Merge "Support ADB command for denying client auth" into sc-dev am: ad09e265

        }

    }

    /* package */ String getPackageName() {

        return mPackage;

    }

    /**

     * Used to override the attribution tag with a newer value if a PendingIntent broker is

     * retrieved.

     */

    private void updateNanoAppAuthState(

            long nanoAppId, boolean hasPermissions, boolean gracePeriodExpired) {

        updateNanoAppAuthState(

                nanoAppId, hasPermissions, gracePeriodExpired, false /* forceDenied */);

    }

    /* package */ void updateNanoAppAuthState(

            long nanoAppId, boolean hasPermissions, boolean gracePeriodExpired,

            boolean forceDenied) {

        int curAuthState;

        int newAuthState;

        synchronized (mMessageChannelNanoappIdMap) {

            // GRANTED -> DENIED_GRACE_PERIOD only if permissions have been lost

            // DENIED_GRACE_PERIOD -> DENIED only if the grace period expires

            // DENIED/DENIED_GRACE_PERIOD -> GRANTED only if permissions are granted again

            if (gracePeriodExpired) {

            // any state -> DENIED if "forceDenied" is true

            if (forceDenied) {

                newAuthState = AUTHORIZATION_DENIED;

            } else if (gracePeriodExpired) {

                if (curAuthState == AUTHORIZATION_DENIED_GRACE_PERIOD) {

                    newAuthState = AUTHORIZATION_DENIED;

                }

                }

            }

            if (newAuthState == AUTHORIZATION_GRANTED) {

            if (newAuthState != AUTHORIZATION_DENIED_GRACE_PERIOD) {

                AuthStateDenialTimer timer = mNappToAuthTimerMap.remove(nanoAppId);

                if (timer != null) {

                    timer.cancel();

                }

            } else if (curAuthState == AUTHORIZATION_GRANTED

                    && newAuthState == AUTHORIZATION_DENIED_GRACE_PERIOD) {

            } else if (curAuthState == AUTHORIZATION_GRANTED) {

                AuthStateDenialTimer timer =

                        new AuthStateDenialTimer(this, nanoAppId, Looper.getMainLooper());

                mNappToAuthTimerMap.put(nanoAppId, timer);

        forEachClientOfHub(contextHubId, client -> client.onNanoAppAborted(nanoAppId, abortCode));

    }

    /**

     * Runs a command for each client that is attached to a hub with the given ID.

     *

     * @param contextHubId the ID of the hub

     * @param callback     the command to invoke for the client

     */

    /* package */ void forEachClientOfHub(

            int contextHubId, Consumer<ContextHubClientBroker> callback) {

        for (ContextHubClientBroker broker : mHostEndPointIdToClientMap.values()) {

            if (broker.getAttachedContextHubId() == contextHubId) {

                callback.accept(broker);

            }

        }

    }

    /**

     * Returns an available host endpoint ID.

     *

                        message, nanoappPermissions, messagePermissions));

    }

    /**

     * Runs a command for each client that is attached to a hub with the given ID.

     *

     * @param contextHubId the ID of the hub

     * @param callback     the command to invoke for the client

     */

    private void forEachClientOfHub(int contextHubId, Consumer<ContextHubClientBroker> callback) {

        for (ContextHubClientBroker broker : mHostEndPointIdToClientMap.values()) {

            if (broker.getAttachedContextHubId() == contextHubId) {

                callback.accept(broker);

            }

        }

    }

    /**

     * Retrieves a ContextHubClientBroker object with a matching PendingIntent and Context Hub ID.

     *

import android.os.Binder;

import android.os.RemoteCallbackList;

import android.os.RemoteException;

import android.os.ResultReceiver;

import android.os.ShellCallback;

import android.os.UserHandle;

import android.provider.Settings;

import android.util.Log;

        return wrapper;

    }

    @Override

    public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,

            String[] args, ShellCallback callback, ResultReceiver result) {

        new ContextHubShellCommand(mContext, this).exec(this, in, out, err, args, callback, result);

    }

    @Override

    public int registerCallback(IContextHubCallback callback) throws RemoteException {

        checkPermissions();

        // dump eventLog

    }

    /* package */ void denyClientAuthState(int contextHubId, String packageName, long nanoAppId) {

        mClientManager.forEachClientOfHub(contextHubId, client -> {

            if (client.getPackageName().equals(packageName)) {

                client.updateNanoAppAuthState(

                        nanoAppId, false /* hasPermissions */, false /* gracePeriodExpired */,

                        true /* forceDenied */);

            }

        });

    }

    private void dump(ProtoOutputStream proto) {

        mContextHubIdToInfoMap.values().forEach(hubInfo -> {

            long token = proto.start(ContextHubServiceProto.CONTEXT_HUB_INFO);

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.location.contexthub;

import android.content.Context;

import android.os.ShellCommand;

import java.io.PrintWriter;

/**

 * ShellCommands for ContextHubService.

 *

 * Use with {@code adb shell cmd contexthub ...}.

 *

 * @hide

 */

public class ContextHubShellCommand extends ShellCommand {

    // Internal service impl -- must perform security checks before touching.

    private final ContextHubService mInternal;

    public ContextHubShellCommand(Context context, ContextHubService service) {

        mInternal = service;

        context.enforceCallingOrSelfPermission(

                android.Manifest.permission.ACCESS_CONTEXT_HUB, "ContextHubShellCommand");

    }

    @Override

    public int onCommand(String cmd) {

        if ("deny".equals(cmd)) {

            return runDisableAuth();

        }

        return handleDefaultCommands(cmd);

    }

    private int runDisableAuth() {

        int contextHubId = Integer.decode(getNextArgRequired());

        String packageName = getNextArgRequired();

        long nanoAppId = Long.decode(getNextArgRequired());

        mInternal.denyClientAuthState(contextHubId, packageName, nanoAppId);

        return 0;

    }

    @Override

    public void onHelp() {

        PrintWriter pw = getOutPrintWriter();

        pw.println("ContextHub commands:");

        pw.println("  help");

        pw.println("      Print this help text.");

        pw.println("  deny [contextHubId] [packageName] [nanoAppId]");

        pw.println("    Immediately transitions the package's authentication state to denied so");

        pw.println("    can no longer communciate with the nanoapp.");

    }

}