Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8bd13958 authored by Svet Ganov's avatar Svet Ganov
Browse files

No sensor access to idle UIDs - framework 

Idle UIDs are ones that were in the background for long enough time.
Currently such apps can access sensor data even though they have no
user perceptible components running. This affects the user's privacy
since an app in the background can use sensor data to infer location,
activity, habbits, etc.

The goal is to restrict sensor access for all apps in the ecosystem
regardless of target SDK which means the solution should be backwards
compatible. At the high level the sesnor service observes UID state
changes and applies policy like this:

Continuous sensors: for sensros in this reporting mode when the UID
goes in the background we will stop dispatching events. Once the UID
goes active we will start reporting the events. While this is an
app visible behavior change we would rather do that vs delivering
fake events.

Flush events: there is no change in behavior based on the UID state.
Hence, idle apps can request a flush and would get the completion
callback. From an app perspective flushing works at any point.

Trigger events: for sensors in this reporting mode when the UID
goes in the background we will not report any trigger events. From
an app perspective the sensor just did not pick up any events.

On-change events: for sensors in this reporting mode when the UID
goes in the background we will not report any change events. From
an app perspective the sensor just did not pick up any events.

Wake locks: since UIDs in idle state cannot acquire wakelocks we
will not be grabbing a wakelock on behalf of apps in that state.

Test: Added - SensorTest#testSanitizedContinuousEventsUidIdle
      Added - SensorTest#testBatchAndFlushUidIdle
      Pass - cts-tradefed run cts-dev -m CtsSensorTestCases

bug:63938985

Change-Id: Iee73dc034f5fe7fbea789a3b60db4290757c5052
parent 2bb44413

core/java/android/os/IPermissionController.aidl

+1 −0
Original line number Diff line number Diff line
@@ -22,4 +22,5 @@ interface IPermissionController { 
    boolean checkPermission(String permission, int pid, int uid);

    String[] getPackagesForUid(int uid);

    boolean isRuntimePermission(String permission);

    int getPackageUid(String packageName, int flags);

}

core/res/AndroidManifest.xml

+6 −0
Original line number Diff line number Diff line
@@ -1751,6 +1751,12 @@ 
    <permission android:name="android.permission.SEND_EMBMS_INTENTS"

        android:protectionLevel="signature|privileged" />





    <!-- Allows internal management of the sensor framework

         @hide -->

    <permission android:name="android.permission.MANAGE_SENSORS"

        android:protectionLevel="signature" />



    <!-- Must be required by an ImsService to ensure that only the

         system can bind to it.

         <p>Protection level: signature|privileged

packages/Shell/AndroidManifest.xml

+1 −0
Original line number Diff line number Diff line
@@ -135,6 +135,7 @@ 
    <uses-permission android:name="android.permission.RESTRICTED_VR_ACCESS" />

    <uses-permission android:name="android.permission.MANAGE_BIND_INSTANT_SERVICE" />

    <uses-permission android:name="android.permission.SET_HARMFUL_APP_WARNINGS" />

    <uses-permission android:name="android.permission.MANAGE_SENSORS" />



    <application android:label="@string/app_label"

                 android:defaultToDeviceProtectedStorage="true"

services/core/java/com/android/server/am/ActivityManagerService.java

+10 −0
Original line number Diff line number Diff line
@@ -8599,6 +8599,16 @@ public class ActivityManagerService extends IActivityManager.Stub 
            }

            return false;

        }













        @Override













        public int getPackageUid(String packageName, int flags) {













            try {













                return mActivityManagerService.mContext.getPackageManager()













                        .getPackageUid(packageName, flags);













            } catch (NameNotFoundException nnfe) {













                return -1;













            }













        }















    }





























    class IntentFirewallInterface implements IntentFirewall.AMSInterface {

























tests/permission/src/com/android/framework/permission/tests/ServiceManagerPermissionTests.java



+5
−0




























Original line number
Diff line number
Diff line








@@ -62,6 +62,11 @@ public class ServiceManagerPermissionTests extends TestCase {













                public boolean isRuntimePermission(String permission) {















                    return false;















                }



























                @Override













                public int getPackageUid(String packageName, int flags) {













                    return -1;













                }















            };















            ServiceManagerNative.asInterface(BinderInternal.getContextObject())















                    .setPermissionController(pc);