Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 75b9842a authored by Manjeet Rulhania's avatar Manjeet Rulhania
Browse files

adding more apis in permission compat layer 

Bug: 252884423
Test: presubmit
Change-Id: Ia6d7fbbbc133554e26d7c9f5c6f9a2ed469186a5
parent 862eda0d

services/permission/java/com/android/server/permission/access/collection/IndexedList.kt

+7 −0
Original line number Diff line number Diff line
@@ -99,3 +99,10 @@ inline fun <T> IndexedList<T>.retainAllIndexed(predicate: (Int, T) -> Boolean): 
    }

    return isChanged

}



inline fun <T, R> IndexedList<T>.mapNotNullIndexed(transform: (T) -> R?): IndexedList<R> =

    IndexedList<R>().also { destination ->

        forEachIndexed { _, element ->

            transform(element)?.let { destination += it }

        }

    }

services/permission/java/com/android/server/permission/access/permission/Permission.kt

+42 −28
Original line number Diff line number Diff line
@@ -46,83 +46,86 @@ data class Permission( 
        @Suppress("DEPRECATION")

        get() = permissionInfo.protectionLevel



    inline val protection: Int

        get() = permissionInfo.protection



    inline val isInternal: Boolean

        get() = permissionInfo.protection == PermissionInfo.PROTECTION_INTERNAL

        get() = protection == PermissionInfo.PROTECTION_INTERNAL



    inline val isNormal: Boolean

        get() = permissionInfo.protection == PermissionInfo.PROTECTION_NORMAL

        get() = protection == PermissionInfo.PROTECTION_NORMAL



    inline val isRuntime: Boolean

        get() = permissionInfo.protection == PermissionInfo.PROTECTION_DANGEROUS

        get() = protection == PermissionInfo.PROTECTION_DANGEROUS



    inline val isSignature: Boolean

        get() = permissionInfo.protection == PermissionInfo.PROTECTION_SIGNATURE

        get() = protection == PermissionInfo.PROTECTION_SIGNATURE



    inline val protectionFlags: Int

        get() = permissionInfo.protectionFlags



    inline val isAppOp: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APPOP)



    inline val isAppPredictor: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_APP_PREDICTOR)



    inline val isCompanion: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_COMPANION)



    inline val isConfigurator: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_CONFIGURATOR)



    inline val isDevelopment: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_DEVELOPMENT)



    inline val isIncidentReportApprover: Boolean

        get() = permissionInfo.protectionFlags

            .hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INCIDENT_REPORT_APPROVER)



    inline val isInstaller: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTALLER)



    inline val isInstant: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_INSTANT)



    inline val isKnownSigner: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER)



    inline val isOem: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM)



    inline val isPre23: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRE23)



    inline val isPreInstalled: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PREINSTALLED)



    inline val isPrivileged: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_PRIVILEGED)



    inline val isRecents: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RECENTS)



    inline val isRetailDemo: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RETAIL_DEMO)



    inline val isRole: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_ROLE)



    inline val isRuntimeOnly: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY)



    inline val isSetup: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SETUP)



    inline val isSystemTextClassifier: Boolean

        get() = permissionInfo.protectionFlags

            .hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER)



    inline val isVendorPrivileged: Boolean

        get() = permissionInfo.protectionFlags

            .hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VENDOR_PRIVILEGED)



    inline val isVerifier: Boolean

        get() = permissionInfo.protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER)

        get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_VERIFIER)



    inline val isHardRestricted: Boolean

        get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_HARD_RESTRICTED)
@@ -133,12 +136,23 @@ data class Permission( 
    inline val isSoftRestricted: Boolean

        get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_SOFT_RESTRICTED)



    inline val isHardOrSoftRestricted: Boolean

        get() = permissionInfo.flags.hasBits(

            PermissionInfo.FLAG_HARD_RESTRICTED or PermissionInfo.FLAG_SOFT_RESTRICTED

        )



    inline val isImmutablyRestricted: Boolean

        get() = permissionInfo.flags.hasBits(PermissionInfo.FLAG_IMMUTABLY_RESTRICTED)



    inline val knownCerts: Set<String>

        get() = permissionInfo.knownCerts



    inline val hasGids: Boolean

        get() = gids.isNotEmpty()



    inline val footprint: Int

        get() = name.length + permissionInfo.calculateFootprint()



    fun getGidsForUser(userId: Int): IntArray =

        if (areGidsPerUser) {

            IntArray(gids.size) { i -> UserHandle.getUid(userId, gids[i]) }

services/permission/java/com/android/server/permission/access/permission/PermissionService.kt

+505 −37

File changed.

