Merge "Use PermissionManager for broadcast-filter permission check" into main (a18e5b16) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/BroadcastSkipPolicy.java

+54 −25

Original line number	Diff line number	Diff line
		@@ -302,14 +302,8 @@ public class BroadcastSkipPolicy {
		String requiredPermission = r.requiredPermissions[i];
		try {
		if (usePermissionManagerForBroadcastDeliveryCheck()) {
		final PermissionManager permissionManager = getPermissionManager();
		if (permissionManager != null) {
		perm = permissionManager.checkPermissionForDataDelivery(
		perm = checkPermissionForDataDelivery(
		requiredPermission, attributionSource, null /* message */);
		} else {
		// Assume permission denial if PermissionManager is not yet available.
		perm = PackageManager.PERMISSION_DENIED;
		}
		} else {
		perm = AppGlobals.getPackageManager()
		.checkPermission(
		@@ -457,10 +451,33 @@ public class BroadcastSkipPolicy {

		// Check that the receiver has the required permission(s) to receive this broadcast.
		if (r.requiredPermissions != null && r.requiredPermissions.length > 0) {
		final AttributionSource attributionSource;
		if (usePermissionManagerForBroadcastDeliveryCheck()) {
		attributionSource =
		new AttributionSource.Builder(filter.receiverList.uid)
		.setPid(filter.receiverList.pid)
		.setPackageName(filter.packageName)
		.setAttributionTag(filter.featureId)
		.build();
		} else {
		attributionSource = null;
		}
		for (int i = 0; i < r.requiredPermissions.length; i++) {
		String requiredPermission = r.requiredPermissions[i];
		int perm = checkComponentPermission(requiredPermission,
		filter.receiverList.pid, filter.receiverList.uid, -1, true);
		final int perm;
		if (usePermissionManagerForBroadcastDeliveryCheck()) {
		perm = checkPermissionForDataDelivery(
		requiredPermission,
		attributionSource,
		"Broadcast delivered to registered receiver " + filter.receiverId);
		} else {
		perm = checkComponentPermission(
		requiredPermission,
		filter.receiverList.pid,
		filter.receiverList.uid,
		-1 /* owningUid */,
		true /* exported */);
		}
		if (perm != PackageManager.PERMISSION_GRANTED) {
		return "Permission Denial: receiving "
		+ r.intent.toString()
		@@ -471,6 +488,7 @@ public class BroadcastSkipPolicy {
		+ " due to sender " + r.callerPackage
		+ " (uid " + r.callingUid + ")";
		}
		if (!usePermissionManagerForBroadcastDeliveryCheck()) {
		int appOp = AppOpsManager.permissionToOpCode(requiredPermission);
		if (appOp != AppOpsManager.OP_NONE && appOp != r.appOp
		&& mService.getAppOpsManager().noteOpNoThrow(appOp,
		@@ -489,6 +507,7 @@ public class BroadcastSkipPolicy {
		}
		}
		}
		}
		if ((r.requiredPermissions == null \|\| r.requiredPermissions.length == 0)) {
		int perm = checkComponentPermission(null,
		filter.receiverList.pid, filter.receiverList.uid, -1, true);
		@@ -730,4 +749,14 @@ public class BroadcastSkipPolicy {
		}
		return mPermissionManager;
		}

		private int checkPermissionForDataDelivery(
		String permission, AttributionSource attributionSource, String message) {
		final PermissionManager permissionManager = getPermissionManager();
		if (permissionManager != null) {
		return permissionManager.checkPermissionForDataDelivery(
		permission, attributionSource, message);
		}
		return PackageManager.PERMISSION_DENIED;
		}
		}