandle handle, in String packageName);

    IBlobStoreSession openSession(long sessionId, in String packageName);

    IBlobStoreSession openSession(long sessionId, in String packageName);

    ParcelFileDescriptor openBlob(in BlobHandle handle, in String packageName,

    ParcelFileDescriptor openBlob(in BlobHandle handle, in String packageName);

           in String attributionTag);

    void abandonSession(long sessionId, in String packageName);

    void abandonSession(long sessionId, in String packageName);

    void acquireLease(in BlobHandle handle, int descriptionResId, in CharSequence description,

    void acquireLease(in BlobHandle handle, int descriptionResId, in CharSequence description,

            long leaseTimeoutMillis, in String packageName, in String attributionTag);

            long leaseTimeoutMillis, in String packageName);

    void releaseLease(in BlobHandle handle, in String packageName, in String attributionTag);

    void releaseLease(in BlobHandle handle, in String packageName);

    long getRemainingLeaseQuotaBytes(String packageName);

    long getRemainingLeaseQuotaBytes(String packageName);

    void waitForIdle(in RemoteCallback callback);

    void waitForIdle(in RemoteCallback callback);

    void deleteBlob(long blobId);

    void deleteBlob(long blobId);

    List<BlobHandle> getLeasedBlobs(in String packageName);

    List<BlobHandle> getLeasedBlobs(in String packageName);

    LeaseInfo getLeaseInfo(in BlobHandle blobHandle, in String packageName,

    LeaseInfo getLeaseInfo(in BlobHandle blobHandle, in String packageName);

            in String attributionTag);

}

}

 No newline at end of file

    void allowPackageAccess(in String packageName, in byte[] certificate);

    void allowPackageAccess(in String packageName, in byte[] certificate);

    void allowSameSignatureAccess();

    void allowSameSignatureAccess();

    void allowPublicAccess();

    void allowPublicAccess();

    void allowPackagesWithLocationPermission(in String permissionName);

    boolean isPackageAccessAllowed(in String packageName, in byte[] certificate);

    boolean isPackageAccessAllowed(in String packageName, in byte[] certificate);

    boolean isSameSignatureAccessAllowed();

    boolean isSameSignatureAccessAllowed();

    boolean isPublicAccessAllowed();

    boolean isPublicAccessAllowed();

    boolean arePackagesWithLocationPermissionAllowed(in String permissionName);

    long getSize();

    long getSize();

    void close();

    void close();

    public static final String ATTR_TYPE = "t";

    public static final String ATTR_TYPE = "t";

    public static final String TAG_ALLOWED_PACKAGE = "wl";

    public static final String TAG_ALLOWED_PACKAGE = "wl";

    public static final String ATTR_CERTIFICATE = "ct";

    public static final String ATTR_CERTIFICATE = "ct";

    public static final String TAG_ALLOWED_PERMISSION = "ap";

    // For BlobHandle

    // For BlobHandle

    public static final String TAG_BLOB_HANDLE = "bh";

    public static final String TAG_BLOB_HANDLE = "bh";

    public static final String TAG_LEASEE = "l";

    public static final String TAG_LEASEE = "l";

    public static final String ATTR_DESCRIPTION_RES_NAME = "rn";

    public static final String ATTR_DESCRIPTION_RES_NAME = "rn";

    public static final String ATTR_DESCRIPTION = "d";

    public static final String ATTR_DESCRIPTION = "d";

    // Generic

    public static final String ATTR_VALUE = "val";

}

}

 */

 */

package com.android.server.blob;

package com.android.server.blob;

import static android.Manifest.permission.ACCESS_COARSE_LOCATION;

import static android.Manifest.permission.ACCESS_FINE_LOCATION;

import static android.app.blob.XmlTags.ATTR_CERTIFICATE;

import static android.app.blob.XmlTags.ATTR_CERTIFICATE;

import static android.app.blob.XmlTags.ATTR_PACKAGE;

import static android.app.blob.XmlTags.ATTR_PACKAGE;

import static android.app.blob.XmlTags.ATTR_TYPE;

import static android.app.blob.XmlTags.ATTR_TYPE;

import static android.app.blob.XmlTags.ATTR_VALUE;

