Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d5d26b73 authored by lpeter's avatar lpeter
Browse files

Remove RECEIVE_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED permission 

Refer to ag/29753252, it doesn't allow non-system uids to use
"android" as calling package. The permission
'RECEIVE_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED'
shouldn't be necessary and can be removed.

Flag: android.content.pm.reduce_broadcasts_for_component_state_changes

Bug: 387915644
Test: atest PackageChangedBroadcastTest
Test: atest PermissionPolicyTest
Test: atest BroadcastHelperTest
Change-Id: If227fd033183f1220455f0e19d2a7ba89dfa6d1f
parent 3da813ee

core/res/AndroidManifest.xml

+0 −16
Original line number Diff line number Diff line
@@ -8805,22 +8805,6 @@ 
    <permission android:name="android.permission.RESERVED_FOR_TESTING_SIGNATURE"

                android:protectionLevel="signature"/>



    <!--

        This permission allows the system to receive PACKAGE_CHANGED broadcasts when the component

        state of a non-exported component has been changed.

        <p>Not for use by third-party applications. </p>

        <p>Protection level: internal

        @hide

    -->

    <permission

        android:name="android.permission.INTERNAL_RECEIVE_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED"

        android:protectionLevel="internal"

        android:featureFlag="android.content.pm.reduce_broadcasts_for_component_state_changes"/>



    <uses-permission

        android:name="android.permission.INTERNAL_RECEIVE_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED"

        android:featureFlag="android.content.pm.reduce_broadcasts_for_component_state_changes"/>



    <!-- @SystemApi

        @FlaggedApi("android.media.tv.flags.kids_mode_tvdb_sharing")

        This permission is required when accessing information related to

services/core/java/com/android/server/pm/BroadcastHelper.java

+1 −4
Original line number Diff line number Diff line
@@ -86,8 +86,6 @@ import java.util.function.Supplier; 
 */

public final class BroadcastHelper {

    private static final boolean DEBUG_BROADCASTS = false;

    private static final String PERMISSION_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED =

            "android.permission.INTERNAL_RECEIVE_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED";



    private final UserManagerInternal mUmInternal;

    private final ActivityManagerInternal mAmInternal;
@@ -398,8 +396,7 @@ public final class BroadcastHelper { 
                sendPackageChangedBroadcastWithPermissions(packageName, dontKillApp,

                        notExportedComponentNames, packageUid, reason, userIds, instantUserIds,

                        broadcastAllowList, "android" /* targetPackageName */,

                        new String[]{

                                PERMISSION_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED});

                        null /* requiredPermissions */);

            }



            // Second, send the PACKAGE_CHANGED broadcast to the application itself.

services/tests/PackageManagerServiceTests/server/src/com/android/server/pm/BroadcastHelperTest.java

+12 −36
Original line number Diff line number Diff line
@@ -72,8 +72,6 @@ public class BroadcastHelperTest { 
    private static final String PACKAGE_CHANGED_TEST_PACKAGE_NAME = "testpackagename";

    private static final String PACKAGE_CHANGED_TEST_MAIN_ACTIVITY =

            PACKAGE_CHANGED_TEST_PACKAGE_NAME + ".MainActivity";

    private static final String PERMISSION_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED =

            "android.permission.INTERNAL_RECEIVE_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED";



    @Rule

    public final CheckFlagsRule mCheckFlagsRule = DeviceFlagsValueProvider.createCheckFlagsRule();
@@ -125,34 +123,23 @@ public class BroadcastHelperTest { 


    @RequiresFlagsEnabled(FLAG_REDUCE_BROADCASTS_FOR_COMPONENT_STATE_CHANGES)

    @Test

    public void changeNonExportedComponent_sendPackageChangedBroadcastToSystem_withPermission()

    public void changeNonExportedComponent_sendPackageChangedBroadcastToSystemAndApplicationItself()

            throws Exception {

        changeComponentAndSendPackageChangedBroadcast(false /* changeExportedComponent */,

                new String[0] /* sharedPackages */);



