Loading services/permission/java/com/android/server/permission/access/collection/IndexedList.kt +7 −0 Original line number Diff line number Diff line Loading @@ -99,3 +99,10 @@ inline fun <T> IndexedList<T>.retainAllIndexed(predicate: (Int, T) -> Boolean): } return isChanged } inline fun <T, R> IndexedList<T>.mapNotNullIndexed(transform: (T) -> R?): IndexedList<R> = IndexedList<R>().also { destination -> forEachIndexed { _, element -> transform(element)?.let { destination += it } } } services/permission/java/com/android/server/permission/access/permission/Permission.kt +42 −28 Original line number Diff line number Diff line Loading @@ -46,83 +46,86 @@ data class Permission( @Suppress("DEPRECATION") get() = permissionInfo.protectionLevel inline val protection: Int get() = permissionInfo.protection inline val isInternal: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_INTERNAL get() = protection == PermissionInfo.PROTECTION_INTERNAL inline val isNormal: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_NORMAL get() = protection == PermissionInfo.PROTECTION_NORMAL inline val isRuntime: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_DANGEROUS get() = protection == PermissionInfo.PROTECTION_DANGEROUS inline val isSignature: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_SIGNATURE get() = protection == PermissionInfo.PROTECTION_SIGNATURE inline val protectionFlags: Int get() = permissionInfo.protectionFlags inline val isAppOp: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP) inline val isAppPredictor: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR) inline val isCompanion: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION) inline val isConfigurator: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR) inline val isDevelopment: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) inline val isIncidentReportApprover: Boolean get() = permissionInfo.protectionFlags .hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER) inline val isInstaller: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER) inline val isInstant: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT) inline val isKnownSigner: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER) inline val isOem: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM) inline val isPre23: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23) inline val isPreInstalled: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED) inline val isPrivileged: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED) inline val isRecents: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS) inline val isRetailDemo: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO) inline val isRole: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE) inline val isRuntimeOnly: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) inline val isSetup: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP) inline val isSystemTextClassifier: Boolean get() = permissionInfo.protectionFlags .hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) inline val isVendorPrivileged: Boolean get() = permissionInfo.protectionFlags .hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED) inline val isVerifier: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER) inline val isHardRestricted: Boolean get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_HARD_RESTRICTED) Loading @@ -133,12 +136,23 @@ data class Permission( inline val isSoftRestricted: Boolean get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_SOFT_RESTRICTED) inline val isHardOrSoftRestricted: Boolean get() = permissionInfo.flags.hasBits( PermissionInfo.FLAG_HARD_RESTRICTED or PermissionInfo.FLAG_SOFT_RESTRICTED ) inline val isImmutablyRestricted: Boolean get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_IMMUTABLY_RESTRICTED) inline val knownCerts: Set<String> get() = permissionInfo.knownCerts inline val hasGids: Boolean get() = gids.isNotEmpty() inline val footprint: Int get() = name.length + permissionInfo.calculateFootprint() fun getGidsForUser(userId: Int): IntArray = if (areGidsPerUser) { IntArray(gids.size) { i -> UserHandle.getUid(userId, gids[i]) } Loading services/permission/java/com/android/server/permission/access/permission/PermissionService.kt +505 −37 File changed.Preview size limit exceeded, changes collapsed. Show changes services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt +32 −14 Original line number Diff line number Diff line Loading @@ -361,7 +361,7 @@ class UidPermissionPolicy : SchemePolicy() { // Different from the old implementation, which may add an (incomplete) signature // permission inside another package's permission tree, we now consistently ignore such // permissions. val permissionTree = getPermissionTree(permissionName) val permissionTree = findPermissionTree(permissionName) val newPackageName = newPermissionInfo.packageName if (permissionTree != null && newPackageName != permissionTree.packageName) { Log.w( Loading Loading @@ -482,7 +482,7 @@ class UidPermissionPolicy : SchemePolicy() { if (!permission.isDynamic) { return permission } val permissionTree = getPermissionTree(permission.name) ?: return permission val permissionTree = findPermissionTree(permission.name) ?: return permission @Suppress("DEPRECATION") return permission.copy( permissionInfo = PermissionInfo(permission.permissionInfo).apply { Loading @@ -491,18 +491,6 @@ class UidPermissionPolicy : SchemePolicy() { ) } private fun MutateStateScope.getPermissionTree(permissionName: String): Permission? = newState.systemState.permissionTrees.firstNotNullOfOrNullIndexed { _, permissionTreeName, permissionTree -> if (permissionName.startsWith(permissionTreeName) && permissionName.length > permissionTreeName.length && permissionName[permissionTreeName.length] == '.') { permissionTree } else { null } } private fun MutateStateScope.trimPermissionStates(appId: Int) { val requestedPermissions = IndexedSet<String>() forEachPackageInAppId(appId) { Loading Loading @@ -1103,6 +1091,26 @@ class UidPermissionPolicy : SchemePolicy() { with(persistence) { this@serializeUserState.serializeUserState(state, userId) } } fun GetStateScope.getPermissionTrees(): IndexedMap<String, Permission> = state.systemState.permissionTrees fun GetStateScope.findPermissionTree(permissionName: String): Permission? = state.systemState.permissionTrees.firstNotNullOfOrNullIndexed { _, permissionTreeName, permissionTree -> if (permissionName.startsWith(permissionTreeName) && permissionName.length > permissionTreeName.length && permissionName[permissionTreeName.length] == '.') { permissionTree } else { null } } fun MutateStateScope.addPermissionTree(permission: Permission) { newState.systemState.permissionTrees[permission.name] = permission newState.systemState.requestWrite() } /** * returns all permission group definitions available in the system */ Loading @@ -1115,6 +1123,16 @@ class UidPermissionPolicy : SchemePolicy() { fun GetStateScope.getPermissions(): IndexedMap<String, Permission> = state.systemState.permissions fun MutateStateScope.addPermission(permission: Permission, sync: Boolean = false) { newState.systemState.permissions[permission.name] = permission newState.systemState.requestWrite(sync) } fun MutateStateScope.removePermission(permission: Permission) { newState.systemState.permissions -= permission.name newState.systemState.requestWrite() } fun GetStateScope.getUidPermissionFlags(appId: Int, userId: Int): IndexedMap<String, Int>? = state.userStates[userId]?.uidPermissionFlags?.get(appId) Loading Loading
services/permission/java/com/android/server/permission/access/collection/IndexedList.kt +7 −0 Original line number Diff line number Diff line Loading @@ -99,3 +99,10 @@ inline fun <T> IndexedList<T>.retainAllIndexed(predicate: (Int, T) -> Boolean): } return isChanged } inline fun <T, R> IndexedList<T>.mapNotNullIndexed(transform: (T) -> R?): IndexedList<R> = IndexedList<R>().also { destination -> forEachIndexed { _, element -> transform(element)?.let { destination += it } } }
services/permission/java/com/android/server/permission/access/permission/Permission.kt +42 −28 Original line number Diff line number Diff line Loading @@ -46,83 +46,86 @@ data class Permission( @Suppress("DEPRECATION") get() = permissionInfo.protectionLevel inline val protection: Int get() = permissionInfo.protection inline val isInternal: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_INTERNAL get() = protection == PermissionInfo.PROTECTION_INTERNAL inline val isNormal: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_NORMAL get() = protection == PermissionInfo.PROTECTION_NORMAL inline val isRuntime: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_DANGEROUS get() = protection == PermissionInfo.PROTECTION_DANGEROUS inline val isSignature: Boolean get() = permissionInfo.protection == PermissionInfo.PROTECTION_SIGNATURE get() = protection == PermissionInfo.PROTECTION_SIGNATURE inline val protectionFlags: Int get() = permissionInfo.protectionFlags inline val isAppOp: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP) inline val isAppPredictor: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR) inline val isCompanion: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION) inline val isConfigurator: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR) inline val isDevelopment: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) inline val isIncidentReportApprover: Boolean get() = permissionInfo.protectionFlags .hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER) inline val isInstaller: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER) inline val isInstant: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT) inline val isKnownSigner: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER) inline val isOem: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM) inline val isPre23: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23) inline val isPreInstalled: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED) inline val isPrivileged: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED) inline val