Merge "Allow recents components to register/unregister system action."

author: Hongming Jin <hongmingjin@google.com> 2020-01-29 23:47:35 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-01-29 23:47:35 +0000
commit: 1709c9fca8f5eeab1c08953470812f9736cfa00d (patch)
tree: 3e28126352b60520ca039bf1244aa9dbf3d09aca
parent: 603f29f2192046729a3a0957c975a3afeeda913b (diff)
parent: 6b62158ad53ccb7a2b2d612222ce611e1d134f06 (diff)
4 files changed, 43 insertions, 8 deletions
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index 61e1adf2301c..7b495ce19015 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -664,7 +664,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
      */
     @Override
     public void registerSystemAction(RemoteAction action, int actionId) {
-        mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY,
+        mSecurityPolicy.enforceCallerIsRecentsOrHasPermission(
+                Manifest.permission.MANAGE_ACCESSIBILITY,
                 FUNCTION_REGISTER_SYSTEM_ACTION);
         mSystemActionPerformer.registerSystemAction(actionId, action);
     }
@@ -676,7 +677,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
      */
     @Override
     public void unregisterSystemAction(int actionId) {
-        mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY,
+        mSecurityPolicy.enforceCallerIsRecentsOrHasPermission(
+                Manifest.permission.MANAGE_ACCESSIBILITY,
                 FUNCTION_UNREGISTER_SYSTEM_ACTION);
         mSystemActionPerformer.unregisterSystemAction(actionId);
     }
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
index 7a42cd1b3cbb..96e345ea9b89 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
@@ -38,6 +38,8 @@ import android.util.Slog;
 import android.view.accessibility.AccessibilityEvent;
 
 import com.android.internal.util.ArrayUtils;
+import com.android.server.LocalServices;
+import com.android.server.wm.ActivityTaskManagerInternal;
 
 import libcore.util.EmptyArray;
 
@@ -86,6 +88,7 @@ public class AccessibilitySecurityPolicy {
 
     private final AccessibilityUserManager mAccessibilityUserManager;
     private AccessibilityWindowManager mAccessibilityWindowManager;
+    private final ActivityTaskManagerInternal mAtmInternal;
 
     /**
      * Constructor for AccessibilityManagerService.
@@ -97,6 +100,7 @@ public class AccessibilitySecurityPolicy {
         mPackageManager = mContext.getPackageManager();
         mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
         mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
+        mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class);
     }
 
     /**
@@ -563,4 +567,13 @@ public class AccessibilitySecurityPolicy {
                     + permission);
         }
     }
+
+    /**
+     * Enforcing permission check to IPC caller or grant it if it's recents.
+     *
+     * @param permission The permission to check
+     */
+    public void enforceCallerIsRecentsOrHasPermission(@NonNull String permission, String func) {
+        mAtmInternal.enforceCallerIsRecentsOrHasPermission(permission, func);
+    }
 }
diff --git a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
index ec928fb278be..9a7d6ea52d98 100644
--- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
@@ -145,9 +145,10 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase {
 
     @SmallTest
     public void testRegisterSystemActionWithoutPermission() throws Exception {
-        doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission(
-                Manifest.permission.MANAGE_ACCESSIBILITY,
-                AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION);
+        doThrow(SecurityException.class).when(mMockSecurityPolicy)
+                .enforceCallerIsRecentsOrHasPermission(
+                        Manifest.permission.MANAGE_ACCESSIBILITY,
+                        AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION);
 
         try {
             mA11yms.registerSystemAction(TEST_ACTION, ACTION_ID);
@@ -165,9 +166,10 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase {
 
     @SmallTest
     public void testUnregisterSystemActionWithoutPermission() throws Exception {
-        doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission(
-                Manifest.permission.MANAGE_ACCESSIBILITY,
-                AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION);
+        doThrow(SecurityException.class).when(mMockSecurityPolicy)
+                .enforceCallerIsRecentsOrHasPermission(
+                        Manifest.permission.MANAGE_ACCESSIBILITY,
+                        AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION);
 
         try {
             mA11yms.unregisterSystemAction(ACTION_ID);
diff --git a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
index 150409766f47..fbb55fdeeb8f 100644
--- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
+++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
@@ -47,6 +47,9 @@ import android.util.ArraySet;
 import android.view.accessibility.AccessibilityEvent;
 import android.view.accessibility.AccessibilityWindowInfo;
 
+import com.android.server.LocalServices;
+import com.android.server.wm.ActivityTaskManagerInternal;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -67,6 +70,9 @@ public class AccessibilitySecurityPolicyTest {
     private static final int WINDOWID2 = 0x000b;
     private static final int APP_UID = 10400;
 
+    private static final String PERMISSION = "test-permission";
+    private static final String FUNCTION = "test-function-name";
+
     private static final int[] ALWAYS_DISPATCH_EVENTS = {
             AccessibilityEvent.TYPE_WINDOW_STATE_CHANGED,
             AccessibilityEvent.TYPE_NOTIFICATION_STATE_CHANGED,
@@ -111,6 +117,7 @@ public class AccessibilitySecurityPolicyTest {
     @Mock private AccessibilityWindowManager mMockA11yWindowManager;
     @Mock private AppWidgetManagerInternal mMockAppWidgetManager;
     @Mock private AccessibilitySecurityPolicy.AccessibilityUserManager mMockA11yUserManager;
+    @Mock private ActivityTaskManagerInternal mMockActivityTaskManagerInternal;
 
     @Before
     public void setUp() {
@@ -119,6 +126,10 @@ public class AccessibilitySecurityPolicyTest {
         when(mMockContext.getSystemService(Context.USER_SERVICE)).thenReturn(mMockUserManager);
         when(mMockContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mMockAppOpsManager);
 
+        LocalServices.removeServiceForTest(ActivityTaskManagerInternal.class);
+        LocalServices.addService(
+                ActivityTaskManagerInternal.class, mMockActivityTaskManagerInternal);
+
         mA11ySecurityPolicy = new AccessibilitySecurityPolicy(mMockContext, mMockA11yUserManager);
         mA11ySecurityPolicy.setAccessibilityWindowManager(mMockA11yWindowManager);
         mA11ySecurityPolicy.setAppWidgetManager(mMockAppWidgetManager);
@@ -469,4 +480,11 @@ public class AccessibilitySecurityPolicyTest {
         verify(mMockAppOpsManager).noteOpNoThrow(AppOpsManager.OPSTR_ACCESS_ACCESSIBILITY,
                 APP_UID, PACKAGE_NAME);
     }
+
+    @Test
+    public void testEnforceCallerIsRecentsOrHasPermission() {
+        mA11ySecurityPolicy.enforceCallerIsRecentsOrHasPermission(PERMISSION, FUNCTION);
+        verify(mMockActivityTaskManagerInternal).enforceCallerIsRecentsOrHasPermission(
+                PERMISSION, FUNCTION);
+    }
 }
author	Hongming Jin <hongmingjin@google.com>	2020-01-29 23:47:35 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-01-29 23:47:35 +0000
commit	1709c9fca8f5eeab1c08953470812f9736cfa00d (patch)
tree	3e28126352b60520ca039bf1244aa9dbf3d09aca
parent	603f29f2192046729a3a0957c975a3afeeda913b (diff)
parent	6b62158ad53ccb7a2b2d612222ce611e1d134f06 (diff)