Loading services/core/java/com/android/server/policy/PermissionPolicyInternal.java 0 → 100644 +38 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.policy; import android.annotation.NonNull; import android.content.Intent; /** * Internal calls into {@link PermissionPolicyService}. */ public abstract class PermissionPolicyInternal { /** * Check whether an activity should be started. * * @param intent the {@link Intent} for the activity start * @param callingUid the calling uid starting the activity * @param callingPackage the calling package starting the activity * * @return whether the activity should be started */ public abstract boolean checkStartActivity(@NonNull Intent intent, int callingUid, @NonNull String callingPackage); } services/core/java/com/android/server/policy/PermissionPolicyService.java +49 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,8 @@ import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.AppOpsManager; import android.content.Context; import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; Loading @@ -37,6 +39,8 @@ import android.os.Process; import android.os.UserHandle; import android.permission.PermissionControllerManager; import android.permission.PermissionManagerInternal; import android.provider.Telephony; import android.telecom.TelecomManager; import android.util.Slog; import android.util.SparseIntArray; Loading @@ -59,6 +63,8 @@ public final class PermissionPolicyService extends SystemService { public PermissionPolicyService(@NonNull Context context) { super(context); LocalServices.addService(PermissionPolicyInternal.class, new Internal()); } @Override Loading Loading @@ -469,4 +475,47 @@ public final class PermissionPolicyService extends SystemService { } } } private class Internal extends PermissionPolicyInternal { @Override public boolean checkStartActivity(@NonNull Intent intent, int callingUid, @NonNull String callingPackage) { if (isActionRemovedForCallingPackage(intent.getAction(), callingPackage)) { Slog.w(LOG_TAG, "Action Removed: starting " + intent.toString() + " from " + callingPackage + " (uid=" + callingUid + ")"); return false; } return true; } /** * Check if the intent action is removed for the calling package (often based on target SDK * version). If the action is removed, we'll silently cancel the activity launch. */ private boolean isActionRemovedForCallingPackage(@Nullable String action, @NonNull String callingPackage) { if (action == null) { return false; } switch (action) { case TelecomManager.ACTION_CHANGE_DEFAULT_DIALER: case Telephony.Sms.Intents.ACTION_CHANGE_DEFAULT: { ApplicationInfo applicationInfo; try { applicationInfo = getContext().getPackageManager().getApplicationInfo( callingPackage, 0); } catch (PackageManager.NameNotFoundException e) { Slog.i(LOG_TAG, "Cannot find application info for " + callingPackage); return false; } // Applications targeting Q should use RoleManager.createRequestRoleIntent() // instead. return applicationInfo.targetSdkVersion >= Build.VERSION_CODES.Q; } default: return false; } } } } services/core/java/com/android/server/wm/ActivityStarter.java +2 −0 Original line number Diff line number Diff line Loading @@ -765,6 +765,8 @@ class ActivityStarter { inTask != null, callerApp, resultRecord, resultStack); abort |= !mService.mIntentFirewall.checkStartActivity(intent, callingUid, callingPid, resolvedType, aInfo.applicationInfo); abort |= !mService.getPermissionPolicyInternal().checkStartActivity(intent, callingUid, callingPackage); boolean restrictedBgActivity = false; if (!abort) { Loading services/core/java/com/android/server/wm/ActivityTaskManagerService.java +9 −0 Original line number Diff line number Diff line Loading @@ -265,6 +265,7 @@ import com.android.server.am.UserState; import com.android.server.appop.AppOpsService; import com.android.server.firewall.IntentFirewall; import com.android.server.pm.UserManagerService; import com.android.server.policy.PermissionPolicyInternal; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.vr.VrManagerInternal; Loading Loading @@ -347,6 +348,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { ActivityManagerInternal