Add unit tests for DevicePermissionPolicy (af9f90bd) · Commits · e / os / android_frameworks_base

services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt

+9 −25

Original line number	Diff line number	Diff line
		@@ -16,9 +16,7 @@

		package com.android.server.permission.access.permission

		import android.Manifest
		import android.permission.PermissionManager
		import android.permission.flags.Flags
		import android.util.Slog
		import com.android.modules.utils.BinaryXmlPullParser
		import com.android.modules.utils.BinaryXmlSerializer
		@@ -61,7 +59,7 @@ class DevicePermissionPolicy : SchemePolicy() {
		}
		}

		fun MutateStateScope.removeInactiveDevicesPermission(activePersistentDeviceIds: Set<String>) {
		fun MutateStateScope.trimDevicePermissionStates(deviceIds: Set<String>) {
		newState.userStates.forEachIndexed { _, userId, userState ->
		userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ ->
		val appIdDevicePermissionFlags =
		@@ -69,14 +67,11 @@ class DevicePermissionPolicy : SchemePolicy() {
		val devicePermissionFlags =
		appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed

		val removePersistentDeviceIds = mutableSetOf<String>()
		devicePermissionFlags.forEachIndexed { _, deviceId, _ ->
		if (!activePersistentDeviceIds.contains(deviceId)) {
		removePersistentDeviceIds.add(deviceId)
		devicePermissionFlags.forEachReversedIndexed { _, deviceId, _ ->
		if (deviceId !in deviceIds) {
		devicePermissionFlags -= deviceId
		}
		}

		removePersistentDeviceIds.forEach { deviceId -> devicePermissionFlags -= deviceId }
		}
		}
		}
		@@ -122,6 +117,10 @@ class DevicePermissionPolicy : SchemePolicy() {
		resetRuntimePermissions(packageName, userId)
		}

		/**
		* Reset permission states for all permissions requested by the given package, if no other
		* package (sharing the App ID) request these permissions.
		*/
		fun MutateStateScope.resetRuntimePermissions(packageName: String, userId: Int) {
		// It's okay to skip resetting permissions for packages that are removed,
		// because their states will be trimmed in onPackageRemoved()/onAppIdRemoved()
		@@ -144,6 +143,7 @@ class DevicePermissionPolicy : SchemePolicy() {
		}
		}

		// Trims permission state for permissions not requested by the App ID anymore.
		private fun MutateStateScope.trimPermissionStates(appId: Int) {
		val requestedPermissions = MutableIndexedSet<String>()
		forEachPackageInAppId(appId) {
		@@ -245,10 +245,6 @@ class DevicePermissionPolicy : SchemePolicy() {
		flagMask: Int,
		flagValues: Int
		): Boolean {
		if (!isDeviceAwarePermission(permissionName)) {
		Slog.w(LOG_TAG, "$permissionName is not a device aware permission.")
		return false
		}
		val oldFlags =
		newState.userStates[userId]!!
		.appIdDevicePermissionFlags[appId]
		@@ -295,20 +291,8 @@ class DevicePermissionPolicy : SchemePolicy() {
		synchronized(listenersLock) { listeners = listeners + listener }
		}

		private fun isDeviceAwarePermission(permissionName: String): Boolean =
		DEVICE_AWARE_PERMISSIONS.contains(permissionName)

		companion object {
		private val LOG_TAG = DevicePermissionPolicy::class.java.simpleName

		/** These permissions are supported for virtual devices. */
		// TODO: b/298661870 - Use new API to get the list of device aware permissions.
		val DEVICE_AWARE_PERMISSIONS =
		if (Flags.deviceAwarePermissionApisEnabled()) {
		setOf(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO)
		} else {
		emptySet<String>()
		}
		}

		/** Listener for permission flags changes. */

services/permission/java/com/android/server/permission/access/permission/PermissionService.kt

