Merge "Limit permission MANAGE_MEDIA_PROJECTION to the SystemUI role" into main (4a196b2f) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -203,6 +203,7 @@ package android {
		field public static final String MANAGE_HOTWORD_DETECTION = "android.permission.MANAGE_HOTWORD_DETECTION";
		field public static final String MANAGE_IPSEC_TUNNELS = "android.permission.MANAGE_IPSEC_TUNNELS";
		field public static final String MANAGE_LOW_POWER_STANDBY = "android.permission.MANAGE_LOW_POWER_STANDBY";
		field @FlaggedApi("com.android.media.flags.limit_manage_media_projection") public static final String MANAGE_MEDIA_PROJECTION = "android.permission.MANAGE_MEDIA_PROJECTION";
		field public static final String MANAGE_MUSIC_RECOGNITION = "android.permission.MANAGE_MUSIC_RECOGNITION";
		field public static final String MANAGE_NOTIFICATION_LISTENERS = "android.permission.MANAGE_NOTIFICATION_LISTENERS";
		field public static final String MANAGE_ONE_TIME_PERMISSION_SESSIONS = "android.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS";

core/res/AndroidManifest.xml

+5 −2

Original line number	Diff line number	Diff line
		@@ -6883,10 +6883,13 @@
		<permission android:name="android.permission.ACCESS_DRM_CERTIFICATES"
		android:protectionLevel="signature\|privileged" />

		<!-- Api Allows an application to manage media projection sessions.
		<!-- Allows an application to manage media projection sessions, by showing the permission dialog
		to the user and creating a new token for each capture session.
		@FlaggedApi("com.android.media.flags.limit_manage_media_projection")
		@SystemApi Only granted to apps holding role SYSTEM_UI.
		@hide This is not a third-party API (intended for system apps). -->
		<permission android:name="android.permission.MANAGE_MEDIA_PROJECTION"
		android:protectionLevel="signature" />
		android:protectionLevel="internal\|role" />

		<!-- @SystemApi Allows an application to read install sessions
		@hide This is not a third-party API (intended for system apps). -->

services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java

+31 −2

Original line number	Diff line number	Diff line
		@@ -550,8 +550,8 @@ public final class MediaProjectionManagerService extends SystemService
		break;
		case RECORD_CONTENT_TASK:
		IBinder taskWindowContainerToken =
		mProjectionGrant.getLaunchCookie() == null ? null
		: mProjectionGrant.getLaunchCookie().binder;
		mProjectionGrant.getLaunchCookieInternal() == null ? null
		: mProjectionGrant.getLaunchCookieInternal().binder;
		setReviewedConsentSessionLocked(
		ContentRecordingSession.createTaskSession(taskWindowContainerToken));
		break;
		@@ -603,6 +603,17 @@ public final class MediaProjectionManagerService extends SystemService
		return projection;
		}

		/**
		* Test API mirroring the types in the aidl interface for access outside the projection
		* package.
		*/
		@VisibleForTesting
		public IMediaProjection createProjectionInternal(int processUid, String packageName, int type,
		boolean isPermanentGrant) {
		return createProjectionInternal(processUid, packageName, type, isPermanentGrant,
		Binder.getCallingUserHandle());
		}

		// TODO(b/261563516): Remove internal method and test aidl directly, here and elsewhere.
		@VisibleForTesting
		MediaProjection getProjectionInternal(int uid, String packageName) {
		@@ -1192,6 +1203,10 @@ public final class MediaProjectionManagerService extends SystemService
		@Override // Binder call
		public void setLaunchCookie(LaunchCookie launchCookie) {
		setLaunchCookie_enforcePermission();
		setLaunchCookieInternal(launchCookie);
		}

		@VisibleForTesting void setLaunchCookieInternal(LaunchCookie launchCookie) {
		mLaunchCookie = launchCookie;
		}

		@@ -1199,6 +1214,10 @@ public final class MediaProjectionManagerService extends SystemService
		@Override // Binder call
		public LaunchCookie getLaunchCookie() {
		getLaunchCookie_enforcePermission();
		return getLaunchCookieInternal();
		}

		@VisibleForTesting LaunchCookie getLaunchCookieInternal() {
		return mLaunchCookie;
		}

		@@ -1206,6 +1225,11 @@ public final class MediaProjectionManagerService extends SystemService
		@Override
		public boolean isValid() {
		isValid_enforcePermission();
		return isValidInternal();
		}

		@VisibleForTesting
		boolean isValidInternal() {
		synchronized (mLock) {
		final long curMs = mClock.uptimeMillis();
		final boolean hasTimedOut = curMs - mCreateTimeMs > mTimeoutMs;
		@@ -1236,6 +1260,11 @@ public final class MediaProjectionManagerService extends SystemService
		@Override
		public void notifyVirtualDisplayCreated(int displayId) {
		notifyVirtualDisplayCreated_enforcePermission();
		notifyVirtualDisplayCreatedInternal(displayId);
		}

		@VisibleForTesting
		void notifyVirtualDisplayCreatedInternal(int displayId) {
		synchronized (mLock) {
		mVirtualDisplayId = displayId;

services/core/java/com/android/server/wm/DisplayContent.java

+8 −0

Original line number	Diff line number	Diff line
		@@ -6783,6 +6783,14 @@ class DisplayContent extends RootDisplayArea implements WindowManagerPolicy.Disp
		return mSandboxDisplayApis;
		}

		/**
		* For testing only; inject a ContentRecorder instance.
		*/
		@VisibleForTesting
		void setContentRecorder(ContentRecorder contentRecorder) {
		mContentRecorder = contentRecorder;
		}

		private ContentRecorder getContentRecorder() {
		if (mContentRecorder == null) {
		mContentRecorder = new ContentRecorder(this);

services/tests/PackageManagerServiceTests/appenumeration/Android.bp

+2 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,8 @@ android_test {
		"androidx.test.runner",
		"truth",
		"Harrier",
		"frameworks-base-testutils",
		"services.core",
		],
		platform_apis: true,
		certificate: "platform",