Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8ac2e966 authored by mrulhania's avatar mrulhania Committed by Manjeet Rulhania
Browse files

device aware self revoke and one time session timeout 

Bug: 283978092
Test: atest RevokeSelfPermissionTest
Test: atest OneTimePermissionTest
Test: atest DevicePermissionsTest

Change-Id: I0adef572133a288c17e43b3e1b8adcf53ff68114
parent a9730092

core/api/system-current.txt

+4 −2
Original line number Diff line number Diff line
@@ -10635,12 +10635,14 @@ package android.permission { 
    method @BinderThread public abstract void onGetRuntimePermissionsBackup(@NonNull android.os.UserHandle, @NonNull java.io.OutputStream, @NonNull Runnable);

    method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_APP_HIBERNATION) public void onGetUnusedAppCount(@NonNull java.util.function.IntConsumer);

    method @BinderThread public abstract void onGrantOrUpgradeDefaultRuntimePermissions(@NonNull Runnable);

    method @BinderThread public void onOneTimePermissionSessionTimeout(@NonNull String);

    method @Deprecated @BinderThread public void onOneTimePermissionSessionTimeout(@NonNull String);

    method @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS) @BinderThread public void onOneTimePermissionSessionTimeout(@NonNull String, int);

    method @Deprecated @BinderThread public void onRestoreDelayedRuntimePermissionsBackup(@NonNull String, @NonNull android.os.UserHandle, @NonNull java.util.function.Consumer<java.lang.Boolean>);

    method @Deprecated @BinderThread public void onRestoreRuntimePermissionsBackup(@NonNull android.os.UserHandle, @NonNull java.io.InputStream, @NonNull Runnable);

    method @BinderThread public abstract void onRevokeRuntimePermission(@NonNull String, @NonNull String, @NonNull Runnable);

    method @BinderThread public abstract void onRevokeRuntimePermissions(@NonNull java.util.Map<java.lang.String,java.util.List<java.lang.String>>, boolean, int, @NonNull String, @NonNull java.util.function.Consumer<java.util.Map<java.lang.String,java.util.List<java.lang.String>>>);

    method @BinderThread public void onRevokeSelfPermissionsOnKill(@NonNull String, @NonNull java.util.List<java.lang.String>, @NonNull Runnable);

    method @Deprecated @BinderThread public void onRevokeSelfPermissionsOnKill(@NonNull String, @NonNull java.util.List<java.lang.String>, @NonNull Runnable);

    method @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS) @BinderThread public void onRevokeSelfPermissionsOnKill(@NonNull String, @NonNull java.util.List<java.lang.String>, int, @NonNull Runnable);

    method @Deprecated @BinderThread public abstract void onSetRuntimePermissionGrantStateByDeviceAdmin(@NonNull String, @NonNull String, @NonNull String, int, @NonNull java.util.function.Consumer<java.lang.Boolean>);

    method @BinderThread public void onSetRuntimePermissionGrantStateByDeviceAdmin(@NonNull String, @NonNull android.permission.AdminPermissionControlParams, @NonNull java.util.function.Consumer<java.lang.Boolean>);

    method @BinderThread public void onStageAndApplyRuntimePermissionsBackup(@NonNull android.os.UserHandle, @NonNull java.io.InputStream, @NonNull Runnable);

core/java/android/permission/IPermissionController.aidl

+2 −2
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ oneway interface IPermissionController { 
    void setRuntimePermissionGrantStateByDeviceAdminFromParams(String callerPackageName,

            in AdminPermissionControlParams params, in AndroidFuture callback);

    void grantOrUpgradeDefaultRuntimePermissions(in AndroidFuture callback);

    void notifyOneTimePermissionSessionTimeout(String packageName);

    void notifyOneTimePermissionSessionTimeout(String packageName, int deviceId);

    void updateUserSensitiveForApp(int uid, in AndroidFuture callback);

    void getPrivilegesDescriptionStringForProfile(

            in String deviceProfileName,
@@ -60,5 +60,5 @@ oneway interface IPermissionController { 
                in String packageName,

                in AndroidFuture callback);

    void revokeSelfPermissionsOnKill(in String packageName, in List<String> permissions,

            in AndroidFuture callback);

        int deviceId, in AndroidFuture callback);