+14 −6

Original line number	Diff line number	Diff line
		@@ -1555,7 +1555,7 @@ class PermissionService(private val service: AccessCheckingService) :
		deviceId == Context.DEVICE_ID_DEFAULT) {
		with(policy) { getPermissionFlags(appId, userId, permissionName) }
		} else {
		if (permissionName !in DevicePermissionPolicy.DEVICE_AWARE_PERMISSIONS) {
		if (permissionName !in DEVICE_AWARE_PERMISSIONS) {
		Slog.i(
		LOG_TAG,
		"$permissionName is not device aware permission, " +
		@@ -1591,7 +1591,7 @@ class PermissionService(private val service: AccessCheckingService) :
		deviceId == Context.DEVICE_ID_DEFAULT) {
		with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
		} else {
		if (permissionName !in DevicePermissionPolicy.DEVICE_AWARE_PERMISSIONS) {
		if (permissionName !in DEVICE_AWARE_PERMISSIONS) {
		Slog.i(
		LOG_TAG,
		"$permissionName is not device aware permission, " +
		@@ -2314,20 +2314,19 @@ class PermissionService(private val service: AccessCheckingService) :

		override fun onSystemReady() {
		service.onSystemReady()

		virtualDeviceManagerInternal =
		LocalServices.getService(VirtualDeviceManagerInternal::class.java)

		virtualDeviceManagerInternal?.allPersistentDeviceIds?.let { persistentDeviceIds ->
		service.mutateState {
		with(devicePolicy) { removeInactiveDevicesPermission(persistentDeviceIds) }
		with(devicePolicy) { trimDevicePermissionStates(persistentDeviceIds) }
		}
		}

		// trim permission states for the external devices, when they are removed.
		virtualDeviceManagerInternal?.registerPersistentDeviceIdRemovedListener { persistentDeviceId
		->
		service.mutateState { with(devicePolicy) { onDeviceIdRemoved(persistentDeviceId) } }
		}

		permissionControllerManager =
		PermissionControllerManager(context, PermissionThread.getHandler())
		}
		@@ -2862,5 +2861,14 @@ class PermissionService(private val service: AccessCheckingService) :
		PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE or
		PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM or
		PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER

		/** These permissions are supported for virtual devices. */
		// TODO: b/298661870 - Use new API to get the list of device aware permissions.
		val DEVICE_AWARE_PERMISSIONS =
		if (Flags.deviceAwarePermissionApisEnabled()) {
		setOf(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO)
		} else {
		emptySet<String>()
		}
		}
		}

services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionDefinitionsTest.kt

+1 −1

Original line number	Diff line number	Diff line
		@@ -38,7 +38,7 @@ import org.junit.runners.Parameterized
		* AppIdPermissionPolicyPermissionStatesTest because these concepts don't apply to onUserAdded().
		*/
		@RunWith(Parameterized::class)
		class AppIdPermissionPolicyPermissionDefinitionsTest : BaseAppIdPermissionPolicyTest() {
		class AppIdPermissionPolicyPermissionDefinitionsTest : BasePermissionPolicyTest() {
		@Parameterized.Parameter(0) lateinit var action: Action

		@Test

services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionResetTest.kt

+1 −1

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ import org.junit.runners.Parameterized
		* and resetRuntimePermissions() in AppIdPermissionPolicy
		*/
		@RunWith(Parameterized::class)
		class AppIdPermissionPolicyPermissionResetTest : BaseAppIdPermissionPolicyTest() {
		class AppIdPermissionPolicyPermissionResetTest : BasePermissionPolicyTest() {
		@Parameterized.Parameter(0) lateinit var action: Action

		@Test

services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionStatesTest.kt

+1 −1

Original line number	Diff line number	Diff line
		@@ -39,7 +39,7 @@ import org.junit.runners.Parameterized
		* states for onUserAdded(), onStorageVolumeAdded() and onPackageAdded() in AppIdPermissionPolicy
		*/
		@RunWith(Parameterized::class)
		class AppIdPermissionPolicyPermissionStatesTest : BaseAppIdPermissionPolicyTest() {
		class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() {
		@Parameterized.Parameter(0) lateinit var action: Action

		@Before