Loading services/core/java/com/android/server/pm/permission/PermissionManagerService.java +29 −25 Original line number Diff line number Diff line Loading @@ -72,6 +72,7 @@ import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.ArrayUtils; import com.android.internal.util.Preconditions; import com.android.internal.util.function.QuadFunction; import com.android.internal.util.function.TriFunction; import com.android.server.LocalServices; import com.android.server.pm.UserManagerInternal; Loading @@ -93,7 +94,6 @@ import java.util.WeakHashMap; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; import java.util.function.BiFunction; /** * Manages all permissions and handles permissions related tasks. Loading Loading @@ -233,11 +233,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { return mPermissionManagerServiceImpl.checkPermission( packageName, permissionName, userId); return mPermissionManagerServiceImpl.checkPermission(packageName, permissionName, deviceId, userId); } return checkPermissionDelegate.checkPermission(packageName, permissionName, userId, mPermissionManagerServiceImpl::checkPermission); return checkPermissionDelegate.checkPermission(packageName, permissionName, deviceId, userId, mPermissionManagerServiceImpl::checkPermission); } @Override Loading @@ -254,10 +254,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName); return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName, deviceId); } return checkPermissionDelegate.checkUidPermission(uid, permissionName, mPermissionManagerServiceImpl::checkUidPermission); deviceId, mPermissionManagerServiceImpl::checkUidPermission); } @Override Loading Loading @@ -511,14 +511,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { public int getPermissionFlags(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl .getPermissionFlags(packageName, permissionName, userId); .getPermissionFlags(packageName, permissionName, deviceId, userId); } @Override public void updatePermissionFlags(String packageName, String permissionName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { mPermissionManagerServiceImpl.updatePermissionFlags(packageName, permissionName, flagMask, flagValues, checkAdjustPolicyFlagPermission, userId); flagValues, checkAdjustPolicyFlagPermission, deviceId, userId); } @Override Loading Loading @@ -560,14 +560,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public void grantRuntimePermission(String packageName, String permissionName, int deviceId, int userId) { mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, userId); mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, deviceId, userId); } @Override public void revokeRuntimePermission(String packageName, String permissionName, int deviceId, int userId, String reason) { mPermissionManagerServiceImpl.revokeRuntimePermission(packageName, permissionName, userId, reason); deviceId, userId, reason); } @Override Loading @@ -580,14 +581,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { public boolean shouldShowRequestPermissionRationale(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl.shouldShowRequestPermissionRationale(packageName, permissionName, userId); permissionName, deviceId, userId); } @Override public boolean isPermissionRevokedByPolicy(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl .isPermissionRevokedByPolicy(packageName, permissionName, userId); return mPermissionManagerServiceImpl.isPermissionRevokedByPolicy(packageName, permissionName, deviceId, userId); } @Override Loading Loading @@ -868,6 +869,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { * * @param packageName the name of the package to be checked * @param permissionName the name of the permission to be checked * @param deviceId The device ID * @param userId the user ID * @param superImpl the original implementation that can be delegated to * @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has Loading @@ -876,20 +878,21 @@ public class PermissionManagerService extends IPermissionManager.Stub { * @see android.content.pm.PackageManager#checkPermission(String, String) */ int checkPermission(@NonNull String packageName, @NonNull String permissionName, @UserIdInt int userId, @NonNull TriFunction<String, String, Integer, Integer> superImpl); int deviceId, @UserIdInt int userId, @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl); /** * Check whether the given UID has been granted the specified permission. * * @param uid the UID to be checked * @param permissionName the name of the permission to be checked * @param deviceId The device ID * @param superImpl the original implementation that can be delegated to * @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has * the permission, or {@link android.content.pm.PackageManager#PERMISSION_DENIED} otherwise */ int checkUidPermission(int uid, @NonNull String permissionName, BiFunction<Integer, String, Integer> superImpl); int checkUidPermission(int uid, @NonNull String permissionName, int deviceId, TriFunction<Integer, String, Integer, Integer> superImpl); /** * @return list of delegated permissions Loading Loading @@ -918,31 +921,32 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public int checkPermission(@NonNull String packageName, @NonNull String permissionName, int userId, @NonNull TriFunction<String, String, Integer, Integer> superImpl) { int deviceId, int userId, @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl) { if (mDelegatedPackageName.equals(packageName) && isDelegatedPermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { return superImpl.apply("com.android.shell", permissionName, userId); return superImpl.apply("com.android.shell", permissionName, deviceId, userId); } finally { Binder.restoreCallingIdentity(identity); } } return superImpl.apply(packageName, permissionName, userId); return superImpl.apply(packageName, permissionName, deviceId, userId); } @Override public int checkUidPermission(int uid, @NonNull