Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8cff8b93 authored by Philip P. Moltmann's avatar Philip P. Moltmann
Browse files

Use multi-field logs to log permissions 

Before this change each permission+action combo had it's own ID. This
was very fragile and did not work for non-system permissions.

Now the action is the log-type and the permission is just a field in the
log.

Test: Used API 23 and API 26 apps to grant and revoke permission and
      confirmed logs are as expected

Change-Id: I51f038dd7ab0a9ea269cafca23bfe3e5b181feb1
parent 46fabf34

proto/src/metrics_constants.proto

+150 −248

File changed.

Preview size limit exceeded, changes collapsed.

services/core/java/com/android/server/pm/PackageManagerService.java

+0 −91
Original line number Original line Diff line number Diff line
@@ -574,37 +574,6 @@ public class PackageManagerService extends IPackageManager.Stub 
















    public static final int REASON_LAST = REASON_SHARED;







    public static final int REASON_LAST = REASON_SHARED;



























    /** All dangerous permission names in the same order as the events in MetricsEvent */














    private static final List<String> ALL_DANGEROUS_PERMISSIONS = Arrays.asList(














            Manifest.permission.READ_CALENDAR,














            Manifest.permission.WRITE_CALENDAR,














            Manifest.permission.CAMERA,














            Manifest.permission.READ_CONTACTS,














            Manifest.permission.WRITE_CONTACTS,














            Manifest.permission.GET_ACCOUNTS,














            Manifest.permission.ACCESS_FINE_LOCATION,














            Manifest.permission.ACCESS_COARSE_LOCATION,














            Manifest.permission.RECORD_AUDIO,














            Manifest.permission.READ_PHONE_STATE,














            Manifest.permission.CALL_PHONE,














            Manifest.permission.READ_CALL_LOG,














            Manifest.permission.WRITE_CALL_LOG,














            Manifest.permission.ADD_VOICEMAIL,














            Manifest.permission.USE_SIP,














            Manifest.permission.PROCESS_OUTGOING_CALLS,














            Manifest.permission.READ_CELL_BROADCASTS,














            Manifest.permission.BODY_SENSORS,














            Manifest.permission.SEND_SMS,














            Manifest.permission.RECEIVE_SMS,














            Manifest.permission.READ_SMS,














            Manifest.permission.RECEIVE_WAP_PUSH,














            Manifest.permission.RECEIVE_MMS,














            Manifest.permission.READ_EXTERNAL_STORAGE,














            Manifest.permission.WRITE_EXTERNAL_STORAGE,














            Manifest.permission.READ_PHONE_NUMBERS,














            Manifest.permission.ANSWER_PHONE_CALLS);








































    /**







    /**











     * Version number for the package parser cache. Increment this whenever the format or







     * Version number for the package parser cache. Increment this whenever the format or











     * extent of cached data changes. See {@code PackageParser#setCacheDir}.







     * extent of cached data changes. See {@code PackageParser#setCacheDir}.










@@ -5176,66 +5145,6 @@ public class PackageManagerService extends IPackageManager.Stub









                getCallingUid(), userId, mPermissionCallback);







                getCallingUid(), userId, mPermissionCallback);











    }







    }



























    /**














     * Get the first event id for the permission.














     *














     * <p>There are four events for each permission: <ul>














     *     <li>Request permission: first id + 0</li>














     *     <li>Grant permission: first id + 1</li>














     *     <li>Request for permission denied: first id + 2</li>














     *     <li>Revoke permission: first id + 3</li>














     * </ul></p>














     *














     * @param name name of the permission














     *














     * @return The first event id for the permission














     */














    private static int getBaseEventId(@NonNull String name) {














        int eventIdIndex = ALL_DANGEROUS_PERMISSIONS.indexOf(name);



























        if (eventIdIndex == -1) {














            if (AppOpsManager.permissionToOpCode(name) == AppOpsManager.OP_NONE














                    || Build.IS_USER) {














                Log.i(TAG, "Unknown permission " + name);



























                return MetricsEvent.ACTION_PERMISSION_REQUEST_UNKNOWN;














            } else {














                // Most likely #ALL_DANGEROUS_PERMISSIONS needs to be updated.














