Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit faeec12c authored by Philip P. Moltmann's avatar Philip P. Moltmann Committed by Android (Google) Code Review
Browse files

Merge changes from topic "revert-12439864-PermAppOpsCrossUserCheck-Fixed-DGFFMARPXU" 

* changes:
  Revert "Give all non-package services the power to interact accr..."
  Revert "Check cross-user interactions for permissions and app-op..."
  Revert "Invalidate package/permission cache if cross-profile app..."
parents 75c2711f aba99679

core/java/android/app/ActivityManagerInternal.java

+4 −23
Original line number Diff line number Diff line
@@ -46,39 +46,20 @@ public abstract class ActivityManagerInternal { 




    // Access modes for handleIncomingUser.

    /**

     * Allows access to a caller with {@link android.Manifest.permission#INTERACT_ACROSS_USERS} or

     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL}.

     */

    public static final int ALLOW_NON_FULL = 0;

    /**

     * Allows access to a caller with {@link android.Manifest.permission#INTERACT_ACROSS_USERS}

     * or {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} if in the same profile

     * group.

     * if in the same profile group.

     * Otherwise, {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} is required.

     */

    public static final int ALLOW_NON_FULL_IN_PROFILE_OR_FULL = 1;

    /**

     * Allows access to a caller with {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL}

     * only.

     */

    public static final int ALLOW_NON_FULL_IN_PROFILE = 1;

    public static final int ALLOW_FULL_ONLY = 2;

    /**

     * Allows access to a caller with {@link android.Manifest.permission#INTERACT_ACROSS_PROFILES}

     * or {@link android.Manifest.permission#INTERACT_ACROSS_USERS} or

     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} if in the same profile group.

     * or {@link android.Manifest.permission#INTERACT_ACROSS_USERS} if in the same profile group.

     * Otherwise, {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} is required.

     */

    public static final int ALLOW_ACROSS_PROFILES_IN_PROFILE_OR_FULL = 3;

    /**

     * Requires {@link android.Manifest.permission#INTERACT_ACROSS_PROFILES},

     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS}, or

     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} if in same profile group,

     * otherwise {@link android.Manifest.permission#INTERACT_ACROSS_USERS} or

     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL}. (so this is an extension

     * to {@link #ALLOW_NON_FULL})

     */

    public static final int ALLOW_ACROSS_PROFILES_IN_PROFILE_OR_NON_FULL = 4;

    public static final int ALLOW_ALL_PROFILE_PERMISSIONS_IN_PROFILE = 3;



    /**

     * Verify that calling app has access to the given provider.

core/java/android/app/AppOpsManager.java

+19 −65
Original line number Diff line number Diff line
@@ -6741,14 +6741,10 @@ public class AppOpsManager { 
     */

    @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)

    public void setUidMode(int code, int uid, @Mode int mode) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            mService.setUidMode(code, uid, mode);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -6766,7 +6762,11 @@ public class AppOpsManager { 
    @TestApi

    @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)

    public void setUidMode(@NonNull String appOp, int uid, @Mode int mode) {

        setUidMode(AppOpsManager.strOpToOp(appOp), uid, mode);

        try {

            mService.setUidMode(AppOpsManager.strOpToOp(appOp), uid, mode);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }



    /** @hide */
@@ -6795,14 +6795,10 @@ public class AppOpsManager { 
    @TestApi

    @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)

    public void setMode(int code, int uid, String packageName, @Mode int mode) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            mService.setMode(code, uid, packageName, mode);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -6822,7 +6818,11 @@ public class AppOpsManager { 
    @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)

    public void setMode(@NonNull String op, int uid, @Nullable String packageName,

            @Mode int mode) {

        setMode(strOpToOp(op), uid, packageName, mode);

        try {

            mService.setMode(strOpToOp(op), uid, packageName, mode);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }



    /**
@@ -7298,14 +7298,10 @@ public class AppOpsManager { 
     * @hide

     */

    public int unsafeCheckOpRawNoThrow(int op, int uid, @NonNull String packageName) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            return mService.checkOperationRaw(op, uid, packageName);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -7477,20 +7473,8 @@ public class AppOpsManager { 
                }

            }



            int mode;

            // Making the binder call "noteOperation" usually sets Binder.callingUid to the calling

            // processes UID. Hence clearing the calling UID is superfluous.

