Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fbeceb0a authored by Evan Severson's avatar Evan Severson
Browse files

Add API for instrumentations from root to override perms 

Similar to how adoptShellPermissionIdentity is used by an
instrumentation started from shell to assume all of the permissions the
shell UID holds, this provides a new API to grant any possible
permission to any UID by an instrumentation that has been started from
root.

Test: WIP test case for this new API  and a random selection of other
        suites that use adoptshellPermissionIdentity.
Fixes: 322381691
Change-Id: Icc7732f72453d4c547428ed95a812f750bb6e9e0
parent 82a77ccb

core/api/test-current.txt

+4 −0
Original line number Original line Diff line number Diff line
@@ -486,12 +486,16 @@ package android.app { 
  }

  }





  public final class UiAutomation {

  public final class UiAutomation {

    method public void addOverridePermissionState(int, @NonNull String, int);

    method public void clearAllOverridePermissionStates();

    method public void clearOverridePermissionStates(int);

    method public void destroy();

    method public void destroy();

    method @NonNull public java.util.Set<java.lang.String> getAdoptedShellPermissions();

    method @NonNull public java.util.Set<java.lang.String> getAdoptedShellPermissions();

    method @Deprecated public boolean grantRuntimePermission(String, String, android.os.UserHandle);

    method @Deprecated public boolean grantRuntimePermission(String, String, android.os.UserHandle);

    method public boolean injectInputEvent(@NonNull android.view.InputEvent, boolean, boolean);

    method public boolean injectInputEvent(@NonNull android.view.InputEvent, boolean, boolean);

    method public void injectInputEventToInputFilter(@NonNull android.view.InputEvent);

    method public void injectInputEventToInputFilter(@NonNull android.view.InputEvent);

    method public boolean isNodeInCache(@NonNull android.view.accessibility.AccessibilityNodeInfo);

    method public boolean isNodeInCache(@NonNull android.view.accessibility.AccessibilityNodeInfo);

    method public void removeOverridePermissionState(int, @NonNull String);

    method @Deprecated public boolean revokeRuntimePermission(String, String, android.os.UserHandle);

    method @Deprecated public boolean revokeRuntimePermission(String, String, android.os.UserHandle);

    method public void syncInputTransactions();

    method public void syncInputTransactions();

    method public void syncInputTransactions(boolean);

    method public void syncInputTransactions(boolean);

core/java/android/app/AppOpsManagerInternal.java

+10 −8
Original line number Original line Diff line number Diff line
@@ -53,9 +53,10 @@ public abstract class AppOpsManagerInternal { 
         * @param superImpl The super implementation.

         * @param superImpl The super implementation.

         * @return The app op check result.

         * @return The app op check result.

         */

         */

        int checkOperation(int code, int uid, String packageName, @Nullable String attributionTag,

        int checkOperation(int code, int uid, @Nullable String packageName,

                int virtualDeviceId, boolean raw, HexFunction<Integer, Integer, String, String,

                @Nullable String attributionTag, int virtualDeviceId, boolean raw,

                Integer, Boolean, Integer> superImpl);

                @NonNull HexFunction<Integer, Integer, String, String, Integer, Boolean, Integer>

                        superImpl);





        /**

        /**

         * Allows overriding check audio operation behavior.

         * Allows overriding check audio operation behavior.
@@ -67,8 +68,8 @@ public abstract class AppOpsManagerInternal { 
         * @param superImpl The super implementation.

         * @param superImpl The super implementation.

         * @return The app op check result.

         * @return The app op check result.

         */

         */

        int checkAudioOperation(int code, int usage, int uid, String packageName,

        int checkAudioOperation(int code, int usage, int uid, @Nullable String packageName,

                QuadFunction<Integer, Integer, Integer, String, Integer> superImpl);

                @NonNull QuadFunction<Integer, Integer, Integer, String, Integer> superImpl);





        /**

        /**

         * Allows overriding note operation behavior.

         * Allows overriding note operation behavior.
@@ -125,7 +126,7 @@ public abstract class AppOpsManagerInternal { 
         * @param superImpl The super implementation.

         * @param superImpl The super implementation.

         * @return The app op note result.

         * @return The app op note result.

         */

         */

        SyncNotedAppOp startOperation(IBinder token, int code, int uid,

        SyncNotedAppOp startOperation(@NonNull IBinder token, int code, int uid,

                @Nullable String packageName, @Nullable String attributionTag, int virtualDeviceId,

                @Nullable String packageName, @Nullable String attributionTag, int virtualDeviceId,

                boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp,

                boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp,

                @Nullable String message, boolean shouldCollectMessage,

                @Nullable String message, boolean shouldCollectMessage,
@@ -152,8 +153,9 @@ public abstract class AppOpsManagerInternal { 
         */

         */

        SyncNotedAppOp startProxyOperation(@NonNull IBinder clientId, int code,

        SyncNotedAppOp startProxyOperation(@NonNull IBinder clientId, int code,

                @NonNull AttributionSource attributionSource, boolean startIfModeDefault,

                @NonNull AttributionSource attributionSource, boolean startIfModeDefault,

                boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage,

                boolean shouldCollectAsyncNotedOp, @Nullable String message,

                boolean skipProxyOperation, @AttributionFlags int proxyAttributionFlags,

                boolean shouldCollectMessage, boolean skipProxyOperation,

                @AttributionFlags int proxyAttributionFlags,

                @AttributionFlags int proxiedAttributionFlags, int attributionChainId,

                @AttributionFlags int proxiedAttributionFlags, int attributionChainId,

                @NonNull UndecFunction<IBinder, Integer, AttributionSource, Boolean,

                @NonNull UndecFunction<IBinder, Integer, AttributionSource, Boolean,

                        Boolean, String, Boolean, Boolean, Integer, Integer, Integer,

                        Boolean, String, Boolean, Boolean, Integer, Integer, Integer,

core/java/android/app/IActivityManager.aidl

+36 −0
Original line number Original line Diff line number Diff line
@@ -970,4 +970,40 @@ interface IActivityManager { 
     * time in the past.

