Merge "Fix access check to check permission owner as target" into main

import android.util.Slog;

import android.util.SparseArray;

import com.android.internal.R;

import com.android.internal.annotations.GuardedBy;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.content.PackageMonitor;

    private static final String ALLOWLISTED_APP_FUNCTIONS_AGENTS =

            "allowlisted_app_functions_agents";

    private static final String NAMESPACE_MACHINE_LEARNING = "machine_learning";

    private static final String ANDROID_PACKAGE_NAME = "android";

    private final RemoteServiceCaller<IAppFunctionService> mRemoteServiceCaller;

    private final CallerValidator mCallerValidator;

    private final IBinder mPermissionOwner;

    private final Object mDeviceSettingPackagesLock = new Object();

    @Nullable

    @GuardedBy("mDeviceSettingPackagesLock")

    private Set<String> mDeviceSettingPackages;

    private final DeviceSettingHelper mDeviceSettingHelper;

    private final Object mAgentAllowlistLock = new Object();

                packageManagerInternal,

                appFunctionAccessServiceInterface,

                uriGrantsManager,

                uriGrantsManagerInternal);

                uriGrantsManagerInternal,

                new DeviceSettingHelperImpl(context));

    }

    @VisibleForTesting

            PackageManagerInternal packageManagerInternal,

            AppFunctionAccessServiceInterface appFunctionAccessServiceInterface,

            IUriGrantsManager uriGrantsManager,

            UriGrantsManagerInternal uriGrantsManagerInternal) {

            UriGrantsManagerInternal uriGrantsManagerInternal,

            DeviceSettingHelper deviceSettingHelper) {

        mContext = Objects.requireNonNull(context);

        mRemoteServiceCaller = Objects.requireNonNull(remoteServiceCaller);

        mCallerValidator = Objects.requireNonNull(callerValidator);

        mUriGrantsManager = Objects.requireNonNull(uriGrantsManager);

        mUriGrantsManagerInternal = Objects.requireNonNull(uriGrantsManagerInternal);

        mPermissionOwner = mUriGrantsManagerInternal.newUriPermissionOwner("appfunctions");

        mDeviceSettingHelper = deviceSettingHelper;

    }

    /** Called when the user is unlocked. */

        if (!accessCheckFlagsEnabled()) {

            return 0;

        }

        final String targetPermissionOwner = getPermissionOwnerPackage(targetPackageName);

        final String targetPermissionOwner =

                mDeviceSettingHelper.getPermissionOwnerPackage(targetPackageName);

        return mAppFunctionAccessService.getAccessFlags(

                agentPackageName, agentUserId, targetPermissionOwner, targetUserId);

    }

        if (!accessCheckFlagsEnabled()) {

            return false;

        }

        final String targetPermissionOwner = getPermissionOwnerPackage(targetPackageName);

        final String targetPermissionOwner =

                mDeviceSettingHelper.getPermissionOwnerPackage(targetPackageName);

        return mAppFunctionAccessService.updateAccessFlags(

                agentPackageName,

                agentUserId,

        if (!accessCheckFlagsEnabled()) {

            return;

        }

        final String targetPermissionOwner = getPermissionOwnerPackage(targetPackageName);

        final String targetPermissionOwner =

                mDeviceSettingHelper.getPermissionOwnerPackage(targetPackageName);

        mAppFunctionAccessService.revokeSelfAccess(targetPermissionOwner);

    }

        if (!accessCheckFlagsEnabled()) {

            return ACCESS_REQUEST_STATE_UNREQUESTABLE;

        }

        final String targetPermissionOwner = getPermissionOwnerPackage(targetPackageName);

        final String targetPermissionOwner =

                mDeviceSettingHelper.getPermissionOwnerPackage(targetPackageName);

        return mAppFunctionAccessService.getAccessRequestState(

                agentPackageName, agentUserId, targetPermissionOwner, targetUserId);

    }

        final int validTargetSize = validTargets.size();

        for (int i = 0; i < validTargetSize; i++) {

            final String target = validTargets.get(i);

            final String permissionOwner = getPermissionOwnerPackage(target);

            final String permissionOwner = mDeviceSettingHelper.getPermissionOwnerPackage(target);

            validPermissionOwnerTargets.add(permissionOwner);

        }

        return List.copyOf(validPermissionOwnerTargets);

    }

    /**

     * Returns the permission owner's package name.

     *

     * <p>For apps that is set as part of config_appFunctionsDeviceSettingsPackages, the access

     * permission is controlled as "android".