                //














                // Also update














                // - EventLogger#ALL_DANGEROUS_PERMISSIONS














                // - metrics_constants.proto














                throw new IllegalStateException("Unknown permission " + name);














            }














        }



























        return MetricsEvent.ACTION_PERMISSION_REQUEST_READ_CALENDAR + eventIdIndex * 4;














    }



























    /**














     * Log that a permission was revoked.














     *














     * @param context Context of the caller














     * @param name name of the permission














     * @param packageName package permission if for














     */














    private static void logPermissionRevoked(@NonNull Context context, @NonNull String name,














            @NonNull String packageName) {














        MetricsLogger.action(context, getBaseEventId(name) + 3, packageName);














    }



























    /**














     * Log that a permission request was granted.














     *














     * @param context Context of the caller














     * @param name name of the permission














     * @param packageName package permission if for














     */














    private static void logPermissionGranted(@NonNull Context context, @NonNull String name,














            @NonNull String packageName) {














        MetricsLogger.action(context, getBaseEventId(name) + 1, packageName);














    }



























    @Override







    @Override











    public void resetRuntimePermissions() {







    public void resetRuntimePermissions() {











        mContext.enforceCallingOrSelfPermission(







        mContext.enforceCallingOrSelfPermission(

























services/core/java/com/android/server/pm/permission/PermissionManagerService.java



+12
−85




























Original line number
Original line
Diff line number
Diff line








@@ -37,6 +37,7 @@ import android.content.pm.PackageParser;









import android.content.pm.PermissionGroupInfo;







import android.content.pm.PermissionGroupInfo;











import android.content.pm.PermissionInfo;







import android.content.pm.PermissionInfo;











import android.content.pm.PackageParser.Package;







import android.content.pm.PackageParser.Package;














import android.metrics.LogMaker;











import android.os.Binder;







import android.os.Binder;











import android.os.Build;







import android.os.Build;











import android.os.Handler;







import android.os.Handler;










@@ -92,36 +93,6 @@ import java.util.Set;









public class PermissionManagerService {







public class PermissionManagerService {











    private static final String TAG = "PackageManager";







    private static final String TAG = "PackageManager";































    /** All dangerous permission names in the same order as the events in MetricsEvent */














    private static final List<String> ALL_DANGEROUS_PERMISSIONS = Arrays.asList(














            Manifest.permission.READ_CALENDAR,














            Manifest.permission.WRITE_CALENDAR,














            Manifest.permission.CAMERA,














            Manifest.permission.READ_CONTACTS,














            Manifest.permission.WRITE_CONTACTS,














            Manifest.permission.GET_ACCOUNTS,














            Manifest.permission.ACCESS_FINE_LOCATION,














            Manifest.permission.ACCESS_COARSE_LOCATION,














            Manifest.permission.RECORD_AUDIO,














            Manifest.permission.READ_PHONE_STATE,














            Manifest.permission.CALL_PHONE,














            Manifest.permission.READ_CALL_LOG,














            Manifest.permission.WRITE_CALL_LOG,














            Manifest.permission.ADD_VOICEMAIL,














            Manifest.permission.USE_SIP,














            Manifest.permission.PROCESS_OUTGOING_CALLS,














            Manifest.permission.READ_CELL_BROADCASTS,














            Manifest.permission.BODY_SENSORS,














            Manifest.permission.SEND_SMS,














            Manifest.permission.RECEIVE_SMS,














            Manifest.permission.READ_SMS,














            Manifest.permission.RECEIVE_WAP_PUSH,














            Manifest.permission.RECEIVE_MMS,














            Manifest.permission.READ_EXTERNAL_STORAGE,














            Manifest.permission.WRITE_EXTERNAL_STORAGE,














            Manifest.permission.READ_PHONE_NUMBERS,














            Manifest.permission.ANSWER_PHONE_CALLS);





























    /** Permission grant: not grant the permission. */







    /** Permission grant: not grant the permission. */











    private static final int GRANT_DENIED = 1;







    private static final int GRANT_DENIED = 1;











