Call PermissionEnforcer helper on methods annotated with (9d1359d0) · Commits · e / os / android_frameworks_base

core/java/android/accounts/AbstractAccountAuthenticator.java

+28 −0

Original line number	Diff line number	Diff line
		@@ -154,6 +154,8 @@ public abstract class AbstractAccountAuthenticator {
		public void addAccount(IAccountAuthenticatorResponse response, String accountType,
		String authTokenType, String[] features, Bundle options)
		throws RemoteException {
		super.addAccount_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "addAccount: accountType " + accountType
		+ ", authTokenType " + authTokenType
		@@ -184,6 +186,8 @@ public abstract class AbstractAccountAuthenticator {
		@Override
		public void confirmCredentials(IAccountAuthenticatorResponse response,
		Account account, Bundle options) throws RemoteException {
		super.confirmCredentials_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "confirmCredentials: " + account);
		}
		@@ -210,6 +214,8 @@ public abstract class AbstractAccountAuthenticator {
		public void getAuthTokenLabel(IAccountAuthenticatorResponse response,
		String authTokenType)
		throws RemoteException {
		super.getAuthTokenLabel_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "getAuthTokenLabel: authTokenType " + authTokenType);
		}
		@@ -235,6 +241,8 @@ public abstract class AbstractAccountAuthenticator {
		public void getAuthToken(IAccountAuthenticatorResponse response,
		Account account, String authTokenType, Bundle loginOptions)
		throws RemoteException {
		super.getAuthToken_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "getAuthToken: " + account
		+ ", authTokenType " + authTokenType);
		@@ -262,6 +270,8 @@ public abstract class AbstractAccountAuthenticator {
		@Override
		public void updateCredentials(IAccountAuthenticatorResponse response, Account account,
		String authTokenType, Bundle loginOptions) throws RemoteException {
		super.updateCredentials_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "updateCredentials: " + account
		+ ", authTokenType " + authTokenType);
		@@ -291,6 +301,8 @@ public abstract class AbstractAccountAuthenticator {
		@Override
		public void editProperties(IAccountAuthenticatorResponse response,
		String accountType) throws RemoteException {
		super.editProperties_enforcePermission();

		try {
		final Bundle result = AbstractAccountAuthenticator.this.editProperties(
		new AccountAuthenticatorResponse(response), accountType);
		@@ -306,6 +318,8 @@ public abstract class AbstractAccountAuthenticator {
		@Override
		public void hasFeatures(IAccountAuthenticatorResponse response,
		Account account, String[] features) throws RemoteException {
		super.hasFeatures_enforcePermission();

		try {
		final Bundle result = AbstractAccountAuthenticator.this.hasFeatures(
		new AccountAuthenticatorResponse(response), account, features);
		@@ -321,6 +335,8 @@ public abstract class AbstractAccountAuthenticator {
		@Override
		public void getAccountRemovalAllowed(IAccountAuthenticatorResponse response,
		Account account) throws RemoteException {
		super.getAccountRemovalAllowed_enforcePermission();

		try {
		final Bundle result = AbstractAccountAuthenticator.this.getAccountRemovalAllowed(
		new AccountAuthenticatorResponse(response), account);
		@@ -336,6 +352,8 @@ public abstract class AbstractAccountAuthenticator {
		@Override
		public void getAccountCredentialsForCloning(IAccountAuthenticatorResponse response,
		Account account) throws RemoteException {
		super.getAccountCredentialsForCloning_enforcePermission();

		try {
		final Bundle result =
		AbstractAccountAuthenticator.this.getAccountCredentialsForCloning(
		@@ -353,6 +371,8 @@ public abstract class AbstractAccountAuthenticator {
		public void addAccountFromCredentials(IAccountAuthenticatorResponse response,
		Account account,
		Bundle accountCredentials) throws RemoteException {
		super.addAccountFromCredentials_enforcePermission();

		try {
		final Bundle result =
		AbstractAccountAuthenticator.this.addAccountFromCredentials(
		@@ -371,6 +391,8 @@ public abstract class AbstractAccountAuthenticator {
		public void startAddAccountSession(IAccountAuthenticatorResponse response,
		String accountType, String authTokenType, String[] features, Bundle options)
		throws RemoteException {
		super.startAddAccountSession_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG,
		"startAddAccountSession: accountType " + accountType
		@@ -403,6 +425,8 @@ public abstract class AbstractAccountAuthenticator {
		Account account,
		String authTokenType,
		Bundle loginOptions) throws RemoteException {
		super.startUpdateCredentialsSession_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "startUpdateCredentialsSession: "
		+ account
		@@ -441,6 +465,8 @@ public abstract class AbstractAccountAuthenticator {
		IAccountAuthenticatorResponse response,
		String accountType,
		Bundle sessionBundle) throws RemoteException {
		super.finishSession_enforcePermission();