String permissionName, @NonNull BiFunction<Integer, String, Integer> superImpl) { public int checkUidPermission(int uid, @NonNull String permissionName, int deviceId, @NonNull TriFunction<Integer, String, Integer, Integer> superImpl) { if (uid == mDelegatedUid && isDelegatedPermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { return superImpl.apply(Process.SHELL_UID, permissionName); return superImpl.apply(Process.SHELL_UID, permissionName, deviceId); } finally { Binder.restoreCallingIdentity(identity); } } return superImpl.apply(uid, permissionName); return superImpl.apply(uid, permissionName, deviceId); } @Override Loading services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +25 −15 Original line number Diff line number Diff line Loading @@ -681,7 +681,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public int getPermissionFlags(String packageName, String permName, int userId) { public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) { final int callingUid = Binder.getCallingUid(); return getPermissionFlagsInternal(packageName, permName, callingUid, userId); } Loading Loading @@ -724,7 +724,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @Override public void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { final int callingUid = Binder.getCallingUid(); boolean overridePolicy = false; Loading Loading @@ -908,8 +908,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } } private int checkPermission(String pkgName, String permName, int userId) { return checkPermission(pkgName, permName, Context.DEVICE_ID_DEFAULT, userId); } @Override public int checkPermission(String pkgName, String permName, int userId) { public int checkPermission(String pkgName, String permName, int deviceId, int userId) { if (!mUserManagerInt.exists(userId)) { return PackageManager.PERMISSION_DENIED; } Loading Loading @@ -975,8 +979,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt return true; } private int checkUidPermission(int uid, String permName) { return checkUidPermission(uid, permName, Context.DEVICE_ID_DEFAULT); } @Override public int checkUidPermission(int uid, String permName) { public int checkUidPermission(int uid, String permName, int deviceId) { final int userId = UserHandle.getUserId(uid); if (!mUserManagerInt.exists(userId)) { return PackageManager.PERMISSION_DENIED; Loading Loading @@ -1295,7 +1303,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public void grantRuntimePermission(String packageName, String permName, final int userId) { public void grantRuntimePermission(String packageName, String permName, int deviceId, int userId) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY) Loading Loading @@ -1468,11 +1477,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public void revokeRuntimePermission(String packageName, String permName, int userId, String reason) { public void revokeRuntimePermission(String packageName, String permName, int deviceId, int userId, String reason) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY) checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY, deviceId) == PackageManager.PERMISSION_GRANTED; revokeRuntimePermissionInternal(packageName, permName, overridePolicy, callingUid, userId, Loading Loading @@ -1859,7 +1868,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permName, @UserIdInt int userId) { int deviceId, @UserIdInt int userId) { final int callingUid = Binder.getCallingUid(); if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( Loading Loading @@ -1922,7 +1931,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId) { public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, int userId) { if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, Loading Loading @@ -2059,8 +2069,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt continue; } boolean isSystemOrPolicyFixed = (getPermissionFlags(newPackage.getPackageName(), permInfo.name, userId) & (FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0; permInfo.name, Context.DEVICE_ID_DEFAULT, userId) & ( FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0; if (isSystemOrPolicyFixed) { continue; } Loading Loading @@ -2226,7 +2236,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt for (final int userId : userIds) { final int permissionState = checkPermission(packageName, permName, userId); final int flags = getPermissionFlags(packageName, permName, userId); final int flags = getPermissionFlags(packageName, permName, Context.DEVICE_ID_DEFAULT, userId); final int flagMask = FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED | FLAG_PERMISSION_GRANTED_BY_DEFAULT Loading Loading @@ -5122,8 +5133,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @NonNull @Override public Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId) { public Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId) { Objects.requireNonNull(packageName, "packageName"); Preconditions.checkArgumentNonNegative(userId, "userId"); return getGrantedPermissionsInternal(packageName, userId); Loading services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java +43 −26 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.content.pm.permission.SplitPermissionInfoParcelable; import android.permission.IOnPermissionsChangeListener; import android.permission.PermissionManager; import android.permission.PermissionManagerInternal; import com.android.server.pm.pkg.AndroidPackage; Loading Loading @@ -137,14 +136,16 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte void removePermission(String permName); /** * Gets the state flags associated with a permission. * Gets the permission state flags associated with a permission. * * @param packageName the package name for which to get the flags * @param permName the permission for which to get the flags * @param deviceId The device for which to get the flags * @param userId the user for which to get permission flags * @return the permission flags */ int getPermissionFlags(String packageName, String permName, int userId); int getPermissionFlags(String packageName, String permName, int deviceId, @UserIdInt int userId); /** * Updates the flags associated with a permission by replacing the flags in the specified mask Loading @@ -154,10 +155,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * @param permName The permission for which to update the flags * @param flagMask The flags which to replace * @param flagValues The flags with which to replace * @param deviceId The device for which to update the permission flags * @param userId The user for which to update the permission flags */ void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int userId); void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, @UserIdInt int userId); /** * Update the permission flags for all packages and runtime permissions of a user in order Loading Loading @@ -291,11 +293,13 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * * @param packageName the package to which to grant the permission * @param permName the permission name to grant * @param deviceId the device for which to grant the permission * @param userId the user for which to grant the permission * * @see #revokeRuntimePermission(String, String, android.os.UserHandle, String) * @see #revokeRuntimePermission(String, String, int, int, String) */ void grantRuntimePermission(String packageName, String permName, int userId); void grantRuntimePermission(String packageName, String permName, int deviceId, @UserIdInt int userId); /** * Revoke a runtime permission that was previously granted by Loading @@ -310,13 +314,14 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * * @param packageName the package from which to revoke the permission * @param permName the permission name to revoke * @param deviceId the device for which to revoke the permission * @param userId the user for which to revoke the permission * @param reason the reason for the revoke, or {@code null} for unspecified * * @see #grantRuntimePermission(String, String, android.os.UserHandle) * @see #grantRuntimePermission(String, String, int, int) */ void revokeRuntimePermission(String packageName, String permName, int userId, String reason); void revokeRuntimePermission(String packageName, String permName, int deviceId, @UserIdInt int userId, String reason); /** * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE Loading @@ -333,24 +338,29 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * does not clearly communicate to the user what would be the benefit from grating this * permission. * * @param packageName the package name * @param permName a permission your app wants to request * @param deviceId the device for which to check the permission * @param userId the user for which to check the permission * @return whether you can show permission rationale UI */ boolean shouldShowRequestPermissionRationale(String packageName, String permName, @UserIdInt int userId); int deviceId, @UserIdInt int userId); /** * Checks whether a particular permissions has been revoked for a package by policy. Typically * Checks whether a particular permission has been revoked for a package by policy. Typically, * the device owner or the profile owner may apply such a policy. The user cannot grant policy * revoked permissions, hence the only way for an app to get such a permission is by a policy * change. * * @param packageName the name of the package you are checking against * @param permName the name of the permission you are checking for * * @param deviceId the device for which you are checking the permission * @param userId the device for which you are checking the permission * @return whether the permission is restricted by policy */ boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId); boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, @UserIdInt int userId); /** * Get set of permissions that have been split into more granular or dependent permissions. Loading @@ -373,14 +383,25 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte List<SplitPermissionInfoParcelable> getSplitPermissions(); /** * TODO:theianchen add doc describing this is the old checkPermissionImpl * Check whether a permission is granted or not to a package. * * @param pkgName package name * @param permName permission name * @param deviceId device ID * @param userId user ID * @return permission result {@link PackageManager.PermissionResult} */ int checkPermission(String pkgName, String permName, int userId); int checkPermission(String pkgName, String permName, int deviceId, @UserIdInt int userId); /** * TODO:theianchen add doc describing this is the old checkUidPermissionImpl * Check whether a permission is granted or not to an UID. * * @param uid UID * @param permName permission name * @param deviceId device ID * @return permission result {@link PackageManager.PermissionResult} */ int checkUidPermission(int uid, String permName); int checkUidPermission(int uid, String permName, int deviceId); /** * Get all the package names requesting app op permissions. Loading @@ -400,15 +421,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte @UserIdInt int userId); /** * Reset the runtime permission state changes for a package. * Reset the runtime permission state changes for a package for all devices. * * TODO(zhanghai): Turn this into package change callback? * * @param pkg the package * @param userId the user ID */ void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); /** * Reset the runtime permission state changes for all packages in a user. Loading Loading @@ -449,8 +466,8 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte /** * Get all the permissions granted to a package. * * @param packageName the name of the package * @param userId the user ID * @param packageName package name * @param userId user ID * @return the names of the granted permissions */ @NonNull Loading Loading
