Merge "[CDM] Throw SecurityException when the caller can't access the associations" into main (af14f0af) · Commits · e / os / android_frameworks_base

services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java

+0 −7

Original line number	Diff line number	Diff line
		@@ -34,7 +34,6 @@ import static com.android.internal.util.function.pooled.PooledLambda.obtainMessa
		import static com.android.server.companion.utils.PackageUtils.enforceUsesCompanionDeviceFeature;
		import static com.android.server.companion.utils.PackageUtils.getPackageInfo;
		import static com.android.server.companion.utils.PackageUtils.isRestrictedSettingsAllowed;
		import static com.android.server.companion.utils.PermissionsUtils.checkCallerCanManageCompanionDevice;
		import static com.android.server.companion.utils.PermissionsUtils.enforceCallerCanManageAssociationsForPackage;
		import static com.android.server.companion.utils.PermissionsUtils.enforceCallerIsSystemOr;
		import static com.android.server.companion.utils.PermissionsUtils.enforceCallerIsSystemOrCanInteractWithUserId;
		@@ -335,12 +334,6 @@ public class CompanionDeviceManagerService extends SystemService {
		enforceCallerCanManageAssociationsForPackage(getContext(), userId, packageName,
		"get associations");

		if (!checkCallerCanManageCompanionDevice(getContext())) {
		// If the caller neither is system nor holds MANAGE_COMPANION_DEVICES: it needs to
		// request the feature (also: the caller is the app itself).
		enforceUsesCompanionDeviceFeature(getContext(), userId, packageName);
		}

		return mAssociationStore.getActiveAssociationsByPackage(userId, packageName);
		}

services/companion/java/com/android/server/companion/association/AssociationRequestsProcessor.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -347,6 +347,8 @@ public class AssociationRequestsProcessor {
		* Set association tag.
		*/
		public void setAssociationTag(int associationId, String tag) {
		Slog.i(TAG, "Setting association tag=[" + tag + "] to id=[" + associationId + "]...");

		AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);
		association = (new AssociationInfo.Builder(association)).setTag(tag).build();

services/companion/java/com/android/server/companion/association/AssociationStore.java

+8 −8

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ package com.android.server.companion.association;

		import static com.android.server.companion.utils.MetricUtils.logCreateAssociation;
		import static com.android.server.companion.utils.MetricUtils.logRemoveAssociation;
		import static com.android.server.companion.utils.PermissionsUtils.checkCallerCanManageAssociationsForPackage;
		import static com.android.server.companion.utils.PermissionsUtils.enforceCallerCanManageAssociationsForPackage;

		import android.annotation.IntDef;
		import android.annotation.NonNull;
		@@ -457,6 +457,10 @@ public class AssociationStore {

		/**
		* Get association by id with caller checks.
		*
		* If the association is not found, an IllegalArgumentException would be thrown.
		*
		* If the caller can't access the association, a SecurityException would be thrown.
		*/
		@NonNull
		public AssociationInfo getAssociationWithCallerChecks(int associationId) {
		@@ -466,15 +470,11 @@ public class AssociationStore {
		"getAssociationWithCallerChecks() Association id=[" + associationId
		+ "] doesn't exist.");
		}
		if (checkCallerCanManageAssociationsForPackage(mContext, association.getUserId(),
		association.getPackageName())) {
		enforceCallerCanManageAssociationsForPackage(mContext, association.getUserId(),
		association.getPackageName(), null);
		return association;
		}

		throw new IllegalArgumentException(
		"The caller can't interact with the association id=[" + associationId + "].");
		}

		/**
		* Register a local listener for association changes.
		*/

services/companion/java/com/android/server/companion/association/DisassociationProcessor.java

+0 −1

Original line number	Diff line number	Diff line
		@@ -98,7 +98,6 @@ public class DisassociationProcessor {
		Slog.i(TAG, "Disassociating id=[" + id + "]...");

		final AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(id);

		final int userId = association.getUserId();
		final String packageName = association.getPackageName();
		final String deviceProfile = association.getDeviceProfile();

services/companion/java/com/android/server/companion/datatransfer/SystemDataTransferProcessor.java

+15 −9

Original line number	Diff line number	Diff line
		@@ -122,7 +122,6 @@ public class SystemDataTransferProcessor {
		*/
		public boolean isPermissionTransferUserConsented(int associationId) {
		mAssociationStore.getAssociationWithCallerChecks(associationId);

		PermissionSyncRequest request = getPermissionSyncRequest(associationId);
		if (request == null) {
		return false;
		@@ -147,12 +146,12 @@ public class SystemDataTransferProcessor {
		return null;
		}

		final AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);

		Slog.i(LOG_TAG, "Creating permission sync intent for userId [" + userId
		+ "] associationId [" + associationId + "]");

		final AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);

		// Create an internal intent to launch the user consent dialog
		final Bundle extras = new Bundle();
		PermissionSyncRequest request = new PermissionSyncRequest(associationId);
		@@ -220,7 +219,9 @@ public class SystemDataTransferProcessor {
		* Enable perm sync for the association
		*/
		public void enablePermissionsSync(int associationId) {
		int userId = mAssociationStore.getAssociationWithCallerChecks(associationId).getUserId();
		AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);
		int userId = association.getUserId();
		PermissionSyncRequest request = new PermissionSyncRequest(associationId);
		request.setUserConsented(true);
		mSystemDataTransferRequestStore.writeRequest(userId, request);
		@@ -230,7 +231,9 @@ public class SystemDataTransferProcessor {
		* Disable perm sync for the association
		*/
		public void disablePermissionsSync(int associationId) {
		int userId = mAssociationStore.getAssociationWithCallerChecks(associationId).getUserId();
		AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);
		int userId = association.getUserId();
		PermissionSyncRequest request = new PermissionSyncRequest(associationId);
		request.setUserConsented(false);
		mSystemDataTransferRequestStore.writeRequest(userId, request);
		@@ -241,8 +244,9 @@ public class SystemDataTransferProcessor {
		*/
		@Nullable
		public PermissionSyncRequest getPermissionSyncRequest(int associationId) {
		int userId = mAssociationStore.getAssociationWithCallerChecks(associationId)
		.getUserId();
		AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);
		int userId = association.getUserId();
		List<SystemDataTransferRequest> requests =
		mSystemDataTransferRequestStore.readRequestsByAssociationId(userId,
		associationId);
		@@ -259,7 +263,9 @@ public class SystemDataTransferProcessor {
		*/
		public void removePermissionSyncRequest(int associationId) {
		Binder.withCleanCallingIdentity(() -> {
		int userId = mAssociationStore.getAssociationById(associationId).getUserId();
		AssociationInfo association = mAssociationStore.getAssociationWithCallerChecks(
		associationId);
		int userId = association.getUserId();
		mSystemDataTransferRequestStore.removeRequestsByAssociationId(userId, associationId);
		});
		}