		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "finishSession: accountType " + accountType);
		}
		@@ -468,6 +494,8 @@ public abstract class AbstractAccountAuthenticator {
		IAccountAuthenticatorResponse response,
		Account account,
		String statusToken) throws RemoteException {
		super.isCredentialsUpdateSuggested_enforcePermission();

		try {
		final Bundle result = AbstractAccountAuthenticator.this
		.isCredentialsUpdateSuggested(

core/java/android/hardware/location/ActivityRecognitionHardware.java

+14 −0

Original line number	Diff line number	Diff line
		@@ -91,12 +91,16 @@ public class ActivityRecognitionHardware extends IActivityRecognitionHardware.St
		@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
		@Override
		public String[] getSupportedActivities() {
		super.getSupportedActivities_enforcePermission();

		return mSupportedActivities;
		}

		@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
		@Override
		public boolean isActivitySupported(String activity) {
		super.isActivitySupported_enforcePermission();

		int activityType = getActivityType(activity);
		return activityType != INVALID_ACTIVITY_TYPE;
		}
		@@ -104,12 +108,16 @@ public class ActivityRecognitionHardware extends IActivityRecognitionHardware.St
		@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
		@Override
		public boolean registerSink(IActivityRecognitionHardwareSink sink) {
		super.registerSink_enforcePermission();

		return mSinks.register(sink);
		}

		@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
		@Override
		public boolean unregisterSink(IActivityRecognitionHardwareSink sink) {
		super.unregisterSink_enforcePermission();

		return mSinks.unregister(sink);
		}

		@@ -117,6 +125,8 @@ public class ActivityRecognitionHardware extends IActivityRecognitionHardware.St
		@Override
		public boolean enableActivityEvent(String activity, int eventType, long reportLatencyNs) {

		super.enableActivityEvent_enforcePermission();

		int activityType = getActivityType(activity);
		if (activityType == INVALID_ACTIVITY_TYPE) {
		return false;
		@@ -134,6 +144,8 @@ public class ActivityRecognitionHardware extends IActivityRecognitionHardware.St
		@Override
		public boolean disableActivityEvent(String activity, int eventType) {

		super.disableActivityEvent_enforcePermission();

		int activityType = getActivityType(activity);
		if (activityType == INVALID_ACTIVITY_TYPE) {
		return false;
		@@ -150,6 +162,8 @@ public class ActivityRecognitionHardware extends IActivityRecognitionHardware.St
		@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
		@Override
		public boolean flush() {
		super.flush_enforcePermission();

		int result = nativeFlush();
		return result == NATIVE_SUCCESS_RESULT;
		}

core/java/android/hardware/location/GeofenceHardwareService.java

+16 −0

Original line number	Diff line number	Diff line
		@@ -79,6 +79,8 @@ public class GeofenceHardwareService extends Service {
		@Override
		public int[] getMonitoringTypes() {

		super.getMonitoringTypes_enforcePermission();

		return mGeofenceHardwareImpl.getMonitoringTypes();
		}

		@@ -86,6 +88,8 @@ public class GeofenceHardwareService extends Service {
		@Override
		public int getStatusOfMonitoringType(int monitoringType) {

		super.getStatusOfMonitoringType_enforcePermission();

		return mGeofenceHardwareImpl.getStatusOfMonitoringType(monitoringType);
		}

		@@ -95,6 +99,8 @@ public class GeofenceHardwareService extends Service {
		int monitoringType,
		GeofenceHardwareRequestParcelable request,
		IGeofenceHardwareCallback callback) {
		super.addCircularFence_enforcePermission();

		checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
		return mGeofenceHardwareImpl.addCircularFence(monitoringType, request, callback);
		}
		@@ -103,6 +109,8 @@ public class GeofenceHardwareService extends Service {
		@Override
		public boolean removeGeofence(int id, int monitoringType) {

		super.removeGeofence_enforcePermission();

		checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
		return mGeofenceHardwareImpl.removeGeofence(id, monitoringType);
		}
		@@ -111,6 +119,8 @@ public class GeofenceHardwareService extends Service {
		@Override
		public boolean pauseGeofence(int id, int monitoringType) {

		super.pauseGeofence_enforcePermission();

		checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
		return mGeofenceHardwareImpl.pauseGeofence(id, monitoringType);
		}
		@@ -119,6 +129,8 @@ public class GeofenceHardwareService extends Service {
		@Override
		public boolean resumeGeofence(int id, int monitoringType, int monitorTransitions) {

		super.resumeGeofence_enforcePermission();

		checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
		return mGeofenceHardwareImpl.resumeGeofence(id, monitoringType, monitorTransitions);
		}
		@@ -128,6 +140,8 @@ public class GeofenceHardwareService extends Service {
		public boolean registerForMonitorStateChangeCallback(int monitoringType,
		IGeofenceHardwareMonitorCallback callback) {

		super.registerForMonitorStateChangeCallback_enforcePermission();

		checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
		return mGeofenceHardwareImpl.registerForMonitorStateChangeCallback(monitoringType,
		callback);
		@@ -138,6 +152,8 @@ public class GeofenceHardwareService extends Service {
		public boolean unregisterForMonitorStateChangeCallback(int monitoringType,
		IGeofenceHardwareMonitorCallback callback) {

		super.unregisterForMonitorStateChangeCallback_enforcePermission();

		checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
		return mGeofenceHardwareImpl.unregisterForMonitorStateChangeCallback(monitoringType,
		callback);

services/core/java/com/android/server/ConsumerIrService.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -92,6 +92,8 @@ public class ConsumerIrService extends IConsumerIrService.Stub {
		@Override
		@EnforcePermission(TRANSMIT_IR)
		public void transmit(String packageName, int carrierFrequency, int[] pattern) {
		super.transmit_enforcePermission();

		long totalXmitTime = 0;

		for (int slice : pattern) {
		@@ -128,6 +130,8 @@ public class ConsumerIrService extends IConsumerIrService.Stub {
		@Override
		@EnforcePermission(TRANSMIT_IR)
		public int[] getCarrierFrequencies() {
		super.getCarrierFrequencies_enforcePermission();

		throwIfNoIrEmitter();

		synchronized(mHalLock) {

services/core/java/com/android/server/DynamicSystemService.java

+26 −0

Original line number	Diff line number	Diff line
		@@ -77,6 +77,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean startInstallation(String dsuSlot) throws RemoteException {
		super.startInstallation_enforcePermission();

		IGsiService service = getGsiService();
		mGsiService = service;
		// priority from high to low: sysprop -> sdcard -> /data
		@@ -124,6 +126,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public int createPartition(String name, long size, boolean readOnly) throws RemoteException {
		super.createPartition_enforcePermission();

		IGsiService service = getGsiService();
		int status = service.createPartition(name, size, readOnly);
		if (status != IGsiService.INSTALL_OK) {
		@@ -135,6 +139,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean closePartition() throws RemoteException {
		super.closePartition_enforcePermission();

		IGsiService service = getGsiService();
		if (service.closePartition() != 0) {
		Slog.i(TAG, "Partition installation completes with error");
		@@ -146,6 +152,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean finishInstallation() throws RemoteException {
		super.finishInstallation_enforcePermission();

		IGsiService service = getGsiService();
		if (service.closeInstall() != 0) {
		Slog.i(TAG, "Failed to finish installation");
		@@ -157,12 +165,16 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public GsiProgress getInstallationProgress() throws RemoteException {
		super.getInstallationProgress_enforcePermission();

		return getGsiService().getInstallProgress();
		}

		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean abort() throws RemoteException {
		super.abort_enforcePermission();

		return getGsiService().cancelGsiInstall();
		}

		@@ -183,12 +195,16 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean isEnabled() throws RemoteException {
		super.isEnabled_enforcePermission();

		return getGsiService().isGsiEnabled();
		}

		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean remove() throws RemoteException {
		super.remove_enforcePermission();

		try {
		GsiServiceCallback callback = new GsiServiceCallback();
		synchronized (callback) {
		@@ -205,6 +221,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean setEnable(boolean enable, boolean oneShot) throws RemoteException {
		super.setEnable_enforcePermission();

		IGsiService gsiService = getGsiService();
		if (enable) {
		try {
		@@ -229,6 +247,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean setAshmem(ParcelFileDescriptor ashmem, long size) {
		super.setAshmem_enforcePermission();

		try {
		return getGsiService().setGsiAshmem(ashmem, size);
		} catch (RemoteException e) {
		@@ -239,6 +259,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean submitFromAshmem(long size) {
		super.submitFromAshmem_enforcePermission();

		try {
		return getGsiService().commitGsiChunkFromAshmem(size);
		} catch (RemoteException e) {
		@@ -249,6 +271,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public boolean getAvbPublicKey(AvbPublicKey dst) {
		super.getAvbPublicKey_enforcePermission();

		try {
		return getGsiService().getAvbPublicKey(dst) == 0;
		} catch (RemoteException e) {
		@@ -259,6 +283,8 @@ public class DynamicSystemService extends IDynamicSystemService.Stub {
		@Override
		@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
		public long suggestScratchSize() throws RemoteException {
		super.suggestScratchSize_enforcePermission();

		return getGsiService().suggestScratchSize();
		}
		}