import static android.app.blob.XmlTags.TAG_ALLOWED_PACKAGE;

import static android.app.blob.XmlTags.TAG_ALLOWED_PACKAGE;

import static android.app.blob.XmlTags.TAG_ALLOWED_PERMISSION;

import static com.android.server.blob.BlobStoreConfig.TAG;

import android.annotation.IntDef;

import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.app.AppOpsManager;

import android.content.Context;

import android.content.Context;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager;

import android.os.UserHandle;

import android.permission.PermissionManager;

import android.util.ArraySet;

import android.util.ArraySet;

import android.util.Base64;

import android.util.Base64;

import android.util.DebugUtils;

import android.util.DebugUtils;

import android.util.IndentingPrintWriter;

import android.util.IndentingPrintWriter;

import android.util.Slog;

import com.android.internal.util.XmlUtils;

import com.android.internal.util.XmlUtils;

            ACCESS_TYPE_PUBLIC,

            ACCESS_TYPE_PUBLIC,

            ACCESS_TYPE_SAME_SIGNATURE,

            ACCESS_TYPE_SAME_SIGNATURE,

            ACCESS_TYPE_ALLOWLIST,

            ACCESS_TYPE_ALLOWLIST,

            ACCESS_TYPE_LOCATION_PERMISSION,

    })

    })

    @interface AccessType {}

    @interface AccessType {}

    public static final int ACCESS_TYPE_PRIVATE = 1 << 0;

    public static final int ACCESS_TYPE_PRIVATE = 1 << 0;

    public static final int ACCESS_TYPE_PUBLIC = 1 << 1;

    public static final int ACCESS_TYPE_PUBLIC = 1 << 1;

    public static final int ACCESS_TYPE_SAME_SIGNATURE = 1 << 2;

    public static final int ACCESS_TYPE_SAME_SIGNATURE = 1 << 2;

    public static final int ACCESS_TYPE_ALLOWLIST = 1 << 3;

    public static final int ACCESS_TYPE_ALLOWLIST = 1 << 3;

    public static final int ACCESS_TYPE_LOCATION_PERMISSION = 1 << 4;

    private int mAccessType = ACCESS_TYPE_PRIVATE;

    private int mAccessType = ACCESS_TYPE_PRIVATE;

    private final ArraySet<PackageIdentifier> mAllowedPackages = new ArraySet<>();

    private final ArraySet<PackageIdentifier> mAllowedPackages = new ArraySet<>();

    private final ArraySet<String> mAllowedPermissions = new ArraySet<>();

    void allow(BlobAccessMode other) {

    void allow(BlobAccessMode other) {

        if ((other.mAccessType & ACCESS_TYPE_ALLOWLIST) != 0) {

        if ((other.mAccessType & ACCESS_TYPE_ALLOWLIST) != 0) {

            mAllowedPackages.addAll(other.mAllowedPackages);

            mAllowedPackages.addAll(other.mAllowedPackages);

        }

        }

        if ((other.mAccessType & ACCESS_TYPE_LOCATION_PERMISSION) != 0) {

            mAllowedPermissions.addAll(other.mAllowedPermissions);

        }

        mAccessType |= other.mAccessType;

        mAccessType |= other.mAccessType;

    }

    }

        mAllowedPackages.add(PackageIdentifier.create(packageName, certificate));

        mAllowedPackages.add(PackageIdentifier.create(packageName, certificate));

    }

    }

    void allowPackagesWithLocationPermission(@NonNull String permissionName) {

        mAccessType |= ACCESS_TYPE_LOCATION_PERMISSION;

        mAllowedPermissions.add(permissionName);

    }

    boolean isPublicAccessAllowed() {

    boolean isPublicAccessAllowed() {

        return (mAccessType & ACCESS_TYPE_PUBLIC) != 0;

        return (mAccessType & ACCESS_TYPE_PUBLIC) != 0;

    }

    }

        return mAllowedPackages.contains(PackageIdentifier.create(packageName, certificate));

        return mAllowedPackages.contains(PackageIdentifier.create(packageName, certificate));

