Enforcing CarService privileged permission allow listing (a734919d) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageManagerService.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -5966,7 +5966,8 @@ public class PackageManagerService extends IPackageManager.Stub
		backgroundHandler,
		SYSTEM_PARTITIONS,
		(i, pm) -> new ComponentResolver(i.getUserManagerService(), pm.mPmInternal, lock),
		(i, pm) -> PermissionManagerService.create(context),
		(i, pm) -> PermissionManagerService.create(context,
		i.getSystemConfig().getAvailableFeatures()),
		(i, pm) -> new UserManagerService(context, pm,
		new UserDataPreparer(installer, installLock, context, onlyCore),
		lock),

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+24 −5

Original line number	Diff line number	Diff line
		@@ -69,8 +69,10 @@ import android.app.IActivityManager;
		import android.app.admin.DevicePolicyManagerInternal;
		import android.compat.annotation.ChangeId;
		import android.compat.annotation.EnabledAfter;
		import android.content.AttributionSource;
		import android.content.Context;
		import android.content.pm.ApplicationInfo;
		import android.content.pm.FeatureInfo;
		import android.content.pm.PackageManager;
		import android.content.pm.PackageManager.PermissionGroupInfoFlags;
		import android.content.pm.PackageManager.PermissionInfoFlags;
		@@ -85,7 +87,6 @@ import android.content.pm.parsing.component.ParsedPermissionGroup;
		import android.content.pm.permission.SplitPermissionInfoParcelable;
		import android.metrics.LogMaker;
		import android.os.AsyncTask;
		import android.content.AttributionSource;
		import android.os.Binder;
		import android.os.Build;
		import android.os.Debug;
		@@ -177,6 +178,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {

		private static final long BACKUP_TIMEOUT_MILLIS = SECONDS.toMillis(60);

		// For automotive products, CarService enforces allow-listing of the privileged permissions
		// com.android.car is the package name which declares auto specific permissions
		private static final String CAR_PACKAGE_NAME = "com.android.car";

		/** Cap the size of permission trees that 3rd party apps can define; in characters of text */
		private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768;
		/** Empty array to avoid allocations */
		@@ -210,6 +215,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);
		}

		/** Set of source package names for Privileged Permission Allowlist */
		private final ArraySet<String> mPrivilegedPermissionAllowlistSourcePackageNames =
		new ArraySet<>();

		/** Lock to protect internal data access */
		private final Object mLock = new Object();

		@@ -356,7 +365,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		}
		};

		PermissionManagerService(@NonNull Context context) {
		PermissionManagerService(@NonNull Context context,
		@NonNull ArrayMap<String, FeatureInfo> availableFeatures) {
		// The package info cache is the cache for package and permission information.
		// Disable the package info and package permission caches locally but leave the
		// checkPermission cache active.
		@@ -368,6 +378,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		mUserManagerInt = LocalServices.getService(UserManagerInternal.class);
		mAppOpsManager = context.getSystemService(AppOpsManager.class);

		mPrivilegedPermissionAllowlistSourcePackageNames.add(PLATFORM_PACKAGE_NAME);
		// PackageManager.hasSystemFeature() is not used here because PackageManagerService
		// isn't ready yet.
		if (availableFeatures.containsKey(PackageManager.FEATURE_AUTOMOTIVE)) {
		mPrivilegedPermissionAllowlistSourcePackageNames.add(CAR_PACKAGE_NAME);
		}

		mHandlerThread = new ServiceThread(TAG,
		Process.THREAD_PRIORITY_BACKGROUND, true /allowIo/);
		mHandlerThread.start();
		@@ -422,7 +439,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		* lock created by the permission manager itself.
		*/
		@NonNull
		public static PermissionManagerServiceInternal create(@NonNull Context context) {
		public static PermissionManagerServiceInternal create(@NonNull Context context,
		ArrayMap<String, FeatureInfo> availableFeatures) {
		final PermissionManagerServiceInternal permMgrInt =
		LocalServices.getService(PermissionManagerServiceInternal.class);
		if (permMgrInt != null) {
		@@ -431,7 +449,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		PermissionManagerService permissionService =
		(PermissionManagerService) ServiceManager.getService("permissionmgr");
		if (permissionService == null) {
		permissionService = new PermissionManagerService(context);
		permissionService = new PermissionManagerService(context, availableFeatures);
		ServiceManager.addService("permissionmgr", permissionService);
		}
		return LocalServices.getService(PermissionManagerServiceInternal.class);
		@@ -3308,7 +3326,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		if (!pkg.isPrivileged()) {
		return true;
		}
		if (!Objects.equals(permission.getPackageName(), PLATFORM_PACKAGE_NAME)) {
		if (!mPrivilegedPermissionAllowlistSourcePackageNames
		.contains(permission.getPackageName())) {
		return true;
		}
		final String permissionName = permission.getName();