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +29 −25 Original line number Diff line number Diff line Loading @@ -72,6 +72,7 @@ import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.ArrayUtils; import com.android.internal.util.Preconditions; import com.android.internal.util.function.QuadFunction; import com.android.internal.util.function.TriFunction; import com.android.server.LocalServices; import com.android.server.pm.UserManagerInternal; Loading @@ -93,7 +94,6 @@ import java.util.WeakHashMap; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; import java.util.function.BiFunction; /** * Manages all permissions and handles permissions related tasks. Loading Loading @@ -233,11 +233,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { return mPermissionManagerServiceImpl.checkPermission( packageName, permissionName, userId); return mPermissionManagerServiceImpl.checkPermission(packageName, permissionName, deviceId, userId); } return checkPermissionDelegate.checkPermission(packageName, permissionName, userId, mPermissionManagerServiceImpl::checkPermission); return checkPermissionDelegate.checkPermission(packageName, permissionName, deviceId, userId, mPermissionManagerServiceImpl::checkPermission); } @Override Loading @@ -254,10 +254,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName); return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName, deviceId); } return checkPermissionDelegate.checkUidPermission(uid, permissionName, mPermissionManagerServiceImpl::checkUidPermission); deviceId, mPermissionManagerServiceImpl::checkUidPermission); } @Override Loading Loading @@ -511,14 +511,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { public int getPermissionFlags(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl .getPermissionFlags(packageName, permissionName, userId); .getPermissionFlags(packageName, permissionName, deviceId, userId); } @Override public void updatePermissionFlags(String packageName, String permissionName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { mPermissionManagerServiceImpl.updatePermissionFlags(packageName, permissionName, flagMask, flagValues, checkAdjustPolicyFlagPermission, userId); flagValues, checkAdjustPolicyFlagPermission, deviceId, userId); } @Override Loading Loading @@ -560,14 +560,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public void grantRuntimePermission(String packageName, String permissionName, int deviceId, int userId) { mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, userId); mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, deviceId, userId); } @Override public void revokeRuntimePermission(String packageName, String permissionName, int deviceId, int userId, String reason) { mPermissionManagerServiceImpl.revokeRuntimePermission(packageName, permissionName, userId, reason); deviceId, userId, reason); } @Override Loading @@ -580,14 +581,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { public boolean shouldShowRequestPermissionRationale(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl.shouldShowRequestPermissionRationale(packageName, permissionName, userId); permissionName, deviceId, userId); } @Override public boolean isPermissionRevokedByPolicy(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl .isPermissionRevokedByPolicy(packageName, permissionName, userId); return mPermissionManagerServiceImpl.isPermissionRevokedByPolicy(packageName, permissionName, deviceId, userId); } @Override Loading Loading @@ -868,6 +869,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { * * @param packageName the name of the package to be checked * @param permissionName the name of the permission to be checked * @param deviceId The device ID * @param userId the user ID * @param superImpl the original implementation that can be delegated to * @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has Loading @@ -876,20 +878,21 @@ public class PermissionManagerService extends IPermissionManager.Stub { * @see android.content.pm.PackageManager#checkPermission(String, String) */ int checkPermission(@NonNull String packageName, @NonNull String permissionName, @UserIdInt int userId, @NonNull TriFunction<String, String, Integer, Integer> superImpl); int deviceId, @UserIdInt int userId, @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl); /** * Check whether the given UID has been granted the specified permission. * * @param uid the UID to be checked * @param permissionName the name of the permission to be checked * @param deviceId The device ID * @param superImpl the original implementation that can be delegated to * @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has * the permission, or {@link android.content.pm.PackageManager#PERMISSION_DENIED} otherwise */ int checkUidPermission(int uid, @NonNull String permissionName, BiFunction<Integer, String, Integer> superImpl); int checkUidPermission(int uid, @NonNull String permissionName, int deviceId, TriFunction<Integer, String, Integer, Integer> superImpl); /** * @return list of delegated permissions Loading Loading @@ -918,31 +921,32 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public int checkPermission(@NonNull String packageName, @NonNull String permissionName, int userId, @NonNull TriFunction<String, String, Integer, Integer> superImpl) { int deviceId, int userId, @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl) { if (mDelegatedPackageName.equals(packageName) && isDelegatedPermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { return superImpl.apply("com.android.shell", permissionName, userId); return superImpl.apply("com.android.shell", permissionName, deviceId, userId); } finally { Binder.restoreCallingIdentity(identity); } } return superImpl.apply(packageName, permissionName, userId); return superImpl.apply(packageName, permissionName, deviceId, userId); } @Override public int checkUidPermission(int uid, @NonNull String permissionName, @NonNull BiFunction<Integer, String, Integer> superImpl) { public int checkUidPermission(int uid, @NonNull String permissionName, int deviceId, @NonNull TriFunction<Integer, String, Integer, Integer> superImpl) { if (uid == mDelegatedUid && isDelegatedPermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { return superImpl.apply(Process.SHELL_UID, permissionName); return superImpl.apply(Process.SHELL_UID, permissionName, deviceId); } finally { Binder.restoreCallingIdentity(identity); } } return superImpl.apply(uid, permissionName); return superImpl.apply(uid, permissionName, deviceId); } @Override Loading
