Add system server test API to force enforce signature permission allowlist. (70baff8c) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/permission/OWNERS

0 → 100644

+3 −0

Original line number	Diff line number	Diff line
		# Bug component: 137825

		include platform/frameworks/base:/core/java/android/permission/OWNERS

0 → 100644

+46 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2024 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission;

		import android.annotation.TestApi;
		import com.android.internal.annotations.Keep;

		/**
		* In-process API for server side permission related infrastructure.
		*
		* @hide
		*/
		@Keep
		@TestApi
		public interface PermissionManagerLocal {

		/**
		* Get whether signature permission allowlist is enforced even on debuggable builds.
		*
		* @return whether the signature permission allowlist is force enforced
		*/
		@TestApi
		boolean isSignaturePermissionAllowlistForceEnforced();

		/**
		* Set whether signature permission allowlist is enforced even on debuggable builds.
		*
		* @param forceEnforced whether the signature permission allowlist is force enforced
		*/
		@TestApi
		void setSignaturePermissionAllowlistForceEnforced(boolean forceEnforced);
		}

+7 −0

Original line number	Diff line number	Diff line
		@@ -27,9 +27,11 @@ import com.android.server.LocalServices
		import com.android.server.SystemConfig
		import com.android.server.SystemService
		import com.android.server.appop.AppOpsCheckingServiceInterface
		import com.android.server.permission.PermissionManagerLocal
		import com.android.server.permission.access.appop.AppOpService
		import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports
		import com.android.server.permission.access.immutable.* // ktlint-disable no-wildcard-imports
		import com.android.server.permission.access.permission.PermissionManagerLocalImpl
		import com.android.server.permission.access.permission.PermissionService
		import com.android.server.pm.KnownPackages
		import com.android.server.pm.PackageManagerLocal
		@@ -63,6 +65,11 @@ class AccessCheckingService(context: Context) : SystemService(context) {

		LocalServices.addService(AppOpsCheckingServiceInterface::class.java, appOpService)
		LocalServices.addService(PermissionManagerServiceInterface::class.java, permissionService)

		LocalManagerRegistry.addManager(
		PermissionManagerLocal::class.java,
		PermissionManagerLocalImpl(this)
		)
		}

		fun initialize() {

+8 −2

Original line number	Diff line number	Diff line
		@@ -63,6 +63,12 @@ class AppIdPermissionPolicy : SchemePolicy() {

		private val privilegedPermissionAllowlistViolations = MutableIndexedSet<String>()

		/**
		* Test-only switch to enforce signature permission allowlist even on debuggable builds.
		*/
		@Volatile
		var isSignaturePermissionAllowlistForceEnforced = false

		override val subjectScheme: String
		get() = UidUri.SCHEME

		@@ -1274,7 +1280,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		SigningDetails.CertCapabilities.PERMISSION
		)
		if (!Flags.signaturePermissionAllowlistEnabled()) {
		return hasCommonSigner;
		return hasCommonSigner
		}
		if (!hasCommonSigner) {
		return false
		@@ -1308,7 +1314,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		" ${packageState.packageName} (${packageState.path}) not in" +
		" signature permission allowlist"
		)
		if (!Build.isDebuggable()) {
		if (!Build.isDebuggable() \|\| isSignaturePermissionAllowlistForceEnforced) {
		return false
		}
		}

0 → 100644

+40 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2024 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.permission.access.permission

		import android.os.Build
		import com.android.server.permission.PermissionManagerLocal
		import com.android.server.permission.access.AccessCheckingService
		import com.android.server.permission.access.PermissionUri
		import com.android.server.permission.access.UidUri

		class PermissionManagerLocalImpl(
		private val service: AccessCheckingService
		) : PermissionManagerLocal {
		private val policy =
		service.getSchemePolicy(UidUri.SCHEME, PermissionUri.SCHEME) as AppIdPermissionPolicy

		override fun isSignaturePermissionAllowlistForceEnforced(): Boolean {
		check(Build.isDebuggable())
		return policy.isSignaturePermissionAllowlistForceEnforced
		}

		override fun setSignaturePermissionAllowlistForceEnforced(forceEnforced: Boolean) {
		check(Build.isDebuggable())
		policy.isSignaturePermissionAllowlistForceEnforced = forceEnforced
		}
		}