            // If the call is inside the system server though "noteOperation" is not a binder all,

            // it is only a method call. Hence Binder.callingUid might still be set to the app that

            // called the system server. This can lead to problems as not every app can see the

            // same appops the system server can see.

            long token = Binder.clearCallingIdentity();

            try {

                mode = mService.noteOperation(op, uid, packageName, attributionTag,

            int mode = mService.noteOperation(op, uid, packageName, attributionTag,

                    collectionMode == COLLECT_ASYNC, message, shouldCollectMessage);

            } finally {

                Binder.restoreCallingIdentity(token);

            }



            if (mode == MODE_ALLOWED) {

                if (collectionMode == COLLECT_SELF) {
@@ -7653,17 +7637,10 @@ public class AppOpsManager { 
                }

            }



            int mode;

            // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

            long token = Binder.clearCallingIdentity();

            try {

                mode = mService.noteProxyOperation(op, proxiedUid, proxiedPackageName,

            int mode = mService.noteProxyOperation(op, proxiedUid, proxiedPackageName,

                    proxiedAttributionTag, myUid, mContext.getOpPackageName(),

                    mContext.getAttributionTag(), collectionMode == COLLECT_ASYNC, message,

                    shouldCollectMessage);

            } finally {

                Binder.restoreCallingIdentity(token);

            }



            if (mode == MODE_ALLOWED) {

                if (collectionMode == COLLECT_SELF) {
@@ -7713,8 +7690,6 @@ public class AppOpsManager { 
     */

    @UnsupportedAppUsage

    public int checkOp(int op, int uid, String packageName) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            int mode = mService.checkOperation(op, uid, packageName);

            if (mode == MODE_ERRORED) {
@@ -7723,8 +7698,6 @@ public class AppOpsManager { 
            return mode;

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -7735,15 +7708,11 @@ public class AppOpsManager { 
     */

    @UnsupportedAppUsage

    public int checkOpNoThrow(int op, int uid, String packageName) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            int mode = mService.checkOperation(op, uid, packageName);

            return mode == AppOpsManager.MODE_FOREGROUND ? AppOpsManager.MODE_ALLOWED : mode;

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -7995,16 +7964,9 @@ public class AppOpsManager { 
                }

            }



            int mode;

            // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

            long token = Binder.clearCallingIdentity();

            try {

                mode = mService.startOperation(getClientId(), op, uid, packageName,

                        attributionTag, startIfModeDefault, collectionMode == COLLECT_ASYNC,

                        message, shouldCollectMessage);

            } finally {

                Binder.restoreCallingIdentity(token);

            }

            int mode = mService.startOperation(getClientId(), op, uid, packageName,

                    attributionTag, startIfModeDefault, collectionMode == COLLECT_ASYNC, message,

                    shouldCollectMessage);



            if (mode == MODE_ALLOWED) {

                if (collectionMode == COLLECT_SELF) {
@@ -8067,14 +8029,10 @@ public class AppOpsManager { 
     */

    public void finishOp(int op, int uid, @NonNull String packageName,

            @Nullable String attributionTag) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            mService.finishOperation(getClientId(), op, uid, packageName, attributionTag);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -8666,14 +8624,10 @@ public class AppOpsManager { 
    // TODO: Uncomment below annotation once b/73559440 is fixed

