Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d65313a authored by Sarup Dalwani's avatar Sarup Dalwani
Browse files

Moving permission and flag changes out of root identity for AppCloning 

IntentRedirection

Earlier the permission was being checked with system server's pid and
uid as we were clearing binder identity for finding the values of
AppCloningBuildingBlocks flag. Because of this the check was moot,
moving the check out, so that it uses callers pd and uid.

Bug: 281738146
Test: atest com.android.cts.appcloning.IntentRedirectionTest
Change-Id: I62642d2c7cd76912ae800b02688cdc91d1a78214
parent 283a7000

data/etc/privapp-permissions-platform.xml

+2 −0
Original line number Diff line number Diff line
@@ -525,6 +525,8 @@ applications that come with the platform 
        <permission name="android.permission.USE_ATTESTATION_VERIFICATION_SERVICE" />

        <!-- Permission required for GTS test - GtsCredentialsTestCases -->

        <permission name="android.permission.LAUNCH_CREDENTIAL_SELECTOR"/>

        <!-- Permission required for CTS test IntentRedirectionTest -->

        <permission name="android.permission.QUERY_CLONED_APPS"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.statementservice">

packages/Shell/AndroidManifest.xml

+2 −0
Original line number Diff line number Diff line
@@ -837,6 +837,8 @@ 
    <uses-permission android:name="android.permission.USE_ATTESTATION_VERIFICATION_SERVICE" />

    <!-- Permission required for GTS test - GtsCredentialsTestCases -->

    <uses-permission android:name="android.permission.LAUNCH_CREDENTIAL_SELECTOR" />

    <!-- Permission required for CTS test IntentRedirectionTest -->

    <uses-permission android:name="android.permission.QUERY_CLONED_APPS" />



    <application

        android:label="@string/app_label"

services/core/java/com/android/server/pm/NoFilteringResolver.java

+15 −7
Original line number Diff line number Diff line
@@ -60,15 +60,9 @@ public class NoFilteringResolver extends CrossProfileResolver { 
    public static boolean isIntentRedirectionAllowed(Context context,

            AppCloningDeviceConfigHelper appCloningDeviceConfigHelper, boolean resolveForStart,

            long flags) {

        final long token = Binder.clearCallingIdentity();

        try {

            return  context.getResources().getBoolean(R.bool.config_enableAppCloningBuildingBlocks)

                    && appCloningDeviceConfigHelper.getEnableAppCloningBuildingBlocks()

        return isAppCloningBuildingBlocksEnabled(context, appCloningDeviceConfigHelper)

                    && (resolveForStart || (((flags & PackageManager.MATCH_CLONE_PROFILE) != 0)

                    && hasPermission(context, Manifest.permission.QUERY_CLONED_APPS)));

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }



    public NoFilteringResolver(ComponentResolverApi componentResolver,
@@ -146,4 +140,18 @@ public class NoFilteringResolver extends CrossProfileResolver { 
        return context.checkCallingOrSelfPermission(permission)

                == PackageManager.PERMISSION_GRANTED;

    }



    /**

     * Checks if the AppCloningBuildingBlocks flag is enabled.

     */

    private static boolean isAppCloningBuildingBlocksEnabled(Context context,

            AppCloningDeviceConfigHelper appCloningDeviceConfigHelper) {

        final long token = Binder.clearCallingIdentity();

        try {

            return context.getResources().getBoolean(R.bool.config_enableAppCloningBuildingBlocks)

                    && appCloningDeviceConfigHelper.getEnableAppCloningBuildingBlocks();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }

}