    }

    }

    boolean arePackagesWithLocationPermissionAllowed(@NonNull String permissionName) {

    boolean isAccessAllowedForCaller(Context context,

        if ((mAccessType & ACCESS_TYPE_LOCATION_PERMISSION) == 0) {

            @NonNull String callingPackage, @NonNull String committerPackage) {

            return false;

        }

        return mAllowedPermissions.contains(permissionName);

    }

    boolean isAccessAllowedForCaller(Context context, @NonNull String callingPackage,

            @NonNull String committerPackage, int callingUid, @Nullable String attributionTag) {

        if ((mAccessType & ACCESS_TYPE_PUBLIC) != 0) {

        if ((mAccessType & ACCESS_TYPE_PUBLIC) != 0) {

            return true;

            return true;

        }

        }

            }

            }

        }

        }

        if ((mAccessType & ACCESS_TYPE_LOCATION_PERMISSION) != 0) {

            final AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);

            for (int i = 0; i < mAllowedPermissions.size(); ++i) {

                final String permission = mAllowedPermissions.valueAt(i);

                if (PermissionManager.checkPackageNamePermission(permission, callingPackage,

                        UserHandle.getUserId(callingUid)) != PackageManager.PERMISSION_GRANTED) {

                    continue;

                }

                // TODO: Add appropriate message

                if (appOpsManager.noteOpNoThrow(getAppOp(permission), callingUid, callingPackage,

                        attributionTag, null /* message */) == AppOpsManager.MODE_ALLOWED) {

                    return true;

                }

            }

        }

        return false;

        return false;

    }

    }

    private static String getAppOp(String permission) {

        switch (permission) {

            case ACCESS_FINE_LOCATION:

                return AppOpsManager.OPSTR_FINE_LOCATION;

            case ACCESS_COARSE_LOCATION:

                return AppOpsManager.OPSTR_COARSE_LOCATION;

            default:

                Slog.w(TAG, "Unknown permission found: " + permission);

                return null;

        }

    }

    int getAccessType() {

    int getAccessType() {

        return mAccessType;

        return mAccessType;

    }

    }

            }

            }

            fout.decreaseIndent();

            fout.decreaseIndent();

        }

        }

        fout.print("Allowed permissions:");

        if (mAllowedPermissions.isEmpty()) {

            fout.println(" (Empty)");

        } else {

            fout.increaseIndent();

            for (int i = 0, count = mAllowedPermissions.size(); i < count; ++i) {

                fout.println(mAllowedPermissions.valueAt(i).toString());

            }

            fout.decreaseIndent();

        }

    }

    }

    void writeToXml(@NonNull XmlSerializer out) throws IOException {

    void writeToXml(@NonNull XmlSerializer out) throws IOException {

            XmlUtils.writeByteArrayAttribute(out, ATTR_CERTIFICATE, packageIdentifier.certificate);

            XmlUtils.writeByteArrayAttribute(out, ATTR_CERTIFICATE, packageIdentifier.certificate);

            out.endTag(null, TAG_ALLOWED_PACKAGE);

            out.endTag(null, TAG_ALLOWED_PACKAGE);

        }

        }

        for (int i = 0, count = mAllowedPermissions.size(); i < count; ++i) {

            out.startTag(null, TAG_ALLOWED_PERMISSION);

            final String permission = mAllowedPermissions.valueAt(i);

            XmlUtils.writeStringAttribute(out, ATTR_VALUE, permission);

            out.endTag(null, TAG_ALLOWED_PERMISSION);

        }

    }

    }

    @NonNull

    @NonNull

                final byte[] certificate = XmlUtils.readByteArrayAttribute(in, ATTR_CERTIFICATE);

                final byte[] certificate = XmlUtils.readByteArrayAttribute(in, ATTR_CERTIFICATE);

                blobAccessMode.allowPackageAccess(packageName, certificate);

                blobAccessMode.allowPackageAccess(packageName, certificate);

            }

            }

            if (TAG_ALLOWED_PERMISSION.equals(in.getName())) {

                final String permission = XmlUtils.readStringAttribute(in, ATTR_VALUE);

                blobAccessMode.allowPackagesWithLocationPermission(permission);

            }

        }

        }

        return blobAccessMode;

        return blobAccessMode;

    }

    }