    /** Permission grant: grant the permission as an install permission. */







    /** Permission grant: grant the permission as an install permission. */










@@ -160,6 +131,7 @@ public class PermissionManagerService {









    private final HandlerThread mHandlerThread;







    private final HandlerThread mHandlerThread;











    private final Handler mHandler;







    private final Handler mHandler;











    private final Context mContext;







    private final Context mContext;














    private final MetricsLogger mMetricsLogger = new MetricsLogger();































    /** Internal storage for permissions and related settings */







    /** Internal storage for permissions and related settings */











    @GuardedBy("mLock")







    @GuardedBy("mLock")










@@ -1386,7 +1358,7 @@ Slog.e(TAG, "TODD: Packages: " + Arrays.toString(packages));









        }







        }































        if (bp.isRuntime()) {







        if (bp.isRuntime()) {











            logPermissionGranted(mContext, permName, packageName);







            logPermission(MetricsEvent.ACTION_PERMISSION_GRANTED, permName, packageName);











        }







        }































        if (callback != null) {







        if (callback != null) {










@@ -1484,7 +1456,7 @@ Slog.e(TAG, "TODD: Packages: " + Arrays.toString(packages));









        }







        }































        if (bp.isRuntime()) {







        if (bp.isRuntime()) {











            logPermissionRevoked(mContext, permName, packageName);







            logPermission(MetricsEvent.ACTION_PERMISSION_REVOKED, permName, packageName);











        }







        }































        if (callback != null) {







        if (callback != null) {










@@ -1938,63 +1910,18 @@ Slog.e(TAG, "TODD: Packages: " + Arrays.toString(packages));









    }







    }































    /**







    /**











     * Get the first event id for the permission.







     * Log that a permission request was granted/revoked.











     *














     * <p>There are four events for each permission: <ul>














     *     <li>Request permission: first id + 0</li>














     *     <li>Grant permission: first id + 1</li>














     *     <li>Request for permission denied: first id + 2</li>














     *     <li>Revoke permission: first id + 3</li>














     * </ul></p>














     *














     * @param name name of the permission














     *














     * @return The first event id for the permission














     */














    private static int getBaseEventId(@NonNull String name) {














        int eventIdIndex = ALL_DANGEROUS_PERMISSIONS.indexOf(name);





























        if (eventIdIndex == -1) {














            if (AppOpsManager.permissionToOpCode(name) == AppOpsManager.OP_NONE














                    || Build.IS_USER) {














                Log.i(TAG, "Unknown permission " + name);





























                return MetricsEvent.ACTION_PERMISSION_REQUEST_UNKNOWN;














            } else {














                // Most likely #ALL_DANGEROUS_PERMISSIONS needs to be updated.














                //














                // Also update














                // - EventLogger#ALL_DANGEROUS_PERMISSIONS














                // - metrics_constants.proto














                throw new IllegalStateException("Unknown permission " + name);














            }














        }





























        return MetricsEvent.ACTION_PERMISSION_REQUEST_READ_CALENDAR + eventIdIndex * 4;














    }





























    /**














     * Log that a permission was revoked.














     *







     *











     * @param context Context of the caller







     * @param action the action performed











     * @param name name of the permission







     * @param name name of the permission











     * @param packageName package permission if for







     * @param packageName package permission is for











     */







     */











    private static void logPermissionRevoked(@NonNull Context context, @NonNull String name,







    private void logPermission(int action, @NonNull String name, @NonNull String packageName) {











            @NonNull String packageName) {







        final LogMaker log = new LogMaker(action);











        MetricsLogger.action(context, getBaseEventId(name) + 3, packageName);







        log.setPackageName(packageName);











    }







        log.addTaggedData(MetricsEvent.FIELD_PERMISSION, name);































    /**







        mMetricsLogger.write(log);











     * Log that a permission request was granted.














     *














     * @param context Context of the caller














     * @param name name of the permission














     * @param packageName package permission if for














     */














    private static void logPermissionGranted(@NonNull Context context, @NonNull String name,














            @NonNull String packageName) {














        MetricsLogger.action(context, getBaseEventId(name) + 1, packageName);














    }







    }































    private class PermissionManagerInternalImpl extends PermissionManagerInternal {







    private class PermissionManagerInternalImpl extends PermissionManagerInternal {