Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 54ccddab authored by Yuting Fang's avatar Yuting Fang Committed by Android (Google) Code Review
Browse files

Merge "Perform device capability check when checking device aware permission... 

Merge "Perform device capability check when checking device aware permission on remote devices" into main
parents e01878fe 3c6a28b9

core/java/android/app/ContextImpl.java

+31 −1
Original line number Diff line number Diff line
@@ -21,12 +21,14 @@ import static android.content.pm.PackageManager.PERMISSION_GRANTED; 
import static android.os.StrictMode.vmIncorrectContextUseEnabled;

import static android.view.WindowManager.LayoutParams.WindowType;



import android.Manifest;

import android.annotation.CallbackExecutor;

import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.SuppressLint;

import android.annotation.UiContext;

import android.companion.virtual.VirtualDevice;

import android.companion.virtual.VirtualDeviceManager;

import android.compat.annotation.UnsupportedAppUsage;

import android.content.AttributionSource;
@@ -2288,7 +2290,35 @@ class ContextImpl extends Context { 
            Log.v(TAG, "Treating renounced permission " + permission + " as denied");

            return PERMISSION_DENIED;

        }

        return PermissionManager.checkPermission(permission, pid, uid, getDeviceId());



        // When checking a device-aware permission on a remote device, if the permission is CAMERA

        // or RECORD_AUDIO we need to check remote device's corresponding capability. If the remote

        // device doesn't have capability fall back to checking permission on the default device.

        // Note: we only perform permission check redirection when the device id is not explicitly

        // set in the context.

        int deviceId = getDeviceId();

        if (deviceId != Context.DEVICE_ID_DEFAULT

                && !mIsExplicitDeviceId

                && PermissionManager.DEVICE_AWARE_PERMISSIONS.contains(permission)) {

            VirtualDeviceManager virtualDeviceManager =

                    getSystemService(VirtualDeviceManager.class);

            VirtualDevice virtualDevice = virtualDeviceManager.getVirtualDevice(deviceId);

            if (virtualDevice != null) {

                if ((Objects.equals(permission, Manifest.permission.RECORD_AUDIO)

                                && !virtualDevice.hasCustomAudioInputSupport())

                        || (Objects.equals(permission, Manifest.permission.CAMERA)

                                && !virtualDevice.hasCustomCameraSupport())) {

                    deviceId = Context.DEVICE_ID_DEFAULT;

                }

            } else {

                Slog.e(

                        TAG,

                        "virtualDevice is not found when device id is not default. deviceId = "

                                + deviceId);

            }

        }



        return PermissionManager.checkPermission(permission, pid, uid, deviceId);

    }



    /** @hide */

core/java/android/permission/PermissionManager.java

+10 −0
Original line number Diff line number Diff line
@@ -240,6 +240,16 @@ public final class PermissionManager { 
    public static final String EXTRA_PERMISSION_USAGES =

            "android.permission.extra.PERMISSION_USAGES";



    /**

     * Specify what permissions are device aware. Only device aware permissions can be granted to

     * a remote device.

     * @hide

     */

    public static final Set<String> DEVICE_AWARE_PERMISSIONS =

            Flags.deviceAwarePermissionsEnabled()

                    ? Set.of(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO)

                    : Collections.emptySet();



    private final @NonNull Context mContext;



    private final IPackageManager mPackageManager;

services/permission/java/com/android/server/permission/access/permission/PermissionService.kt

+2 −11
Original line number Diff line number Diff line
@@ -1598,7 +1598,7 @@ class PermissionService(private val service: AccessCheckingService) : 
        ) {

            with(policy) { getPermissionFlags(appId, userId, permissionName) }

        } else {

            if (permissionName !in DEVICE_AWARE_PERMISSIONS) {

            if (permissionName !in PermissionManager.DEVICE_AWARE_PERMISSIONS) {

                Slog.i(

                    LOG_TAG,

                    "$permissionName is not device aware permission, " +
@@ -1623,7 +1623,7 @@ class PermissionService(private val service: AccessCheckingService) : 
        ) {

            with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }

        } else {

            if (permissionName !in DEVICE_AWARE_PERMISSIONS) {

            if (permissionName !in PermissionManager.DEVICE_AWARE_PERMISSIONS) {

                Slog.i(

                    LOG_TAG,

                    "$permissionName is not device aware permission, " +
@@ -2820,15 +2820,6 @@ class PermissionService(private val service: AccessCheckingService) : 
                PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM or

                PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER



        /** These permissions are supported for virtual devices. */

        // TODO: b/298661870 - Use new API to get the list of device aware permissions.

        val DEVICE_AWARE_PERMISSIONS =

            if (Flags.deviceAwarePermissionsEnabled()) {

                setOf(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO)

            } else {

                emptySet<String>()

            }



        fun getFullerPermission(permissionName: String): String? =

            FULLER_PERMISSIONS[permissionName]

    }