     * time in the past.

     */

     */

    long getUidLastIdleElapsedTime(int uid, in String callingPackage);

    long getUidLastIdleElapsedTime(int uid, in String callingPackage);



    /**

     * Adds permission to be overridden to the given state. Must be called from root user.

     *

     * @param originatingUid The UID of the instrumented app that initialized the override

     * @param uid The UID of the app whose permission will be overridden

     * @param permission The permission whose state will be overridden

     * @param result The state to override the permission to

     *

     * @see PackageManager.PermissionResult

     */

    void addOverridePermissionState(int originatingUid, int uid, String permission, int result);



    /**

     * Removes overridden permission. Must be called from root user.

     *

     * @param originatingUid The UID of the instrumented app that initialized the override

     * @param uid The UID of the app whose permission is overridden

     * @param permission The permission whose state will no longer be overridden

     */

    void removeOverridePermissionState(int originatingUid, int uid, String permission);



    /**

     * Clears all overridden permissions for the given UID. Must be called from root user.

     *

     * @param originatingUid The UID of the instrumented app that initialized the override

     * @param uid The UID of the app whose permissions will no longer be overridden

     */

    void clearOverridePermissionStates(int originatingUid, int uid);



    /**

     * Clears all overridden permissions on the device. Must be called from root user.

     *

     * @param originatingUid The UID of the instrumented app that initialized the override

     */

    void clearAllOverridePermissionStates(int originatingUid);

}
 
}

core/java/android/app/IUiAutomationConnection.aidl

+4 −0
Original line number Original line Diff line number Diff line
@@ -62,4 +62,8 @@ interface IUiAutomationConnection { 
    void executeShellCommandWithStderr(String command, in ParcelFileDescriptor sink,

    void executeShellCommandWithStderr(String command, in ParcelFileDescriptor sink,

                in ParcelFileDescriptor source, in ParcelFileDescriptor stderrSink);

                in ParcelFileDescriptor source, in ParcelFileDescriptor stderrSink);

    List<String> getAdoptedShellPermissions();

    List<String> getAdoptedShellPermissions();

    void addOverridePermissionState(int uid, String permission, int result);

    void removeOverridePermissionState(int uid, String permission);

    void clearOverridePermissionStates(int uid);

    void clearAllOverridePermissionStates();

}
 
}

core/java/android/app/UiAutomation.java

+76 −0
Original line number Original line Diff line number Diff line
@@ -33,6 +33,7 @@ import android.annotation.SuppressLint; 
import android.annotation.TestApi;

import android.annotation.TestApi;

import android.compat.annotation.UnsupportedAppUsage;

import android.compat.annotation.UnsupportedAppUsage;

import android.content.Context;

import android.content.Context;

import android.content.pm.PackageManager;

import android.graphics.Bitmap;

import android.graphics.Bitmap;

import android.graphics.Point;

import android.graphics.Point;

import android.graphics.Rect;

import android.graphics.Rect;
@@ -652,6 +653,81 @@ public final class UiAutomation { 
        }

        }

    }

    }





    /**

     * Adds permission to be overridden to the given state. UiAutomation must be connected to

     * root user.

     *

     * @param uid The UID of the app whose permission will be overridden

     * @param permission The permission whose state will be overridden

     * @param result The state to override the permission to

     *

     * @see PackageManager#PERMISSION_GRANTED

     * @see PackageManager#PERMISSION_DENIED

     *

     * @hide

     */

    @TestApi

    @SuppressLint("UnflaggedApi")

    public void addOverridePermissionState(int uid, @NonNull String permission,

            @PackageManager.PermissionResult int result) {

        try {

            mUiAutomationConnection.addOverridePermissionState(uid, permission, result);

        } catch (RemoteException re) {

            re.rethrowFromSystemServer();

        }

    }



    /**

     * Removes overridden permission. UiAutomation must be connected to root user.

     *

     * @param uid The UID of the app whose permission is overridden

     * @param permission The permission whose state will no longer be overridden

     *

     * @hide

     */

    @TestApi

    @SuppressLint("UnflaggedApi")

    public void removeOverridePermissionState(int uid, @NonNull String permission) {

        try {

            mUiAutomationConnection.removeOverridePermissionState(uid, permission);

        } catch (RemoteException re) {

            re.rethrowFromSystemServer();

        }

    }



    /**

     * Clears all overridden permissions for the given UID. UiAutomation must be connected to

     * root user.

     *

     * @param uid The UID of the app whose permissions will no longer be overridden

     *

     * @hide

     */

    @TestApi

    @SuppressLint("UnflaggedApi")

    public void clearOverridePermissionStates(int uid) {

        try {

            mUiAutomationConnection.clearOverridePermissionStates(uid);

        } catch (RemoteException re) {

            re.rethrowFromSystemServer();

        }

    }



    /**

     * Clears all overridden permissions on the device. UiAutomation must be connected to root user.

     *

     * @hide

     */

    @TestApi

    @SuppressLint("UnflaggedApi")

    public void clearAllOverridePermissionStates() {

        try {

            mUiAutomationConnection.clearAllOverridePermissionStates();

        } catch (RemoteException re) {

            re.rethrowFromSystemServer();

        }

    }



    /**

    /**

     * Performs a global action. Such an action can be performed at any moment

     * Performs a global action. Such an action can be performed at any moment

     * regardless of the current application or user location in that application.

     * regardless of the current application or user location in that application.