Loading core/java/android/credentials/ui/RequestInfo.java +35 −3 Original line number Diff line number Diff line Loading @@ -74,13 +74,30 @@ public final class RequestInfo implements Parcelable { @NonNull private final String mAppPackageName; private final boolean mHasPermissionToOverrideDefault; /** Creates new {@code RequestInfo} for a create-credential flow. */ @NonNull public static RequestInfo newCreateRequestInfo( @NonNull IBinder token, @NonNull CreateCredentialRequest createCredentialRequest, @NonNull String appPackageName) { return new RequestInfo( token, TYPE_CREATE, appPackageName, createCredentialRequest, null); token, TYPE_CREATE, appPackageName, createCredentialRequest, null, /*hasPermissionToOverrideDefault=*/ false); } /** * Creates new {@code RequestInfo} for a create-credential flow. * * @hide */ @NonNull public static RequestInfo newCreateRequestInfo( @NonNull IBinder token, @NonNull CreateCredentialRequest createCredentialRequest, @NonNull String appPackageName, boolean hasPermissionToOverrideDefault) { return new RequestInfo( token, TYPE_CREATE, appPackageName, createCredentialRequest, null, hasPermissionToOverrideDefault); } /** Creates new {@code RequestInfo} for a get-credential flow. */ Loading @@ -89,7 +106,18 @@ public final class RequestInfo implements Parcelable { @NonNull IBinder token, @NonNull GetCredentialRequest getCredentialRequest, @NonNull String appPackageName) { return new RequestInfo( token, TYPE_GET, appPackageName, null, getCredentialRequest); token, TYPE_GET, appPackageName, null, getCredentialRequest, /*hasPermissionToOverrideDefault=*/ false); } /** * Returns whether the calling package has the permission * * @hide */ public boolean hasPermissionToOverrideDefault() { return mHasPermissionToOverrideDefault; } /** Returns the request token matching the user request. */ Loading Loading @@ -132,12 +160,14 @@ public final class RequestInfo implements Parcelable { private RequestInfo(@NonNull IBinder token, @NonNull @RequestType String type, @NonNull String appPackageName, @Nullable CreateCredentialRequest createCredentialRequest, @Nullable GetCredentialRequest getCredentialRequest) { @Nullable GetCredentialRequest getCredentialRequest, boolean hasPermissionToOverrideDefault) { mToken = token; mType = type; mAppPackageName = appPackageName; mCreateCredentialRequest = createCredentialRequest; mGetCredentialRequest = getCredentialRequest; mHasPermissionToOverrideDefault = hasPermissionToOverrideDefault; } private RequestInfo(@NonNull Parcel in) { Loading @@ -157,6 +187,7 @@ public final class RequestInfo implements Parcelable { AnnotationValidations.validate(NonNull.class, null, mAppPackageName); mCreateCredentialRequest = createCredentialRequest; mGetCredentialRequest = getCredentialRequest; mHasPermissionToOverrideDefault = in.readBoolean(); } @Override Loading @@ -166,6 +197,7 @@ public final class RequestInfo implements Parcelable { dest.writeString8(mAppPackageName); dest.writeTypedObject(mCreateCredentialRequest, flags); dest.writeTypedObject(mGetCredentialRequest, flags); dest.writeBoolean(mHasPermissionToOverrideDefault); } @Override Loading core/java/android/service/credentials/CredentialProviderInfoFactory.java +5 −21 Original line number Diff line number Diff line Loading @@ -163,29 +163,13 @@ public final class CredentialProviderInfoFactory { private static boolean isSystemProviderWithValidPermission( ServiceInfo serviceInfo, Context context) { requireNonNull(context, "context must not be null"); final String permission = Manifest.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE; try { ApplicationInfo appInfo = context.getPackageManager() .getApplicationInfo( serviceInfo.packageName, PackageManager.ApplicationInfoFlags.of( PackageManager.MATCH_SYSTEM_ONLY)); if (appInfo != null && context.checkPermission(permission, /* pid= */ -1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) { Slog.i(TAG, "SYS permission granted for: " + serviceInfo.packageName); return true; } else { Slog.i(TAG, "SYS permission failed for: " + serviceInfo.packageName); } } catch (PackageManager.NameNotFoundException e) { Slog.e(TAG, "Error getting info for " + serviceInfo + ": " + e); } if (context == null) { Slog.w(TAG, "Context is null in isSystemProviderWithValidPermission"); return false; } return PermissionUtils.hasPermission(context, serviceInfo.packageName, Manifest.