Preview size limit exceeded, changes collapsed.

services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt

+32 −14
Original line number Diff line number Diff line
@@ -361,7 +361,7 @@ class UidPermissionPolicy : SchemePolicy() { 
            // Different from the old implementation, which may add an (incomplete) signature

            // permission inside another package's permission tree, we now consistently ignore such

            // permissions.

            val permissionTree = getPermissionTree(permissionName)

            val permissionTree = findPermissionTree(permissionName)

            val newPackageName = newPermissionInfo.packageName

            if (permissionTree != null && newPackageName != permissionTree.packageName) {

                Log.w(
@@ -482,7 +482,7 @@ class UidPermissionPolicy : SchemePolicy() { 
        if (!permission.isDynamic) {

            return permission

        }

        val permissionTree = getPermissionTree(permission.name) ?: return permission

        val permissionTree = findPermissionTree(permission.name) ?: return permission

        @Suppress("DEPRECATION")

        return permission.copy(

            permissionInfo = PermissionInfo(permission.permissionInfo).apply {
@@ -491,18 +491,6 @@ class UidPermissionPolicy : SchemePolicy() { 
        )

    }



    private fun MutateStateScope.getPermissionTree(permissionName: String): Permission? =

        newState.systemState.permissionTrees.firstNotNullOfOrNullIndexed {

            _, permissionTreeName, permissionTree ->

            if (permissionName.startsWith(permissionTreeName) &&

                permissionName.length > permissionTreeName.length &&

                permissionName[permissionTreeName.length] == '.') {

                permissionTree

            } else {

                null

            }

        }



    private fun MutateStateScope.trimPermissionStates(appId: Int) {

        val requestedPermissions = IndexedSet<String>()

        forEachPackageInAppId(appId) {
@@ -1103,6 +1091,26 @@ class UidPermissionPolicy : SchemePolicy() { 
        with(persistence) { this@serializeUserState.serializeUserState(state, userId) }

    }



    fun GetStateScope.getPermissionTrees(): IndexedMap<String, Permission> =

        state.systemState.permissionTrees



    fun GetStateScope.findPermissionTree(permissionName: String): Permission? =

        state.systemState.permissionTrees.firstNotNullOfOrNullIndexed {

                _, permissionTreeName, permissionTree ->

            if (permissionName.startsWith(permissionTreeName) &&

                permissionName.length > permissionTreeName.length &&

                permissionName[permissionTreeName.length] == '.') {

                permissionTree

            } else {

                null

            }

        }



    fun MutateStateScope.addPermissionTree(permission: Permission) {

        newState.systemState.permissionTrees[permission.name] = permission

        newState.systemState.requestWrite()

    }



    /**

     * returns all permission group definitions available in the system

     */
@@ -1115,6 +1123,16 @@ class UidPermissionPolicy : SchemePolicy() { 
    fun GetStateScope.getPermissions(): IndexedMap<String, Permission> =

        state.systemState.permissions



    fun MutateStateScope.addPermission(permission: Permission, sync: Boolean = false) {

        newState.systemState.permissions[permission.name] = permission

        newState.systemState.requestWrite(sync)

    }



    fun MutateStateScope.removePermission(permission: Permission) {

        newState.systemState.permissions -= permission.name

        newState.systemState.requestWrite()

    }



    fun GetStateScope.getUidPermissionFlags(appId: Int, userId: Int): IndexedMap<String, Int>? =

        state.userStates[userId]?.uidPermissionFlags?.get(appId)