services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +25 −15 Original line number Diff line number Diff line Loading @@ -681,7 +681,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public int getPermissionFlags(String packageName, String permName, int userId) { public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) { final int callingUid = Binder.getCallingUid(); return getPermissionFlagsInternal(packageName, permName, callingUid, userId); } Loading Loading @@ -724,7 +724,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @Override public void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { final int callingUid = Binder.getCallingUid(); boolean overridePolicy = false; Loading Loading @@ -908,8 +908,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } } private int checkPermission(String pkgName, String permName, int userId) { return checkPermission(pkgName, permName, Context.DEVICE_ID_DEFAULT, userId); } @Override public int checkPermission(String pkgName, String permName, int userId) { public int checkPermission(String pkgName, String permName, int deviceId, int userId) { if (!mUserManagerInt.exists(userId)) { return PackageManager.PERMISSION_DENIED; } Loading Loading @@ -975,8 +979,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt return true; } private int checkUidPermission(int uid, String permName) { return checkUidPermission(uid, permName, Context.DEVICE_ID_DEFAULT); } @Override public int checkUidPermission(int uid, String permName) { public int checkUidPermission(int uid, String permName, int deviceId) { final int userId = UserHandle.getUserId(uid); if (!mUserManagerInt.exists(userId)) { return PackageManager.PERMISSION_DENIED; Loading Loading @@ -1295,7 +1303,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public void grantRuntimePermission(String packageName, String permName, final int userId) { public void grantRuntimePermission(String packageName, String permName, int deviceId, int userId) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY) Loading Loading @@ -1468,11 +1477,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public void revokeRuntimePermission(String packageName, String permName, int userId, String reason) { public void revokeRuntimePermission(String packageName, String permName, int deviceId, int userId, String reason) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY) checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY, deviceId) == PackageManager.PERMISSION_GRANTED; revokeRuntimePermissionInternal(packageName, permName, overridePolicy, callingUid, userId, Loading Loading @@ -1859,7 +1868,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permName, @UserIdInt int userId) { int deviceId, @UserIdInt int userId) { final int callingUid = Binder.getCallingUid(); if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( Loading Loading @@ -1922,7 +1931,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override public boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId) { public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, int userId) { if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, Loading Loading @@ -2059,8 +2069,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt continue; } boolean isSystemOrPolicyFixed = (getPermissionFlags(newPackage.getPackageName(), permInfo.name, userId) & (FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0; permInfo.name, Context.DEVICE_ID_DEFAULT, userId) & ( FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0; if (isSystemOrPolicyFixed) { continue; } Loading Loading @@ -2226,7 +2236,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt for (final int userId : userIds) { final int permissionState = checkPermission(packageName, permName, userId); final int flags = getPermissionFlags(packageName, permName, userId); final int flags = getPermissionFlags(packageName, permName, Context.DEVICE_ID_DEFAULT, userId); final int flagMask = FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED | FLAG_PERMISSION_GRANTED_BY_DEFAULT Loading Loading @@ -5122,8 +5133,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @NonNull @Override public Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId) { public Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId) { Objects.requireNonNull(packageName, "packageName"); Preconditions.checkArgumentNonNegative(userId, "userId"); return getGrantedPermissionsInternal(packageName, userId); Loading
services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java +43 −26 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.content.pm.permission.SplitPermissionInfoParcelable; import android.permission.IOnPermissionsChangeListener; import android.permission.PermissionManager; import android.permission.PermissionManagerInternal; import com.android.server.pm.pkg.AndroidPackage; Loading Loading @@ -137,14 +136,16 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte void removePermission(String permName); /** * Gets the state flags associated with a permission. * Gets the permission state flags associated with a permission. * * @param packageName the package name for which to get the flags * @param permName the permission for which to get the flags * @param deviceId The device for which to get the flags * @param userId the user for which to get permission flags * @return the