     */

    @NonNull

    private String getPermissionOwnerPackage(@NonNull String packageName) {

        final Set<String> deviceSettingPackages = getDeviceSettingPackages();

        if (deviceSettingPackages.contains(packageName)) {

            return ANDROID_PACKAGE_NAME;

        }

        return packageName;

    }

    @NonNull

    private Set<String> getDeviceSettingPackages() {

        synchronized (mDeviceSettingPackagesLock) {

            if (mDeviceSettingPackages != null) {

                return mDeviceSettingPackages;

            }

            final String[] deviceSettingPackages =

                    mContext.getResources()

                            .getStringArray(R.array.config_appFunctionDeviceSettingsPackages);

            mDeviceSettingPackages = new ArraySet<>(deviceSettingPackages);

            return mDeviceSettingPackages;

        }

    }

    private boolean accessCheckFlagsEnabled() {

        return android.permission.flags.Flags.appFunctionAccessApiEnabled()

                && android.permission.flags.Flags.appFunctionAccessServiceEnabled();

    private final Context mContext;

    private final AppFunctionAccessServiceInterface mAppFunctionAccessService;

    private final DeviceSettingHelper mDeviceSettingHelper;

    CallerValidatorImpl(

            @NonNull Context context,

            @NonNull AppFunctionAccessServiceInterface appFunctionAccessService) {

        mContext = Objects.requireNonNull(context);

        mAppFunctionAccessService = Objects.requireNonNull(appFunctionAccessService);

        mDeviceSettingHelper = new DeviceSettingHelperImpl(context);

    }

    @Override

                mAppFunctionAccessService.getAccessRequestState(

                        callerPackageName,

                        UserHandle.getUserId(callingUid),

                        targetPackageName,

                        mDeviceSettingHelper.getPermissionOwnerPackage(targetPackageName),

                        targetUser.getIdentifier());

        boolean hasAccessPermission =

                requestState == AppFunctionManager.ACCESS_REQUEST_STATE_GRANTED;

            @NonNull String callerPackageName,

            @NonNull String targetPackageName,

            @NonNull String functionId) {

        if (callingUid == Process.ROOT_UID) {

            // Bypass any validation if calling from ROOT_ID since it is not an actual package

            // to verify.

            return AndroidFuture.completedFuture(CAN_EXECUTE_APP_FUNCTIONS_ALLOWED_HAS_PERMISSION);

        }

        if (Flags.appFunctionAccessApiEnabled() && Flags.appFunctionAccessServiceEnabled()) {

            return verifyCallerCanExecuteAppFunctionWithAccessService(

/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.appfunctions;

import android.annotation.NonNull;

/** Helper interface for managing DeviceSetting related functionality. */

public interface DeviceSettingHelper {

    /**

     * Returns the permission owner's package name.

     *

     * <p>For apps that is set as part of config_appFunctionsDeviceSettingsPackages, the access

     * permission is controlled as "android".

     */

    @NonNull

    String getPermissionOwnerPackage(@NonNull String packageName);

}

/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.appfunctions;

import android.annotation.NonNull;

import android.content.Context;

import android.util.ArraySet;

import com.android.internal.R;

import com.android.internal.annotations.GuardedBy;

import java.util.Objects;

import java.util.Set;

public final class DeviceSettingHelperImpl implements DeviceSettingHelper {

    private static final String ANDROID_PACKAGE_NAME = "android";

    @NonNull private final Context mContext;

    private final Object mDeviceSettingPackagesLock = new Object();

    @GuardedBy("mDeviceSettingPackagesLock")

    private Set<String> mDeviceSettingPackages;

    public DeviceSettingHelperImpl(@NonNull Context context) {

        mContext = Objects.requireNonNull(context);

    }

    @NonNull

    @Override

    public String getPermissionOwnerPackage(@NonNull String packageName) {

        final Set<String> deviceSettingPackages = getDeviceSettingPackages();

        if (deviceSettingPackages.contains(packageName)) {

            return ANDROID_PACKAGE_NAME;

        }

        return packageName;

    }

    @NonNull

    private Set<String> getDeviceSettingPackages() {

        synchronized (mDeviceSettingPackagesLock) {

            if (mDeviceSettingPackages != null) {

                return mDeviceSettingPackages;

            }

            final String[] deviceSettingPackages =

                    mContext.getResources()

                            .getStringArray(R.array.config_appFunctionDeviceSettingsPackages);

            mDeviceSettingPackages = new ArraySet<>(deviceSettingPackages);

            return mDeviceSettingPackages;

        }

    }

}

            mock<PackageManagerInternal>(),

            mock<AppFunctionAccessServiceInterface>(),

            mock<IUriGrantsManager>(),

            mock<UriGrantsManagerInternal>()

            mock<UriGrantsManagerInternal>(),

            mock<DeviceSettingHelper>(),

        )

    private val mRequestInternal =