        ArgumentCaptor<Intent> captor = ArgumentCaptor.forClass(Intent.class);

        verify(mMockActivityManagerInternal).broadcastIntentWithCallback(

                captor.capture(), eq(null),

                eq(new String[]{PERMISSION_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED}),

                anyInt(), eq(null), eq(null), eq(null));

        Intent intent = captor.getValue();

        assertNotNull(intent);

        assertThat(intent.getPackage()).isEqualTo("android");

    }

        ArgumentCaptor<Intent> captorIntent = ArgumentCaptor.forClass(Intent.class);

        verify(mMockActivityManagerInternal, times(2)).broadcastIntentWithCallback(

                captorIntent.capture(), eq(null), eq(null), anyInt(), eq(null), eq(null), eq(null));

        List<Intent> intents = captorIntent.getAllValues();

        assertNotNull(intents);

        assertThat(intents.size()).isEqualTo(2);



    @RequiresFlagsEnabled(FLAG_REDUCE_BROADCASTS_FOR_COMPONENT_STATE_CHANGES)

    @Test

    public void changeNonExportedComponent_sendPackageChangedBroadcastToApplicationItself()

            throws Exception {

        changeComponentAndSendPackageChangedBroadcast(false /* changeExportedComponent */,

                new String[0] /* sharedPackages */);

        final Intent intent1 = intents.get(0);

        assertThat(intent1.getPackage()).isEqualTo("android");



        ArgumentCaptor<Intent> captor = ArgumentCaptor.forClass(Intent.class);

        verify(mMockActivityManagerInternal).broadcastIntentWithCallback(captor.capture(), eq(null),

                eq(null), anyInt(), eq(null), eq(null), eq(null));

        Intent intent = captor.getValue();

        assertNotNull(intent);

        assertThat(intent.getPackage()).isEqualTo(PACKAGE_CHANGED_TEST_PACKAGE_NAME);

        final Intent intent2 = intents.get(1);

        assertThat(intent2.getPackage()).isEqualTo(PACKAGE_CHANGED_TEST_PACKAGE_NAME);

    }



    @RequiresFlagsEnabled(FLAG_REDUCE_BROADCASTS_FOR_COMPONENT_STATE_CHANGES)
@@ -163,31 +150,20 @@ public class BroadcastHelperTest { 
                new String[]{"shared.package"} /* sharedPackages */);



        ArgumentCaptor<Intent> captorIntent = ArgumentCaptor.forClass(Intent.class);

        ArgumentCaptor<String[]> captorRequiredPermissions = ArgumentCaptor.forClass(

                String[].class);

        verify(mMockActivityManagerInternal, times(3)).broadcastIntentWithCallback(

                captorIntent.capture(), eq(null), captorRequiredPermissions.capture(), anyInt(),

                eq(null), eq(null), eq(null));

                captorIntent.capture(), eq(null), eq(null), anyInt(), eq(null), eq(null), eq(null));

        List<Intent> intents = captorIntent.getAllValues();

        List<String[]> requiredPermissions = captorRequiredPermissions.getAllValues();

        assertNotNull(intents);

        assertThat(intents.size()).isEqualTo(3);



        final Intent intent1 = intents.get(0);

        final String[] requiredPermission1 = requiredPermissions.get(0);

        assertThat(intent1.getPackage()).isEqualTo("android");

        assertThat(requiredPermission1).isEqualTo(

                new String[]{PERMISSION_PACKAGE_CHANGED_BROADCAST_ON_COMPONENT_STATE_CHANGED});



        final Intent intent2 = intents.get(1);

        final String[] requiredPermission2 = requiredPermissions.get(1);

        assertThat(intent2.getPackage()).isEqualTo(PACKAGE_CHANGED_TEST_PACKAGE_NAME);

        assertThat(requiredPermission2).isNull();



        final Intent intent3 = intents.get(2);

        final String[] requiredPermission3 = requiredPermissions.get(2);

        assertThat(intent3.getPackage()).isEqualTo("shared.package");

        assertThat(requiredPermission3).isNull();

    }



    @Test