mAmInternal; UriGrantsManagerInternal mUgmInternal; private PackageManagerInternal mPmInternal; private PermissionPolicyInternal mPermissionPolicyInternal; @VisibleForTesting final ActivityTaskManagerInternal mInternal; PowerManagerInternal mPowerManagerInternal; Loading Loading @@ -5825,6 +5827,13 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return mPmInternal; } PermissionPolicyInternal getPermissionPolicyInternal() { if (mPermissionPolicyInternal == null) { mPermissionPolicyInternal = LocalServices.getService(PermissionPolicyInternal.class); } return mPermissionPolicyInternal; } AppWarnings getAppWarningsLocked() { return mAppWarnings; } Loading services/tests/wmtests/src/com/android/server/wm/ActivityTestsBase.java +12 −0 Original line number Diff line number Diff line Loading @@ -72,6 +72,7 @@ import com.android.server.am.ActivityManagerService; import com.android.server.am.PendingIntentController; import com.android.server.appop.AppOpsService; import com.android.server.firewall.IntentFirewall; import com.android.server.policy.PermissionPolicyInternal; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.wm.TaskRecord.TaskRecordFactory; import com.android.server.wm.utils.MockTracker; Loading Loading @@ -426,6 +427,7 @@ class ActivityTestsBase { protected class TestActivityTaskManagerService extends ActivityTaskManagerService { private PackageManagerInternal mPmInternal; private PermissionPolicyInternal mPermissionPolicyInternal; // ActivityStackSupervisor may be created more than once while setting up AMS and ATMS. // We keep the reference in order to prevent creating it twice. Loading Loading @@ -541,6 +543,16 @@ class ActivityTestsBase { } return mPmInternal; } @Override PermissionPolicyInternal getPermissionPolicyInternal() { if (mPermissionPolicyInternal == null) { mPermissionPolicyInternal = mock(PermissionPolicyInternal.class); doReturn(true).when(mPermissionPolicyInternal).checkStartActivity(any(), anyInt(), any()); } return mPermissionPolicyInternal; } } private static class TestInjector extends ActivityManagerService.Injector { Loading Loading
services/core/java/com/android/server/policy/PermissionPolicyInternal.java 0 → 100644 +38 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.policy; import android.annotation.NonNull; import android.content.Intent; /** * Internal calls into {@link PermissionPolicyService}. */ public abstract class PermissionPolicyInternal { /** * Check whether an activity should be started. * * @param intent the {@link Intent} for the activity start * @param callingUid the calling uid starting the activity * @param callingPackage the calling package starting the activity * * @return whether the activity should be started */ public abstract boolean checkStartActivity(@NonNull Intent intent, int callingUid, @NonNull String callingPackage); }
services/core/java/com/android/server/policy/PermissionPolicyService.java +49 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,8 @@ import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.AppOpsManager; import android.content.Context; import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; Loading @@ -37,6 +39,8 @@ import android.os.Process; import android.os.UserHandle; import android.permission.PermissionControllerManager; import android.permission.PermissionManagerInternal; import android.provider.Telephony; import android.telecom.TelecomManager; import android.util.Slog; import android.util.SparseIntArray; Loading @@ -59,6 +63,8 @@ public final class PermissionPolicyService extends SystemService { public PermissionPolicyService(@NonNull Context context) { super(context); LocalServices.addService(PermissionPolicyInternal.class, new Internal()); } @Override Loading Loading @@ -469,4 +475,47 @@ public final class PermissionPolicyService extends SystemService { } } } private class Internal extends PermissionPolicyInternal { @Override public boolean checkStartActivity(@NonNull Intent intent, int callingUid, @NonNull String callingPackage) { if (isActionRemovedForCallingPackage(intent.getAction(), callingPackage)) { Slog.w(LOG_TAG, "Action Removed: starting " + intent.toString() + " from " + callingPackage + " (uid=" + callingUid + ")"); return false; } return true; } /** * Check if the intent action is removed for the calling package (often based on target SDK * version). If the action is removed, we'll silently cancel the activity launch. */ private boolean isActionRemovedForCallingPackage(@Nullable String action, @NonNull String callingPackage) { if (action == null) { return false; } switch (action) { case TelecomManager.ACTION_CHANGE_DEFAULT_DIALER: case Telephony.Sms.Intents.ACTION_CHANGE_DEFAULT: { ApplicationInfo applicationInfo; try { applicationInfo = getContext().getPackageManager().getApplicationInfo( callingPackage, 0); } catch (PackageManager.NameNotFoundException e) { Slog.i(LOG_TAG, "Cannot find application info for " + callingPackage); return false; } // Applications targeting Q should use RoleManager.createRequestRoleIntent() // instead. return applicationInfo.targetSdkVersion >= Build.VERSION_CODES.Q; } default: return false; } } } }
services/core/java/com/android/server/wm/ActivityStarter.java +2 −0 Original line number Diff line number Diff line Loading @@ -765,6 +765,8 @@ class ActivityStarter { inTask != null, callerApp, resultRecord, resultStack); abort |= !mService.mIntentFirewall.checkStartActivity(intent, callingUid, callingPid, resolvedType, aInfo.applicationInfo); abort |= !mService.getPermissionPolicyInternal().checkStartActivity(intent, callingUid, callingPackage); boolean restrictedBgActivity = false; if (!abort) { Loading
services/core/java/com/android/server/wm/ActivityTaskManagerService.java +9 −0 Original line number Diff line number Diff line Loading @@ -265,6 +265,7 @@ import com.android.server.am.UserState; import com.android.server.appop.AppOpsService; import com.android.server.firewall.IntentFirewall; import com.android.server.pm.UserManagerService; import com.android.server.policy.PermissionPolicyInternal; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.vr.VrManagerInternal; Loading Loading @@ -347,6 +348,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { ActivityManagerInternal mAmInternal; UriGrantsManagerInternal mUgmInternal; private PackageManagerInternal mPmInternal; private PermissionPolicyInternal mPermissionPolicyInternal; @VisibleForTesting final ActivityTaskManagerInternal mInternal; PowerManagerInternal mPowerManagerInternal; Loading Loading @@ -5825,6 +5827,13 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return mPmInternal; } PermissionPolicyInternal getPermissionPolicyInternal() { if (mPermissionPolicyInternal == null) { mPermissionPolicyInternal = LocalServices.getService(PermissionPolicyInternal.class); } return mPermissionPolicyInternal; } AppWarnings getAppWarningsLocked() { return mAppWarnings; } Loading
services/tests/wmtests/src/com/android/server/wm/ActivityTestsBase.java +12 −0 Original line number Diff line number Diff line Loading @@ -72,6 +72,7 @@ import com.android.server.am.ActivityManagerService; import com.android.server.am.PendingIntentController; import com.android.server.appop.AppOpsService; import com.android.server.firewall.IntentFirewall; import com.android.server.policy.PermissionPolicyInternal; import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.wm.TaskRecord.TaskRecordFactory; import com.android.server.wm.utils.MockTracker; Loading Loading @@ -426,6 +427,7 @@ class ActivityTestsBase { protected class TestActivityTaskManagerService extends ActivityTaskManagerService { private PackageManagerInternal mPmInternal; private PermissionPolicyInternal mPermissionPolicyInternal; // ActivityStackSupervisor may be created more than once while setting up AMS and ATMS. // We keep the reference in order to prevent creating it twice. Loading Loading @@ -541,6 +543,16 @@ class ActivityTestsBase { } return mPmInternal; } @Override PermissionPolicyInternal getPermissionPolicyInternal() { if (mPermissionPolicyInternal == null) { mPermissionPolicyInternal = mock(PermissionPolicyInternal.class); doReturn(true).when(mPermissionPolicyInternal).checkStartActivity(any(), anyInt(), any()); } return mPermissionPolicyInternal; } } private static class TestInjector extends ActivityManagerService.Injector { Loading
