Loading services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +2 −2 Original line number Diff line number Diff line Loading @@ -4006,8 +4006,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @Override public boolean registerProxyForDisplay(IAccessibilityServiceClient client, int displayId) throws RemoteException { mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE); mSecurityPolicy.checkForAccessibilityPermissionOrRole(); if (client == null) { return false; } Loading Loading @@ -4043,8 +4043,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @Override public boolean unregisterProxyForDisplay(int displayId) { mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE); mSecurityPolicy.checkForAccessibilityPermissionOrRole(); final long identity = Binder.clearCallingIdentity(); try { return mProxyManager.unregisterProxy(displayId); Loading services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java +38 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.accessibility; import static android.accessibilityservice.AccessibilityService.SoftKeyboardController.ENABLE_IME_FAIL_BY_ADMIN; import static android.accessibilityservice.AccessibilityService.SoftKeyboardController.ENABLE_IME_SUCCESS; import static android.companion.AssociationRequest.DEVICE_PROFILE_APP_STREAMING; import android.Manifest; import android.accessibilityservice.AccessibilityService; Loading @@ -25,6 +26,7 @@ import android.accessibilityservice.AccessibilityServiceInfo; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.AppOpsManager; import android.app.role.RoleManager; import android.appwidget.AppWidgetManagerInternal; import android.content.ComponentName; import android.content.Context; Loading Loading @@ -674,6 +676,42 @@ public class AccessibilitySecurityPolicy { } } /** * Throws a SecurityException if the caller has neither the MANAGE_ACCESSIBILITY permission nor * the COMPANION_DEVICE_APP_STREAMING role. */ public void checkForAccessibilityPermissionOrRole() { final boolean canManageAccessibility = mContext.checkCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY) == PackageManager.PERMISSION_GRANTED; if (canManageAccessibility) { return; } final int callingUid = Binder.getCallingUid(); final long identity = Binder.clearCallingIdentity(); try { final RoleManager roleManager = mContext.getSystemService(RoleManager.class); if (roleManager != null) { final List<String> holders = roleManager.getRoleHoldersAsUser( DEVICE_PROFILE_APP_STREAMING, UserHandle.getUserHandleForUid(callingUid)); final String[] packageNames = mPackageManager.getPackagesForUid(callingUid); if (packageNames != null) { for (String packageName : packageNames) { if (holders.contains(packageName)) { return; } } } } throw new SecurityException( "Cannot register a proxy for a device without the " + "android.app.role.COMPANION_DEVICE_APP_STREAMING role or the" + " MANAGE_ACCESSIBILITY permission."); } finally { Binder.restoreCallingIdentity(identity); } } /** * Called after a service was bound or unbound. Checks the current bound accessibility * services and updates alarms. Loading services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java +4 −4 Original line number Diff line number Diff line Loading @@ -290,9 +290,9 @@ public class AccessibilityManagerServiceTest { @SmallTest @Test public void testRegisterProxyWithoutA11yPermission() throws Exception { public void testRegisterProxyWithoutA11yPermissionOrRole() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); .checkForAccessibilityPermissionOrRole(); assertThrows(SecurityException.class, () -> mA11yms.registerProxyForDisplay(mMockServiceClient, TEST_DISPLAY)); Loading Loading @@ -342,9 +342,9 @@ public class AccessibilityManagerServiceTest { @SmallTest @Test public void testUnRegisterProxyWithoutA11yPermission() { public void testUnRegisterProxyWithoutA11yPermissionOrRole() { doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); .checkForAccessibilityPermissionOrRole(); assertThrows(SecurityException.class, () -> mA11yms.unregisterProxyForDisplay(TEST_DISPLAY)); Loading Loading
services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +2 −2 Original line number Diff line number Diff line Loading @@ -4006,8 +4006,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @Override public boolean registerProxyForDisplay(IAccessibilityServiceClient client, int displayId) throws RemoteException { mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE); mSecurityPolicy.checkForAccessibilityPermissionOrRole(); if (client == null) { return false; } Loading Loading @@ -4043,8 +4043,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub @Override public boolean unregisterProxyForDisplay(int displayId) { mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE); mSecurityPolicy.checkForAccessibilityPermissionOrRole(); final long identity = Binder.clearCallingIdentity(); try { return mProxyManager.unregisterProxy(displayId); Loading
services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java +38 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.accessibility; import static android.accessibilityservice.AccessibilityService.SoftKeyboardController.ENABLE_IME_FAIL_BY_ADMIN; import static android.accessibilityservice.AccessibilityService.SoftKeyboardController.ENABLE_IME_SUCCESS; import static android.companion.AssociationRequest.DEVICE_PROFILE_APP_STREAMING; import android.Manifest; import android.accessibilityservice.AccessibilityService; Loading @@ -25,6 +26,7 @@ import android.accessibilityservice.AccessibilityServiceInfo; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.AppOpsManager; import android.app.role.RoleManager; import android.appwidget.AppWidgetManagerInternal; import android.content.ComponentName; import android.content.Context; Loading Loading @@ -674,6 +676,42 @@ public class AccessibilitySecurityPolicy { } } /** * Throws a SecurityException if the caller has neither the MANAGE_ACCESSIBILITY permission nor * the COMPANION_DEVICE_APP_STREAMING role. */ public void checkForAccessibilityPermissionOrRole() { final boolean canManageAccessibility = mContext.checkCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY) == PackageManager.PERMISSION_GRANTED; if (canManageAccessibility) { return; } final int callingUid = Binder.getCallingUid(); final long identity = Binder.clearCallingIdentity(); try { final RoleManager roleManager = mContext.getSystemService(RoleManager.class); if (roleManager != null) { final List<String> holders = roleManager.getRoleHoldersAsUser( DEVICE_PROFILE_APP_STREAMING, UserHandle.getUserHandleForUid(callingUid)); final String[] packageNames = mPackageManager.getPackagesForUid(callingUid); if (packageNames != null) { for (String packageName : packageNames) { if (holders.contains(packageName)) { return; } } } } throw new SecurityException( "Cannot register a proxy for a device without the " + "android.app.role.COMPANION_DEVICE_APP_STREAMING role or the" + " MANAGE_ACCESSIBILITY permission."); } finally { Binder.restoreCallingIdentity(identity); } } /** * Called after a service was bound or unbound. Checks the current bound accessibility * services and updates alarms. Loading
services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java +4 −4 Original line number Diff line number Diff line Loading @@ -290,9 +290,9 @@ public class AccessibilityManagerServiceTest { @SmallTest @Test public void testRegisterProxyWithoutA11yPermission() throws Exception { public void testRegisterProxyWithoutA11yPermissionOrRole() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); .checkForAccessibilityPermissionOrRole(); assertThrows(SecurityException.class, () -> mA11yms.registerProxyForDisplay(mMockServiceClient, TEST_DISPLAY)); Loading Loading @@ -342,9 +342,9 @@ public class AccessibilityManagerServiceTest { @SmallTest @Test public void testUnRegisterProxyWithoutA11yPermission() { public void testUnRegisterProxyWithoutA11yPermissionOrRole() { doThrow(SecurityException.class).when(mMockSecurityPolicy) .enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); .checkForAccessibilityPermissionOrRole(); assertThrows(SecurityException.class, () -> mA11yms.unregisterProxyForDisplay(TEST_DISPLAY)); Loading