}

core/java/android/permission/IPermissionManager.aidl

+1 −1
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ interface IPermissionManager { 
    List<SplitPermissionInfoParcelable> getSplitPermissions();



    @EnforcePermission("MANAGE_ONE_TIME_PERMISSION_SESSIONS")

    void startOneTimePermissionSession(String packageName, int userId, long timeout,

    void startOneTimePermissionSession(String packageName, int deviceId, int userId, long timeout,

            long revokeAfterKilledDelay);



    @EnforcePermission("MANAGE_ONE_TIME_PERMISSION_SESSIONS")

core/java/android/permission/PermissionControllerManager.java

+9 −6
Original line number Diff line number Diff line
@@ -764,13 +764,14 @@ public final class PermissionControllerManager { 
     * inactive.

     *

     * @param packageName The package which became inactive

     *

     * @param deviceId The device ID refers either the primary device i.e. the phone or

     *                 a virtual device. See {@link Context#DEVICE_ID_DEFAULT}

     * @hide

     */

    @RequiresPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS)

    public void notifyOneTimePermissionSessionTimeout(@NonNull String packageName) {

        mRemoteService.run(

                service -> service.notifyOneTimePermissionSessionTimeout(packageName));

    public void notifyOneTimePermissionSessionTimeout(@NonNull String packageName, int deviceId) {

        mRemoteService.run(service -> service.notifyOneTimePermissionSessionTimeout(

                packageName, deviceId));

    }



    /**
@@ -930,12 +931,14 @@ public final class PermissionControllerManager { 
            @NonNull List<String> permissions) {

        mRemoteService.postAsync(service -> {

            AndroidFuture<Void> callback = new AndroidFuture<>();

            service.revokeSelfPermissionsOnKill(packageName, permissions, callback);

            service.revokeSelfPermissionsOnKill(packageName, permissions, mContext.getDeviceId(),

                    callback);

            return callback;

        }).whenComplete((result, err) -> {

            if (err != null) {

                Log.e(TAG, "Failed to self revoke " + String.join(",", permissions)

                        + " for package " + packageName, err);

                        + " for package " + packageName + ", and device " + mContext.getDeviceId(),

                        err);

            }

        });

    }

core/java/android/permission/PermissionControllerService.java

+56 −4
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ import static com.android.internal.util.Preconditions.checkStringNotEmpty; 


import android.Manifest;

import android.annotation.BinderThread;

import android.annotation.FlaggedApi;

import android.annotation.NonNull;

import android.annotation.RequiresPermission;

import android.annotation.SystemApi;
@@ -37,6 +38,7 @@ import android.app.Service; 
import android.app.admin.DevicePolicyManager.PermissionGrantState;

import android.compat.annotation.ChangeId;

import android.compat.annotation.Disabled;

import android.content.Context;

import android.content.Intent;

import android.content.pm.PackageInfo;

import android.content.pm.PackageManager;
@@ -46,6 +48,7 @@ import android.os.IBinder; 
import android.os.ParcelFileDescriptor;

import android.os.UserHandle;

import android.permission.PermissionControllerManager.CountPermissionAppsFlag;

import android.permission.flags.Flags;

import android.util.ArrayMap;

import android.util.Log;
@@ -296,12 +299,31 @@ public abstract class PermissionControllerService extends Service { 
     * This method is called at the end of a one-time permission session

     *

     * @param packageName The package that has been inactive

     *

     * @deprecated Implement {@link #onOneTimePermissionSessionTimeout(String, int)} instead.

     */

    @Deprecated

    @BinderThread

    public void onOneTimePermissionSessionTimeout(@NonNull String packageName) {

        throw new AbstractMethodError("Must be overridden in implementing class");

    }



    /**

     * Called when a package is considered inactive based on the criteria given by

     * {@link PermissionManager#startOneTimePermissionSession(String, long, long, int, int)}.

