Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af19a09a authored by mattgilbride's avatar mattgilbride
Browse files

Add @PermissionName annotation to complement @PermissionMethod 

For use by static analysis, @PermissionMethod documents
the methods in the platform that perform permission "checks" (e.g.
context.enforceCallingOrSelfPermission).

@PermissionName denotes that the annoated String is a permission name.
It is typically used to annotate the argument to a @PermissionMethod
that is the permission value.  This is consumed by static analysis, for
example when helper methods wrap @PermissionMethod calls to pass a hard
coded permission value e.g. "enforceAudioSettingsPermission".

See: go/enforcepermission-migration-design
Bug: 247537842
Test: Tested manually, ultimately will be tested in presubmit (atest
AndroidFrameworkLintCheckerTest, see b/240445172)

Change-Id: I811ae923de62046e782ec7b109a0f99483dab4b2
parent 4b3b29f0

core/java/android/app/ActivityManagerInternal.java

+2 −1
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ import android.content.pm.ActivityInfo; 
import android.content.pm.ActivityPresentationInfo;

import android.content.pm.ApplicationInfo;

import android.content.pm.PermissionMethod;

import android.content.pm.PermissionName;

import android.content.pm.UserInfo;

import android.net.Uri;

import android.os.Bundle;
@@ -294,7 +295,7 @@ public abstract class ActivityManagerInternal { 


    /** Checks if the calling binder pid as the permission. */

    @PermissionMethod

    public abstract void enforceCallingPermission(String permission, String func);

    public abstract void enforceCallingPermission(@PermissionName String permission, String func);



    /** Returns the current user id. */

    public abstract int getCurrentUserId();

core/java/android/content/Context.java

+8 −6
Original line number Diff line number Diff line
@@ -52,6 +52,7 @@ import android.compat.annotation.UnsupportedAppUsage; 
import android.content.pm.ApplicationInfo;

import android.content.pm.PackageManager;

import android.content.pm.PermissionMethod;

import android.content.pm.PermissionName;

import android.content.res.AssetManager;

import android.content.res.ColorStateList;

import android.content.res.Configuration;
@@ -6077,7 +6078,8 @@ public abstract class Context { 
    @CheckResult(suggest="#enforcePermission(String,int,int,String)")

    @PackageManager.PermissionResult

    @PermissionMethod

    public abstract int checkPermission(@NonNull String permission, int pid, int uid);

    public abstract int checkPermission(

            @NonNull @PermissionName String permission, int pid, int uid);



    /** @hide */

    @SuppressWarnings("HiddenAbstractMethod")
@@ -6110,7 +6112,7 @@ public abstract class Context { 
    @CheckResult(suggest="#enforceCallingPermission(String,String)")

    @PackageManager.PermissionResult

    @PermissionMethod

    public abstract int checkCallingPermission(@NonNull String permission);

    public abstract int checkCallingPermission(@NonNull @PermissionName String permission);



    /**

     * Determine whether the calling process of an IPC <em>or you</em> have been
@@ -6131,7 +6133,7 @@ public abstract class Context { 
    @CheckResult(suggest="#enforceCallingOrSelfPermission(String,String)")

    @PackageManager.PermissionResult

    @PermissionMethod

    public abstract int checkCallingOrSelfPermission(@NonNull String permission);

    public abstract int checkCallingOrSelfPermission(@NonNull @PermissionName String permission);



    /**

     * Determine whether <em>you</em> have been granted a particular permission.
@@ -6161,7 +6163,7 @@ public abstract class Context { 
     */

    @PermissionMethod

    public abstract void enforcePermission(

            @NonNull String permission, int pid, int uid, @Nullable String message);

            @NonNull @PermissionName String permission, int pid, int uid, @Nullable String message);



    /**

     * If the calling process of an IPC you are handling has not been
@@ -6183,7 +6185,7 @@ public abstract class Context { 
     */

    @PermissionMethod

    public abstract void enforceCallingPermission(

            @NonNull String permission, @Nullable String message);

            @NonNull @PermissionName String permission, @Nullable String message);



    /**

     * If neither you nor the calling process of an IPC you are
@@ -6200,7 +6202,7 @@ public abstract class Context { 
     */

    @PermissionMethod

    public abstract void enforceCallingOrSelfPermission(

            @NonNull String permission, @Nullable String message);

            @NonNull @PermissionName String permission, @Nullable String message);



    /**

     * Grant permission to access a specific Uri to another package, regardless

core/java/android/content/pm/PermissionMethod.java

+1 −1
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ import java.lang.annotation.Target; 
 * Documents that the subject method's job is to look

 * up whether the provided or calling uid/pid has the requested permission.