isRecents: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS) inline val isRetailDemo: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO) inline val isRole: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE) inline val isRuntimeOnly: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) inline val isSetup: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP) inline val isSystemTextClassifier: Boolean get() = permissionInfo.protectionFlags .hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) inline val isVendorPrivileged: Boolean get() = permissionInfo.protectionFlags .hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED) inline val isVerifier: Boolean get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER) get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER) inline val isHardRestricted: Boolean get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_HARD_RESTRICTED) Loading @@ -133,12 +136,23 @@ data class Permission( inline val isSoftRestricted: Boolean get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_SOFT_RESTRICTED) inline val isHardOrSoftRestricted: Boolean get() = permissionInfo.flags.hasBits( PermissionInfo.FLAG_HARD_RESTRICTED or PermissionInfo.FLAG_SOFT_RESTRICTED ) inline val isImmutablyRestricted: Boolean get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_IMMUTABLY_RESTRICTED) inline val knownCerts: Set<String> get() = permissionInfo.knownCerts inline val hasGids: Boolean get() = gids.isNotEmpty() inline val footprint: Int get() = name.length + permissionInfo.calculateFootprint() fun getGidsForUser(userId: Int): IntArray = if (areGidsPerUser) { IntArray(gids.size) { i -> UserHandle.getUid(userId, gids[i]) } Loading
services/permission/java/com/android/server/permission/access/permission/PermissionService.kt +505 −37 File changed.Preview size limit exceeded, changes collapsed. Show changes
services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt +32 −14 Original line number Diff line number Diff line Loading @@ -361,7 +361,7 @@ class UidPermissionPolicy : SchemePolicy() { // Different from the old implementation, which may add an (incomplete) signature // permission inside another package's permission tree, we now consistently ignore such // permissions. val permissionTree = getPermissionTree(permissionName) val permissionTree = findPermissionTree(permissionName) val newPackageName = newPermissionInfo.packageName if (permissionTree != null && newPackageName != permissionTree.packageName) { Log.w( Loading Loading @@ -482,7 +482,7 @@ class UidPermissionPolicy : SchemePolicy() { if (!permission.isDynamic) { return permission } val permissionTree = getPermissionTree(permission.name) ?: return permission val permissionTree = findPermissionTree(permission.name) ?: return permission @Suppress("DEPRECATION") return permission.copy( permissionInfo = PermissionInfo(permission.permissionInfo).apply { Loading @@ -491,18 +491,6 @@ class UidPermissionPolicy : SchemePolicy() { ) } private fun MutateStateScope.getPermissionTree(permissionName: String): Permission? = newState.systemState.permissionTrees.firstNotNullOfOrNullIndexed { _, permissionTreeName, permissionTree -> if (permissionName.startsWith(permissionTreeName) && permissionName.length > permissionTreeName.length && permissionName[permissionTreeName.length] == '.') { permissionTree } else { null } } private fun MutateStateScope.trimPermissionStates(appId: Int) { val requestedPermissions = IndexedSet<String>() forEachPackageInAppId(appId) { Loading Loading @@ -1103,6 +1091,26 @@ class UidPermissionPolicy : SchemePolicy() { with(persistence) { this@serializeUserState.serializeUserState(state, userId) } } fun GetStateScope.getPermissionTrees(): IndexedMap<String, Permission> = state.systemState.permissionTrees fun GetStateScope.findPermissionTree(permissionName: String): Permission? = state.systemState.permissionTrees.firstNotNullOfOrNullIndexed { _, permissionTreeName, permissionTree -> if (permissionName.startsWith(permissionTreeName) && permissionName.length > permissionTreeName.length && permissionName[permissionTreeName.length] == '.') { permissionTree } else { null } } fun MutateStateScope.addPermissionTree(permission: Permission) { newState.systemState.permissionTrees[permission.name] = permission newState.systemState.requestWrite() } /** * returns all permission group definitions available in the system */ Loading @@ -1115,6 +1123,16 @@ class UidPermissionPolicy : SchemePolicy() { fun GetStateScope.getPermissions(): IndexedMap<String, Permission> = state.systemState.permissions fun MutateStateScope.addPermission(permission: Permission, sync: Boolean = false) { newState.systemState.permissions[permission.name] = permission newState.systemState.requestWrite(sync) } fun MutateStateScope.removePermission(permission: Permission) { newState.systemState.permissions -= permission.name newState.systemState.requestWrite() } fun GetStateScope.getUidPermissionFlags(appId: Int, userId: Int): IndexedMap<String, Int>? = state.userStates[userId]?.uidPermissionFlags?.get(appId) Loading