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE); } private static boolean isValidSystemProvider( Context context, Loading core/java/android/service/credentials/PermissionUtils.java 0 → 100644 +50 −0 Original line number Diff line number Diff line /* * Copyright (C) 2023 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.service.credentials; import android.content.Context; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; /** * Utils for checking permissions, or any other permission related function * * @hide */ public class PermissionUtils { //TODO(274838409): Move all CredentialManagerService permission checks here /** Checks whether the given package name hold the given permission **/ public static boolean hasPermission(Context context, String packageName, String permission) { try { ApplicationInfo appInfo = context.getPackageManager() .getApplicationInfo( packageName, PackageManager.ApplicationInfoFlags.of( PackageManager.MATCH_SYSTEM_ONLY)); if (appInfo != null && context.checkPermission(permission, /* pid= */ -1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) { return true; } } catch (PackageManager.NameNotFoundException e) { } return false; } } services/credentials/java/com/android/server/credentials/CreateRequestSession.java +5 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.credentials; import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.content.ComponentName; Loading @@ -31,6 +32,7 @@ import android.credentials.ui.RequestInfo; import android.os.CancellationSignal; import android.os.RemoteException; import android.service.credentials.CallingAppInfo; import android.service.credentials.PermissionUtils; import android.util.Log; import com.android.server.credentials.metrics.ApiName; Loading Loading @@ -88,7 +90,9 @@ public final class CreateRequestSession extends RequestSession<CreateCredentialR mClientCallback.onPendingIntent(mCredentialManagerUi.createPendingIntent( RequestInfo.newCreateRequestInfo( mRequestId, mClientRequest, mClientAppInfo.getPackageName()), mClientAppInfo.getPackageName(), PermissionUtils.hasPermission(mContext, mClientAppInfo.getPackageName(), Manifest.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS)), providerDataList)); } catch (RemoteException e) { mChosenProviderFinalPhaseMetric.setUiReturned(false); Loading services/credentials/java/com/android/server/credentials/PrepareGetRequestSession.java +3 −1 Original line number Diff line number Diff line Loading @@ -227,7 +227,9 @@ public class PrepareGetRequestSession extends RequestSession<GetCredentialReques try { mPrepareGetCredentialCallback.onResponse( new PrepareGetCredentialResponseInternal( false, null, false, false, getUiIntent())); false, null, false, false, getUiIntent())); } catch (Exception e) { Log.e(TAG, "EXCEPTION while mPendingCallback.onResponse", e); } Loading Loading
core/java/android/credentials/ui/RequestInfo.java +35 −3 Original line number Diff line number Diff line Loading @@ -74,13 +74,30 @@ public final class RequestInfo implements Parcelable { @NonNull private final String mAppPackageName; private final boolean mHasPermissionToOverrideDefault; /** Creates new {@code RequestInfo} for a create-credential flow. */ @NonNull public static RequestInfo newCreateRequestInfo( @NonNull IBinder token, @NonNull CreateCredentialRequest createCredentialRequest, @NonNull String appPackageName) { return new RequestInfo( token, TYPE_CREATE, appPackageName, createCredentialRequest, null); token, TYPE_CREATE, appPackageName, createCredentialRequest, null, /*hasPermissionToOverrideDefault=*/ false); } /** * Creates new {@code RequestInfo} for a create-credential flow. * * @hide */ @NonNull public static RequestInfo newCreateRequestInfo( @NonNull IBinder token, @NonNull CreateCredentialRequest createCredentialRequest, @NonNull String appPackageName, boolean hasPermissionToOverrideDefault) { return new RequestInfo( token, TYPE_CREATE, appPackageName, createCredentialRequest, null, hasPermissionToOverrideDefault); } /** Creates new {@code RequestInfo} for a get-credential flow. */ Loading @@ -89,7 +106,18 @@ public final class RequestInfo implements Parcelable { @NonNull IBinder token, @NonNull GetCredentialRequest getCredentialRequest, @NonNull String appPackageName) { return new RequestInfo( token, TYPE_GET, appPackageName, null, getCredentialRequest); token, TYPE_GET, appPackageName, null, getCredentialRequest, /*hasPermissionToOverrideDefault=*/ false); } /** * Returns whether the calling package has the permission * * @hide */ public boolean hasPermissionToOverrideDefault() { return mHasPermissionToOverrideDefault; } /** Returns the request token matching the user request. */ Loading Loading @@ -132,12 +160,14 @@ public final class RequestInfo implements Parcelable { private RequestInfo(@NonNull IBinder token, @NonNull @RequestType String type, @NonNull String appPackageName, @Nullable CreateCredentialRequest createCredentialRequest, @Nullable GetCredentialRequest getCredentialRequest) { @Nullable GetCredentialRequest getCredentialRequest, boolean hasPermissionToOverrideDefault) { mToken = token; mType = type; mAppPackageName = appPackageName; mCreateCredentialRequest = createCredentialRequest; mGetCredentialRequest = getCredentialRequest; mHasPermissionToOverrideDefault = hasPermissionToOverrideDefault; } private RequestInfo(@NonNull Parcel in) { Loading @@ -157,6 +187,7 @@ public final class RequestInfo implements Parcelable { AnnotationValidations.validate(NonNull.class, null, mAppPackageName); mCreateCredentialRequest = createCredentialRequest; mGetCredentialRequest = getCredentialRequest; mHasPermissionToOverrideDefault = in.readBoolean(); } @Override Loading @@ -166,6 +197,7 @@ public final class RequestInfo implements Parcelable { dest.writeString8(mAppPackageName); dest.writeTypedObject(mCreateCredentialRequest, flags); dest.writeTypedObject(mGetCredentialRequest, flags); dest.writeBoolean(mHasPermissionToOverrideDefault); } @Override Loading
core/java/android/service/credentials/CredentialProviderInfoFactory.java +5 −21 Original line number Diff line number Diff line Loading @@ -163,29 +163,13 @@ public final class CredentialProviderInfoFactory { private static boolean isSystemProviderWithValidPermission( ServiceInfo serviceInfo, Context context) { requireNonNull(context, "context must not be null"); final String permission = Manifest.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE; try { ApplicationInfo appInfo = context.getPackageManager() .getApplicationInfo( serviceInfo.packageName, PackageManager.ApplicationInfoFlags.of( PackageManager.MATCH_SYSTEM_ONLY)); if (appInfo != null && context.checkPermission(permission, /* pid= */ -1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) { Slog.i(TAG, "SYS permission granted for: " + serviceInfo.packageName); return true; } else { Slog.i(TAG, "SYS permission failed for: " + serviceInfo.packageName); } } catch (PackageManager.NameNotFoundException e) { Slog.e(TAG, "Error getting info for " + serviceInfo + ": " + e); } if (context == null) { Slog.w(TAG, "Context is null in isSystemProviderWithValidPermission"); return false; } return PermissionUtils.hasPermission(context, serviceInfo.packageName, Manifest.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE); } private static boolean isValidSystemProvider( Context context, Loading
core/java/android/service/credentials/PermissionUtils.java 0 → 100644 +50 −0 Original line number Diff line number Diff line /* * Copyright (C) 2023 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.service.credentials; import android.content.Context; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; /** * Utils for checking permissions, or any other permission related function * * @hide */ public class PermissionUtils { //TODO(274838409): Move all CredentialManagerService permission checks here /** Checks whether the given package name hold the given permission **/ public static boolean hasPermission(Context context, String packageName, String permission) { try { ApplicationInfo appInfo = context.getPackageManager() .getApplicationInfo( packageName, PackageManager.ApplicationInfoFlags.of( PackageManager.MATCH_SYSTEM_ONLY)); if (appInfo != null && context.checkPermission(permission, /* pid= */ -1, appInfo.uid) == PackageManager.PERMISSION_GRANTED) { return true; } } catch (PackageManager.NameNotFoundException e) { } return false; } }
services/credentials/java/com/android/server/credentials/CreateRequestSession.java +5 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.credentials; import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.content.ComponentName; Loading @@ -31,6 +32,7 @@ import android.credentials.ui.RequestInfo; import android.os.CancellationSignal; import android.os.RemoteException; import android.service.credentials.CallingAppInfo; import android.service.credentials.PermissionUtils; import android.util.Log; import com.android.server.credentials.metrics.ApiName; Loading Loading @@ -88,7 +90,9 @@ public final class CreateRequestSession extends RequestSession<CreateCredentialR mClientCallback.onPendingIntent(mCredentialManagerUi.createPendingIntent( RequestInfo.newCreateRequestInfo( mRequestId, mClientRequest, mClientAppInfo.getPackageName()), mClientAppInfo.getPackageName(), PermissionUtils.hasPermission(mContext, mClientAppInfo.getPackageName(), Manifest.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS)), providerDataList)); } catch (RemoteException e) { mChosenProviderFinalPhaseMetric.setUiReturned(false); Loading
services/credentials/java/com/android/server/credentials/PrepareGetRequestSession.java +3 −1 Original line number Diff line number Diff line Loading @@ -227,7 +227,9 @@ public class PrepareGetRequestSession extends RequestSession<GetCredentialReques try { mPrepareGetCredentialCallback.onResponse( new PrepareGetCredentialResponseInternal( false, null, false, false, getUiIntent())); false, null, false, false, getUiIntent())); } catch (Exception e) { Log.e(TAG, "EXCEPTION while mPendingCallback.onResponse", e); } Loading