 *

 * Methods should either return `void`, but potentially throw {@link SecurityException},

 * <p>Methods should either return `void`, but potentially throw {@link SecurityException},

 * or return {@link android.content.pm.PackageManager.PermissionResult} `int`.

 *

 * @hide

core/java/android/content/pm/PermissionName.java

0 → 100644
+35 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.content.pm;



import static java.lang.annotation.ElementType.FIELD;

import static java.lang.annotation.ElementType.LOCAL_VARIABLE;

import static java.lang.annotation.ElementType.METHOD;

import static java.lang.annotation.ElementType.PARAMETER;

import static java.lang.annotation.RetentionPolicy.CLASS;



import java.lang.annotation.Retention;

import java.lang.annotation.Target;



/**

 * Denotes that the annotated {@link String} represents a permission name.

 *

 * @hide

 */

@Retention(CLASS)

@Target({PARAMETER, METHOD, LOCAL_VARIABLE, FIELD})

public @interface PermissionName {}

services/core/java/com/android/server/am/ActivityManagerService.java

+8 −6
Original line number Diff line number Diff line
@@ -247,6 +247,7 @@ import android.content.pm.PackageManagerInternal; 
import android.content.pm.ParceledListSlice;

import android.content.pm.PermissionInfo;

import android.content.pm.PermissionMethod;

import android.content.pm.PermissionName;

import android.content.pm.ProcessInfo;

import android.content.pm.ProviderInfo;

import android.content.pm.ProviderInfoList;
@@ -5974,8 +5975,9 @@ public class ActivityManagerService extends IActivityManager.Stub 
     * provided non-{@code null} {@code permission} before. Otherwise calls into

     * {@link ActivityManager#checkComponentPermission(String, int, int, boolean)}.

     */

    @PackageManager.PermissionResult

    @PermissionMethod

    public static int checkComponentPermission(String permission, int pid, int uid,

    public static int checkComponentPermission(@PermissionName String permission, int pid, int uid,

            int owningUid, boolean exported) {

        if (pid == MY_PID) {

            return PackageManager.PERMISSION_GRANTED;
@@ -6022,7 +6024,7 @@ public class ActivityManagerService extends IActivityManager.Stub 
     */

    @Override

    @PermissionMethod

    public int checkPermission(String permission, int pid, int uid) {

    public int checkPermission(@PermissionName String permission, int pid, int uid) {

        if (permission == null) {

            return PackageManager.PERMISSION_DENIED;

        }
@@ -6034,7 +6036,7 @@ public class ActivityManagerService extends IActivityManager.Stub 
     * This can be called with or without the global lock held.

     */

    @PermissionMethod

    int checkCallingPermission(String permission) {

    int checkCallingPermission(@PermissionName String permission) {

        return checkPermission(permission,

                Binder.getCallingPid(),

                Binder.getCallingUid());
@@ -6044,7 +6046,7 @@ public class ActivityManagerService extends IActivityManager.Stub 
     * This can be called with or without the global lock held.

     */

    @PermissionMethod

    void enforceCallingPermission(String permission, String func) {

    void enforceCallingPermission(@PermissionName String permission, String func) {

        if (checkCallingPermission(permission)

                == PackageManager.PERMISSION_GRANTED) {

            return;
@@ -6061,7 +6063,6 @@ public class ActivityManagerService extends IActivityManager.Stub 
    /**

     * This can be called with or without the global lock held.

     */

    @PermissionMethod

    private void enforceCallingHasAtLeastOnePermission(String func, String... permissions) {

        for (String permission : permissions) {

            if (checkCallingPermission(permission) == PackageManager.PERMISSION_GRANTED) {
@@ -6080,7 +6081,8 @@ public class ActivityManagerService extends IActivityManager.Stub 
    /**

     * This can be called with or without the global lock held.

     */

    void enforcePermission(String permission, int pid, int uid, String func) {

    @PermissionMethod

    void enforcePermission(@PermissionName String permission, int pid, int uid, String func) {

        if (checkPermission(permission, pid, uid) == PackageManager.PERMISSION_GRANTED) {

            return;

        }