Merge "[CDM] @EnforcePermission migrations" (cbd38c97) · Commits · e / os / android_frameworks_base

core/java/android/companion/ICompanionDeviceManager.aidl

+9 −3

Original line number	Diff line number	Diff line
		@@ -36,6 +36,8 @@ interface ICompanionDeviceManager {
		in String callingPackage, int userId);

		List<AssociationInfo> getAssociations(String callingPackage, int userId);

		@EnforcePermission("MANAGE_COMPANION_DEVICES")
		List<AssociationInfo> getAllAssociationsForUser(int userId);

		/** @deprecated */
		@@ -48,26 +50,28 @@ interface ICompanionDeviceManager {

		PendingIntent requestNotificationAccess(in ComponentName component, int userId);

		/** @deprecated */
		@EnforcePermission("MANAGE_COMPANION_DEVICES")
		boolean isDeviceAssociatedForWifiConnection(in String packageName, in String macAddress,
		int userId);

		@EnforcePermission("REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE")
		void registerDevicePresenceListenerService(in String deviceAddress, in String callingPackage,
		int userId);

		@EnforcePermission("REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE")
		void unregisterDevicePresenceListenerService(in String deviceAddress, in String callingPackage,
		int userId);

		/** @deprecated */
		boolean canPairWithoutPrompt(in String packageName, in String deviceMacAddress, int userId);

		/** @deprecated */
		@EnforcePermission("ASSOCIATE_COMPANION_DEVICES")
		void createAssociation(in String packageName, in String macAddress, int userId,
		in byte[] certificate);

		@EnforcePermission("MANAGE_COMPANION_DEVICES")
		void addOnAssociationsChangedListener(IOnAssociationsChangedListener listener, int userId);

		@EnforcePermission("MANAGE_COMPANION_DEVICES")
		void removeOnAssociationsChangedListener(IOnAssociationsChangedListener listener, int userId);

		void addOnTransportsChangedListener(IOnTransportsChangedListener listener);
		@@ -90,8 +94,10 @@ interface ICompanionDeviceManager {
		void startSystemDataTransfer(String packageName, int userId, int associationId,
		in ISystemDataTransferCallback callback);

		@EnforcePermission("DELIVER_COMPANION_MESSAGES")
		void attachSystemDataTransport(String packageName, int userId, int associationId, in ParcelFileDescriptor fd);

		@EnforcePermission("DELIVER_COMPANION_MESSAGES")
		void detachSystemDataTransport(String packageName, int userId, int associationId);

		boolean isCompanionApplicationBound(String packageName, int userId);

services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java

+35 −19

Original line number	Diff line number	Diff line
		@@ -17,6 +17,10 @@

		package com.android.server.companion;

		import static android.Manifest.permission.ASSOCIATE_COMPANION_DEVICES;
		import static android.Manifest.permission.DELIVER_COMPANION_MESSAGES;
		import static android.Manifest.permission.MANAGE_COMPANION_DEVICES;
		import static android.Manifest.permission.REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE;
		import static android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_VISIBLE;
		import static android.companion.AssociationRequest.DEVICE_PROFILE_AUTOMOTIVE_PROJECTION;
		import static android.content.pm.PackageManager.CERT_INPUT_SHA256;
		@@ -33,7 +37,6 @@ import static com.android.server.companion.PackageUtils.enforceUsesCompanionDevi
		import static com.android.server.companion.PackageUtils.getPackageInfo;
		import static com.android.server.companion.PermissionsUtils.checkCallerCanManageCompanionDevice;
		import static com.android.server.companion.PermissionsUtils.enforceCallerCanManageAssociationsForPackage;
		import static com.android.server.companion.PermissionsUtils.enforceCallerCanManageCompanionDevice;
		import static com.android.server.companion.PermissionsUtils.enforceCallerIsSystemOr;
		import static com.android.server.companion.PermissionsUtils.enforceCallerIsSystemOrCanInteractWithUserId;
		import static com.android.server.companion.PermissionsUtils.sanitizeWithCallerChecks;
		@@ -43,6 +46,7 @@ import static java.util.Objects.requireNonNull;
		import static java.util.concurrent.TimeUnit.DAYS;
		import static java.util.concurrent.TimeUnit.MINUTES;

		import android.annotation.EnforcePermission;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.SuppressLint;
		@@ -575,29 +579,33 @@ public class CompanionDeviceManagerService extends SystemService {
		}