     * This method is called at the end of a one-time permission session

     *

     * @param packageName The package that has been inactive

     * @param deviceId The device ID refers either the primary device i.e. the phone or

     *                 a virtual device. See {@link Context#DEVICE_ID_DEFAULT}

     */

    @BinderThread

    @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS)

    public void onOneTimePermissionSessionTimeout(@NonNull String packageName,

            int deviceId) {

        onOneTimePermissionSessionTimeout(packageName);

    }



    /**

     * Get the platform permissions which belong to a particular permission group

     *
@@ -341,13 +363,42 @@ public abstract class PermissionControllerService extends Service { 
     * @param callback Callback waiting for operation to be complete.

     *

     * @see android.content.Context#revokeSelfPermissionsOnKill(java.util.Collection)

     *

     * @deprecated Implement {@link #onRevokeSelfPermissionsOnKill(String, List, int, Runnable)}

     * instead.

     */

    @Deprecated

    @BinderThread

    public void onRevokeSelfPermissionsOnKill(@NonNull String packageName,

            @NonNull List<String> permissions, @NonNull Runnable callback) {

        throw new AbstractMethodError("Must be overridden in implementing class");

    }



    /**

     * Triggers the revocation of one or more permissions for a package and device.

     * This should only be called at the request of {@code packageName}.

     * <p>

     * Background permissions which have no corresponding foreground permission still granted once

     * the revocation is effective will also be revoked.

     * <p>

     * This revocation happens asynchronously and kills all processes running in the same UID as

     * {@code packageName}. It will be triggered once it is safe to do so.

     *

     * @param packageName The name of the package for which the permissions will be revoked.

     * @param permissions List of permissions to be revoked.

     * @param deviceId The device ID refers either the primary device i.e. the phone or

     *                 a virtual device. See {@link Context#DEVICE_ID_DEFAULT}

     * @param callback Callback waiting for operation to be complete.

     *

     * @see android.content.Context#revokeSelfPermissionsOnKill(java.util.Collection)

     */

    @BinderThread

    @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS)

    public void onRevokeSelfPermissionsOnKill(@NonNull String packageName,

            @NonNull List<String> permissions, int deviceId, @NonNull Runnable callback) {

        onRevokeSelfPermissionsOnKill(packageName, permissions, callback);

    }



    // TODO(b/272129940): Remove this API and device profile role description when we drop T

    //  support.

    /**
@@ -613,12 +664,12 @@ public abstract class PermissionControllerService extends Service { 
            }



            @Override

            public void notifyOneTimePermissionSessionTimeout(String packageName) {

            public void notifyOneTimePermissionSessionTimeout(String packageName, int deviceId) {

                enforceSomePermissionsGrantedToCaller(

                        Manifest.permission.REVOKE_RUNTIME_PERMISSIONS);

                packageName = Preconditions.checkNotNull(packageName,

                        "packageName cannot be null");

                onOneTimePermissionSessionTimeout(packageName);

                onOneTimePermissionSessionTimeout(packageName, deviceId);

            }



            @Override
@@ -710,7 +761,8 @@ public abstract class PermissionControllerService extends Service { 


            @Override

            public void revokeSelfPermissionsOnKill(@NonNull String packageName,

                    @NonNull List<String> permissions, @NonNull AndroidFuture callback) {

                    @NonNull List<String> permissions, int deviceId,

                    @NonNull AndroidFuture callback) {

                try {

                    Objects.requireNonNull(callback);
@@ -721,7 +773,7 @@ public abstract class PermissionControllerService extends Service { 
                        enforceSomePermissionsGrantedToCaller(

                                Manifest.permission.REVOKE_RUNTIME_PERMISSIONS);

                    }

                    onRevokeSelfPermissionsOnKill(packageName, permissions,

                    onRevokeSelfPermissionsOnKill(packageName, permissions, deviceId,

                            () -> callback.complete(null));

                } catch (Throwable t) {

                    callback.completeExceptionally(t);