permission flags */ int getPermissionFlags(String packageName, String permName, int userId); int getPermissionFlags(String packageName, String permName, int deviceId, @UserIdInt int userId); /** * Updates the flags associated with a permission by replacing the flags in the specified mask Loading @@ -154,10 +155,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * @param permName The permission for which to update the flags * @param flagMask The flags which to replace * @param flagValues The flags with which to replace * @param deviceId The device for which to update the permission flags * @param userId The user for which to update the permission flags */ void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int userId); void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, @UserIdInt int userId); /** * Update the permission flags for all packages and runtime permissions of a user in order Loading Loading @@ -291,11 +293,13 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * * @param packageName the package to which to grant the permission * @param permName the permission name to grant * @param deviceId the device for which to grant the permission * @param userId the user for which to grant the permission * * @see #revokeRuntimePermission(String, String, android.os.UserHandle, String) * @see #revokeRuntimePermission(String, String, int, int, String) */ void grantRuntimePermission(String packageName, String permName, int userId); void grantRuntimePermission(String packageName, String permName, int deviceId, @UserIdInt int userId); /** * Revoke a runtime permission that was previously granted by Loading @@ -310,13 +314,14 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * * @param packageName the package from which to revoke the permission * @param permName the permission name to revoke * @param deviceId the device for which to revoke the permission * @param userId the user for which to revoke the permission * @param reason the reason for the revoke, or {@code null} for unspecified * * @see #grantRuntimePermission(String, String, android.os.UserHandle) * @see #grantRuntimePermission(String, String, int, int) */ void revokeRuntimePermission(String packageName, String permName, int userId, String reason); void revokeRuntimePermission(String packageName, String permName, int deviceId, @UserIdInt int userId, String reason); /** * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE Loading @@ -333,24 +338,29 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * does not clearly communicate to the user what would be the benefit from grating this * permission. * * @param packageName the package name * @param permName a permission your app wants to request * @param deviceId the device for which to check the permission * @param userId the user for which to check the permission * @return whether you can show permission rationale UI */ boolean shouldShowRequestPermissionRationale(String packageName, String permName, @UserIdInt int userId); int deviceId, @UserIdInt int userId); /** * Checks whether a particular permissions has been revoked for a package by policy. Typically * Checks whether a particular permission has been revoked for a package by policy. Typically, * the device owner or the profile owner may apply such a policy. The user cannot grant policy * revoked permissions, hence the only way for an app to get such a permission is by a policy * change. * * @param packageName the name of the package you are checking against * @param permName the name of the permission you are checking for * * @param deviceId the device for which you are checking the permission * @param userId the device for which you are checking the permission * @return whether the permission is restricted by policy */ boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId); boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, @UserIdInt int userId); /** * Get set of permissions that have been split into more granular or dependent permissions. Loading @@ -373,14 +383,25 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte List<SplitPermissionInfoParcelable> getSplitPermissions(); /** * TODO:theianchen add doc describing this is the old checkPermissionImpl * Check whether a permission is granted or not to a package. * * @param pkgName package name * @param permName permission name * @param deviceId device ID * @param userId user ID * @return permission result {@link PackageManager.PermissionResult} */ int checkPermission(String pkgName, String permName, int userId); int checkPermission(String pkgName, String permName, int deviceId, @UserIdInt int userId); /** * TODO:theianchen add doc describing this is the old checkUidPermissionImpl * Check whether a permission is granted or not to an UID. * * @param uid UID * @param permName permission name * @param deviceId device ID * @return permission result {@link PackageManager.PermissionResult} */ int checkUidPermission(int uid, String permName); int checkUidPermission(int uid, String permName, int deviceId); /** * Get all the package names requesting app op permissions. Loading @@ -400,15 +421,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte @UserIdInt int userId); /** * Reset the runtime permission state changes for a package. * Reset the runtime permission state changes for a package for all devices. * * TODO(zhanghai): Turn this into package change callback? * * @param pkg the package * @param userId the user ID */ void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); /** * Reset the runtime permission state changes for all packages in a user. Loading Loading @@ -449,8 +466,8 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte /** * Get all the permissions granted to a package. * * @param packageName the name of the package * @param userId the user ID * @param packageName package name * @param userId user ID * @return the names of the granted permissions */ @NonNull Loading