		@Override
		@EnforcePermission(MANAGE_COMPANION_DEVICES)
		public List<AssociationInfo> getAllAssociationsForUser(int userId) throws RemoteException {
		getAllAssociationsForUser_enforcePermission();

		enforceCallerIsSystemOrCanInteractWithUserId(getContext(), userId);
		enforceCallerCanManageCompanionDevice(getContext(), "getAllAssociationsForUser");

		return mAssociationStore.getAssociationsForUser(userId);
		}

		@Override
		@EnforcePermission(MANAGE_COMPANION_DEVICES)
		public void addOnAssociationsChangedListener(IOnAssociationsChangedListener listener,
		int userId) {
		addOnAssociationsChangedListener_enforcePermission();

		enforceCallerIsSystemOrCanInteractWithUserId(getContext(), userId);
		enforceCallerCanManageCompanionDevice(getContext(),
		"addOnAssociationsChangedListener");

		mListeners.register(listener, userId);
		}

		@Override
		@EnforcePermission(MANAGE_COMPANION_DEVICES)
		public void removeOnAssociationsChangedListener(IOnAssociationsChangedListener listener,
		int userId) {
		removeOnAssociationsChangedListener_enforcePermission();

		enforceCallerIsSystemOrCanInteractWithUserId(getContext(), userId);
		enforceCallerCanManageCompanionDevice(
		getContext(), "removeOnAssociationsChangedListener");

		mListeners.unregister(listener);
		}
		@@ -633,6 +641,10 @@ public class CompanionDeviceManagerService extends SystemService {
		mTransportManager.removeListener(messageType, listener);
		}

		/**
		* @deprecated use {@link #disassociate(int)} instead
		*/
		@Deprecated
		@Override
		public void legacyDisassociate(String deviceMacAddress, String packageName, int userId) {
		Log.i(TAG, "legacyDisassociate() pkg=u" + userId + "/" + packageName
		@@ -688,8 +700,8 @@ public class CompanionDeviceManagerService extends SystemService {
		return nm.isNotificationListenerAccessGranted(component);
		}

		@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_COMPANION_DEVICES)
		@Override
		@EnforcePermission(MANAGE_COMPANION_DEVICES)
		public boolean isDeviceAssociatedForWifiConnection(String packageName, String macAddress,
		int userId) {
		isDeviceAssociatedForWifiConnection_enforcePermission();
		@@ -706,15 +718,19 @@ public class CompanionDeviceManagerService extends SystemService {
		}

		@Override
		@EnforcePermission(REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE)
		public void registerDevicePresenceListenerService(String deviceAddress,
		String callingPackage, int userId) throws RemoteException {
		registerDevicePresenceListenerService_enforcePermission();
		// TODO: take the userId into account.
		registerDevicePresenceListenerActive(callingPackage, deviceAddress, true);
		}

		@Override
		@EnforcePermission(REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE)
		public void unregisterDevicePresenceListenerService(String deviceAddress,
		String callingPackage, int userId) throws RemoteException {
		unregisterDevicePresenceListenerService_enforcePermission();
		// TODO: take the userId into account.
		registerDevicePresenceListenerActive(callingPackage, deviceAddress, false);
		}
		@@ -734,14 +750,20 @@ public class CompanionDeviceManagerService extends SystemService {
		}

		@Override
		@EnforcePermission(DELIVER_COMPANION_MESSAGES)
		public void attachSystemDataTransport(String packageName, int userId, int associationId,
		ParcelFileDescriptor fd) {
		attachSystemDataTransport_enforcePermission();

		getAssociationWithCallerChecks(associationId);
		mTransportManager.attachSystemDataTransport(packageName, userId, associationId, fd);
		}