    // @RequiresPermission(value=Manifest.permission.WATCH_APPOPS, conditional=true)

    public boolean isOperationActive(int code, int uid, String packageName) {

        // Clear calling UID to handle calls from inside the system server. See #noteOpNoThrow

        long token = Binder.clearCallingIdentity();

        try {

            return mService.isOperationActive(code, uid, packageName);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }

core/java/android/permission/PermissionManager.java

+0 −15
Original line number Diff line number Diff line
@@ -34,7 +34,6 @@ import android.content.Context; 
import android.content.pm.IPackageManager;

import android.content.pm.PackageManager;

import android.content.pm.permission.SplitPermissionInfoParcelable;

import android.os.Binder;

import android.os.Process;

import android.os.RemoteException;

import android.os.ServiceManager;
@@ -544,15 +543,10 @@ public final class PermissionManager { 
                    + permission);

            return PackageManager.PERMISSION_DENIED;

        }

        // Clear Binder.callingUid in case this is called inside the system server. See

        // more extensive comment in checkPackageNamePermissionUncached

        long token = Binder.clearCallingIdentity();

        try {

            return am.checkPermission(permission, pid, uid);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }
@@ -685,20 +679,11 @@ public final class PermissionManager { 
    /* @hide */

    private static int checkPackageNamePermissionUncached(

            String permName, String pkgName, @UserIdInt int userId) {

        // Makeing the binder call "checkPermission" usually sets Binder.callingUid to the calling

        // processes UID. Hence clearing the calling UID is superflous.

        // If the call is inside the system server though "checkPermission" is not a binder all, it

        // is only a method call. Hence Binder.callingUid might still be set to the app that called

        // the system server. This can lead to problems as not every app can check the same

        // permissions the system server can check.

        long token = Binder.clearCallingIdentity();

        try {

            return ActivityThread.getPermissionManager().checkPermission(

                    permName, pkgName, userId);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }

data/etc/platform.xml

+1 −6
Original line number Diff line number Diff line
@@ -153,8 +153,8 @@ 
    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />

    <assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="media" />

    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="media" />



    <assign-permission name="android.permission.INTERNET" uid="media" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="media" />



    <assign-permission name="android.permission.INTERNET" uid="shell" />
@@ -164,7 +164,6 @@ 
    <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="audioserver" />

    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="audioserver" />

    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="audioserver" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="audioserver" />



    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="cameraserver" />

    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="cameraserver" />
@@ -175,10 +174,8 @@ 
    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="cameraserver" />

    <assign-permission name="android.permission.WATCH_APPOPS" uid="cameraserver" />

    <assign-permission name="android.permission.MANAGE_APP_OPS_MODES" uid="cameraserver" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="cameraserver" />



    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="graphics" />



    <assign-permission name="android.permission.DUMP" uid="incidentd" />

    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="incidentd" />
@@ -193,10 +190,8 @@ 
    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="statsd" />

    <assign-permission name="android.permission.STATSCOMPANION" uid="statsd" />

    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="statsd" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="statsd" />



    <assign-permission name="android.permission.REGISTER_STATS_PULL_ATOM" uid="gpu_service" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="gpu_service" />



    <split-permission name="android.permission.ACCESS_FINE_LOCATION">

        <new-permission name="android.permission.ACCESS_COARSE_LOCATION" />

services/core/java/com/android/server/am/ActiveServices.java

+3 −3
Original line number Diff line number Diff line
@@ -2610,12 +2610,12 @@ public final class ActiveServices { 


    private int getAllowMode(Intent service, @Nullable String callingPackage) {

        if (callingPackage == null || service.getComponent() == null) {

            return ActivityManagerInternal.ALLOW_NON_FULL_IN_PROFILE_OR_FULL;

            return ActivityManagerInternal.ALLOW_NON_FULL_IN_PROFILE;

        }

        if (callingPackage.equals(service.getComponent().getPackageName())) {

            return ActivityManagerInternal.ALLOW_ACROSS_PROFILES_IN_PROFILE_OR_FULL;

            return ActivityManagerInternal.ALLOW_ALL_PROFILE_PERMISSIONS_IN_PROFILE;

        } else {

            return ActivityManagerInternal.ALLOW_NON_FULL_IN_PROFILE_OR_FULL;

            return ActivityManagerInternal.ALLOW_NON_FULL_IN_PROFILE;

        }

    }