Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a4baf32 authored by Karishma Vakil's avatar Karishma Vakil
Browse files

[Safety Labels] Guard explicit broadcast to PermissionController with DeviceConfig flags 

In the spirit for flag-guarding all code related to this feature.

Bug: 261661975
Test: atest CtsPermission3TestCases:AppDataSharingUpdatesTest
Change-Id: Iac48ac09670b0155822c78ca6f19f3883fa81068
parent 5409ada0

services/core/java/com/android/server/pm/BroadcastHelper.java

+17 −5
Original line number Diff line number Diff line
@@ -18,6 +18,8 @@ package com.android.server.pm; 


import static android.os.PowerExemptionManager.REASON_LOCKED_BOOT_COMPLETED;

import static android.os.PowerExemptionManager.TEMPORARY_ALLOW_LIST_TYPE_FOREGROUND_SERVICE_ALLOWED;

import static android.safetylabel.SafetyLabelConstants.PERMISSION_RATIONALE_ENABLED;

import static android.safetylabel.SafetyLabelConstants.SAFETY_LABEL_CHANGE_NOTIFICATIONS_ENABLED;



import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL;

import static com.android.server.pm.PackageManagerService.PACKAGE_SCHEME;
@@ -42,6 +44,7 @@ import android.os.Bundle; 
import android.os.PowerExemptionManager;

import android.os.RemoteException;

import android.os.UserHandle;

import android.provider.DeviceConfig;

import android.util.IntArray;

import android.util.Log;

import android.util.Pair;
@@ -335,12 +338,14 @@ public final class BroadcastHelper { 
                broadcastAllowlist, null /* filterExtrasForReceiver */, null);

        // Send to PermissionController for all new users, even if it may not be running for some

        // users

        if (isPrivacySafetyLabelChangeNotificationsEnabled()) {

            sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED,

                    packageName, extras, 0,

                    mContext.getPackageManager().getPermissionControllerPackageName(),

                    null, userIds, instantUserIds,

                    broadcastAllowlist, null /* filterExtrasForReceiver */, null);

        }

    }



    public void sendFirstLaunchBroadcast(String pkgName, String installerPkg,

            int[] userIds, int[] instantUserIds) {
@@ -384,6 +389,13 @@ public final class BroadcastHelper { 
        return filteredExtras;

    }



    /** Returns whether the Safety Label Change notification, a privacy feature, is enabled. */

    public static boolean isPrivacySafetyLabelChangeNotificationsEnabled() {

        return DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_PRIVACY,

                SAFETY_LABEL_CHANGE_NOTIFICATIONS_ENABLED, false) && DeviceConfig.getBoolean(

                DeviceConfig.NAMESPACE_PRIVACY, PERMISSION_RATIONALE_ENABLED, false);

    }



    @NonNull

    private static Pair<String[], int[]> filterPackages(@NonNull Computer snapshot,

            @NonNull String[] pkgs, @Nullable int[] uids, int callingUid, int userId) {

services/core/java/com/android/server/pm/InstallPackageHelper.java

+6 −4
Original line number Diff line number Diff line
@@ -2838,10 +2838,12 @@ final class InstallPackageHelper { 
                }

                // Send to PermissionController for all update users, even if it may not be running

                // for some users

                if (BroadcastHelper.isPrivacySafetyLabelChangeNotificationsEnabled()) {

                    mPm.sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName,

                            extras, 0 /*flags*/,

                            mPm.mRequiredPermissionControllerPackage, null /*finishedReceiver*/,

                            updateUserIds, instantUserIds, null /* broadcastAllowList */, null);

                }

                // Notify required verifier(s) that are not the installer of record for the package.

                for (String verifierPackageName : mPm.mRequiredVerifierPackages) {

                    if (verifierPackageName != null && !verifierPackageName.equals(