		@Override
		@EnforcePermission(DELIVER_COMPANION_MESSAGES)
		public void detachSystemDataTransport(String packageName, int userId, int associationId) {
		detachSystemDataTransport_enforcePermission();

		getAssociationWithCallerChecks(associationId);
		mTransportManager.detachSystemDataTransport(packageName, userId, associationId);
		}
		@@ -810,9 +832,6 @@ public class CompanionDeviceManagerService extends SystemService {
		+ " deviceAddress=" + deviceAddress);
		}

		getContext().enforceCallingOrSelfPermission(
		android.Manifest.permission.REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE,
		"[un]registerDevicePresenceListenerService");
		final int userId = getCallingUserId();
		enforceCallerIsSystemOr(userId, packageName);

		@@ -855,17 +874,17 @@ public class CompanionDeviceManagerService extends SystemService {
		}

		@Override
		@EnforcePermission(ASSOCIATE_COMPANION_DEVICES)
		public void createAssociation(String packageName, String macAddress, int userId,
		byte[] certificate) {
		createAssociation_enforcePermission();

		if (!getContext().getPackageManager().hasSigningCertificate(
		packageName, certificate, CERT_INPUT_SHA256)) {
		Slog.e(TAG, "Given certificate doesn't match the package certificate.");
		return;
		}

		getContext().enforceCallingOrSelfPermission(
		android.Manifest.permission.ASSOCIATE_COMPANION_DEVICES, "createAssociation");

		final MacAddress macAddressObj = MacAddress.fromString(macAddress);
		createNewAssociation(userId, packageName, macAddressObj, null, null, false);
		}
		@@ -898,12 +917,9 @@ public class CompanionDeviceManagerService extends SystemService {
		public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
		String[] args, ShellCallback callback, ResultReceiver resultReceiver)
		throws RemoteException {
		enforceCallerCanManageCompanionDevice(getContext(), "onShellCommand");
		final CompanionDeviceShellCommand cmd = new CompanionDeviceShellCommand(
		CompanionDeviceManagerService.this,
		mAssociationStore,
		mDevicePresenceMonitor);
		cmd.exec(this, in, out, err, args, callback, resultReceiver);
		new CompanionDeviceShellCommand(CompanionDeviceManagerService.this, mAssociationStore,
		mDevicePresenceMonitor)
		.exec(this, in, out, err, args, callback, resultReceiver);
		}

		@Override

services/companion/java/com/android/server/companion/PermissionsUtils.java

+0 −7

Original line number	Diff line number	Diff line
		@@ -163,13 +163,6 @@ public final class PermissionsUtils {
		return context.checkCallingPermission(MANAGE_COMPANION_DEVICES) == PERMISSION_GRANTED;
		}

		static void enforceCallerCanManageCompanionDevice(@NonNull Context context,
		@Nullable String message) {
		if (getCallingUid() == SYSTEM_UID) return;

		context.enforceCallingPermission(MANAGE_COMPANION_DEVICES, message);
		}

		static void enforceCallerCanManageAssociationsForPackage(@NonNull Context context,
		@UserIdInt int userId, @NonNull String packageName,
		@Nullable String actionDescription) {

services/companion/java/com/android/server/companion/transport/CompanionTransportManager.java

+0 −4

Original line number	Diff line number	Diff line
		@@ -16,8 +16,6 @@

		package com.android.server.companion.transport;

		import static android.Manifest.permission.DELIVER_COMPANION_MESSAGES;

		import static com.android.server.companion.transport.Transport.MESSAGE_REQUEST_PERMISSION_RESTORE;
		import static com.android.server.companion.transport.Transport.MESSAGE_REQUEST_PLATFORM_INFO;

		@@ -170,8 +168,6 @@ public class CompanionTransportManager {
		* third-party companion apps.
		*/
		private void enforceCallerCanTransportSystemData(String packageName, int userId) {
		mContext.enforceCallingOrSelfPermission(DELIVER_COMPANION_MESSAGES, TAG);

		try {
		final ApplicationInfo info = mContext.getPackageManager().getApplicationInfoAsUser(
		packageName, 0, userId);