diff options
| author | 2021-01-28 17:28:12 -0800 | |
|---|---|---|
| committer | 2021-01-28 17:28:18 -0800 | |
| commit | 4ee257ce729d79731f9e7604202a6b6cfab65bf1 (patch) | |
| tree | 732d9decc27d54354ace67d2bd1337326fe23a28 | |
| parent | cd347c4bd01cc8db065e4c1979121631ee523f0b (diff) | |
Replacing some explicit recents components checks with permission checks
Bug: 177096054
Test: Presubmit for quickstep
Change-Id: Ia824ed21a3836548eccb186ee7c9a3f697e9ee66
12 files changed, 83 insertions, 169 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 396f95446bf6..be5771f5a9e0 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2541,7 +2541,7 @@ <!-- Allows an application to start a task from a ActivityManager#RecentTaskInfo. @hide --> <permission android:name="android.permission.START_TASKS_FROM_RECENTS" - android:protectionLevel="signature|privileged" /> + android:protectionLevel="signature|privileged|recents" /> <!-- @SystemApi @hide Allows an application to call APIs that allow it to do interactions across the users on the device, using singleton services and @@ -2606,7 +2606,7 @@ <!-- @SystemApi @TestApi @hide Allows an application to change to remove/kill tasks --> <permission android:name="android.permission.REMOVE_TASKS" - android:protectionLevel="signature|documenter" /> + android:protectionLevel="signature|documenter|recents" /> <!-- @deprecated Use MANAGE_ACTIVITY_TASKS instead. @SystemApi @TestApi @hide Allows an application to create/manage/remove stacks --> @@ -2615,7 +2615,7 @@ <!-- @SystemApi @TestApi @hide Allows an application to create/manage/remove tasks --> <permission android:name="android.permission.MANAGE_ACTIVITY_TASKS" - android:protectionLevel="signature" /> + android:protectionLevel="signature|recents" /> <!-- @SystemApi @TestApi @hide Allows an application to embed other activities --> <permission android:name="android.permission.ACTIVITY_EMBEDDING" @@ -3284,7 +3284,7 @@ and its icons. <p>Not for use by third-party applications. --> <permission android:name="android.permission.STATUS_BAR" - android:protectionLevel="signature|privileged" /> + android:protectionLevel="signature|privileged|recents" /> <!-- Allows an application to trigger bugreport via shell using the bugreport API. <p>Not for use by third-party applications. @@ -3451,7 +3451,7 @@ critical UI such as the home screen. @hide --> <permission android:name="android.permission.STOP_APP_SWITCHES" - android:protectionLevel="signature|privileged" /> + android:protectionLevel="signature|privileged|recents" /> <!-- @SystemApi Allows an application to retrieve private information about the current top activity, such as any assist context it can provide. @@ -3836,7 +3836,7 @@ @hide --> <permission android:name="android.permission.SET_ORIENTATION" - android:protectionLevel="signature" /> + android:protectionLevel="signature|recents" /> <!-- @SystemApi Allows low-level access to setting the pointer speed. <p>Not for use by third-party applications. @@ -4100,7 +4100,7 @@ @hide @removed --> <permission android:name="android.permission.READ_FRAME_BUFFER" - android:protectionLevel="signature" /> + android:protectionLevel="signature|recents" /> <!-- Allows an application to use InputFlinger's low level features. @hide --> @@ -5277,7 +5277,7 @@ <!-- @SystemApi Allows modifying accessibility state. @hide --> <permission android:name="android.permission.MANAGE_ACCESSIBILITY" - android:protectionLevel="signature|setup" /> + android:protectionLevel="signature|setup|recents" /> <!-- @SystemApi Allows an app to grant a profile owner access to device identifiers. <p>Not for use by third-party applications. diff --git a/data/etc/com.android.launcher3.xml b/data/etc/com.android.launcher3.xml index 99c38dbe6ac9..598d2027a0e9 100644 --- a/data/etc/com.android.launcher3.xml +++ b/data/etc/com.android.launcher3.xml @@ -21,5 +21,8 @@ <permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/> <permission name="android.permission.WRITE_SECURE_SETTINGS"/> <permission name="android.permission.BROADCAST_CLOSE_SYSTEM_DIALOGS"/> + <permission name="android.permission.START_TASKS_FROM_RECENTS"/> + <permission name="android.permission.STATUS_BAR"/> + <permission name="android.permission.STOP_APP_SWITCHES"/> </privapp-permissions> </permissions> diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java index 9aa0aed06892..ea1473ea3db7 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java @@ -166,8 +166,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub // their capabilities are ready. private static final int WAIT_MOTION_INJECTOR_TIMEOUT_MILLIS = 1000; - static final String FUNCTION_REGISTER_SYSTEM_ACTION = "registerSystemAction"; - static final String FUNCTION_UNREGISTER_SYSTEM_ACTION = "unregisterSystemAction"; private static final String FUNCTION_REGISTER_UI_TEST_AUTOMATION_SERVICE = "registerUiTestAutomationService"; @@ -748,9 +746,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub */ @Override public void registerSystemAction(RemoteAction action, int actionId) { - mSecurityPolicy.enforceCallerIsRecentsOrHasPermission( - Manifest.permission.MANAGE_ACCESSIBILITY, - FUNCTION_REGISTER_SYSTEM_ACTION); + mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); getSystemActionPerformer().registerSystemAction(actionId, action); } @@ -761,9 +757,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub */ @Override public void unregisterSystemAction(int actionId) { - mSecurityPolicy.enforceCallerIsRecentsOrHasPermission( - Manifest.permission.MANAGE_ACCESSIBILITY, - FUNCTION_UNREGISTER_SYSTEM_ACTION); + mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); getSystemActionPerformer().unregisterSystemAction(actionId); } diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java index d7664312e2e6..bef6d3e950c1 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java @@ -38,8 +38,6 @@ import android.util.Slog; import android.view.accessibility.AccessibilityEvent; import com.android.internal.util.ArrayUtils; -import com.android.server.LocalServices; -import com.android.server.wm.ActivityTaskManagerInternal; import libcore.util.EmptyArray; @@ -88,7 +86,6 @@ public class AccessibilitySecurityPolicy { private final AccessibilityUserManager mAccessibilityUserManager; private AccessibilityWindowManager mAccessibilityWindowManager; - private final ActivityTaskManagerInternal mAtmInternal; /** * Constructor for AccessibilityManagerService. @@ -100,7 +97,6 @@ public class AccessibilitySecurityPolicy { mPackageManager = mContext.getPackageManager(); mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE); - mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class); } /** @@ -572,13 +568,4 @@ public class AccessibilitySecurityPolicy { + permission); } } - - /** - * Enforcing permission check to IPC caller or grant it if it's recents. - * - * @param permission The permission to check - */ - public void enforceCallerIsRecentsOrHasPermission(@NonNull String permission, String func) { - mAtmInternal.enforceCallerIsRecentsOrHasPermission(permission, func); - } } diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java b/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java index 081141c5519c..7d2075cca84d 100644 --- a/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java +++ b/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java @@ -279,12 +279,6 @@ public abstract class ActivityTaskManagerInternal { public abstract void cancelRecentsAnimation(boolean restoreHomeRootTaskPosition); /** - * This enforces {@code func} can only be called if either the caller is Recents activity or - * has {@code permission}. - */ - public abstract void enforceCallerIsRecentsOrHasPermission(String permission, String func); - - /** * Returns true if the app can close system dialogs. Otherwise it either throws a {@link * SecurityException} or returns false with a logcat message depending on whether the app * targets SDK level {@link android.os.Build.VERSION_CODES#S} or not. diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java index f0db3f9855df..fac5a6c08e8d 100644 --- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java +++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java @@ -1577,7 +1577,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void startRecentsActivity(Intent intent, long eventTime, @Nullable IRecentsAnimationRunner recentsAnimationRunner) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "startRecentsActivity()"); + enforceTaskPermission("startRecentsActivity()"); final int callingPid = Binder.getCallingPid(); final int callingUid = Binder.getCallingUid(); final long origId = Binder.clearCallingIdentity(); @@ -1605,7 +1605,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public final int startActivityFromRecents(int taskId, Bundle bOptions) { - enforceCallerIsRecentsOrHasPermission(START_TASKS_FROM_RECENTS, + mAmInternal.enforceCallingPermission(START_TASKS_FROM_RECENTS, "startActivityFromRecents()"); final int callingPid = Binder.getCallingPid(); @@ -1735,7 +1735,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public RootTaskInfo getFocusedRootTaskInfo() throws RemoteException { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "getFocusedRootTaskInfo()"); + enforceTaskPermission("getFocusedRootTaskInfo()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -1796,7 +1796,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public boolean removeTask(int taskId) { - enforceCallerIsRecentsOrHasPermission(REMOVE_TASKS, "removeTask()"); + mAmInternal.enforceCallingPermission(REMOVE_TASKS, "removeTask()"); synchronized (mGlobalLock) { final long ident = Binder.clearCallingIdentity(); try { @@ -1821,7 +1821,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void removeAllVisibleRecentTasks() { - enforceCallerIsRecentsOrHasPermission(REMOVE_TASKS, "removeAllVisibleRecentTasks()"); + mAmInternal.enforceCallingPermission(REMOVE_TASKS, "removeAllVisibleRecentTasks()"); synchronized (mGlobalLock) { final long ident = Binder.clearCallingIdentity(); try { @@ -1860,8 +1860,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public ActivityManager.TaskDescription getTaskDescription(int id) { synchronized (mGlobalLock) { - enforceCallerIsRecentsOrHasPermission( - MANAGE_ACTIVITY_TASKS, "getTaskDescription()"); + enforceTaskPermission("getTaskDescription()"); final Task tr = mRootWindowContainer.anyTaskForId(id, MATCH_ATTACHED_TASK_OR_RECENT_TASKS); if (tr != null) { @@ -1873,7 +1872,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public boolean setTaskWindowingMode(int taskId, int windowingMode, boolean toTop) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "setTaskWindowingMode()"); + enforceTaskPermission("setTaskWindowingMode()"); synchronized (mGlobalLock) { final long ident = Binder.clearCallingIdentity(); try { @@ -2103,7 +2102,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void moveTaskToRootTask(int taskId, int rootTaskId, boolean toTop) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "moveTaskToRootTask()"); + enforceTaskPermission("moveTaskToRootTask()"); synchronized (mGlobalLock) { final long ident = Binder.clearCallingIdentity(); try { @@ -2197,8 +2196,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { */ @Override public void removeRootTasksInWindowingModes(int[] windowingModes) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, - "removeRootTasksInWindowingModes()"); + enforceTaskPermission("removeRootTasksInWindowingModes()"); synchronized (mGlobalLock) { final long ident = Binder.clearCallingIdentity(); @@ -2212,8 +2210,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void removeRootTasksWithActivityTypes(int[] activityTypes) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, - "removeRootTasksWithActivityTypes()"); + enforceTaskPermission("removeRootTasksWithActivityTypes()"); synchronized (mGlobalLock) { final long ident = Binder.clearCallingIdentity(); @@ -2239,7 +2236,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public List<RootTaskInfo> getAllRootTaskInfos() { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "getAllRootTaskInfos()"); + enforceTaskPermission("getAllRootTaskInfos()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -2252,7 +2249,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public RootTaskInfo getRootTaskInfo(int windowingMode, int activityType) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "getRootTaskInfo()"); + enforceTaskPermission("getRootTaskInfo()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -2265,8 +2262,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public List<RootTaskInfo> getAllRootTaskInfosOnDisplay(int displayId) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, - "getAllRootTaskInfosOnDisplay()"); + enforceTaskPermission("getAllRootTaskInfosOnDisplay()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -2280,7 +2276,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public RootTaskInfo getRootTaskInfoOnDisplay(int windowingMode, int activityType, int displayId) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "getRootTaskInfoOnDisplay()"); + enforceTaskPermission("getRootTaskInfoOnDisplay()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -2293,7 +2289,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void cancelRecentsAnimation(boolean restoreHomeRootTaskPosition) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "cancelRecentsAnimation()"); + enforceTaskPermission("cancelRecentsAnimation()"); final long callingUid = Binder.getCallingUid(); final long origId = Binder.clearCallingIdentity(); try { @@ -2728,16 +2724,14 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { /** Sets the task stack listener that gets callbacks when a task stack changes. */ @Override public void registerTaskStackListener(ITaskStackListener listener) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, - "registerTaskStackListener()"); + enforceTaskPermission("registerTaskStackListener()"); mTaskChangeNotificationController.registerTaskStackListener(listener); } /** Unregister a task stack listener so that it stops receiving callbacks. */ @Override public void unregisterTaskStackListener(ITaskStackListener listener) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, - "unregisterTaskStackListener()"); + enforceTaskPermission("unregisterTaskStackListener()"); mTaskChangeNotificationController.unregisterTaskStackListener(listener); } @@ -2790,19 +2784,6 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { permission, Binder.getCallingPid(), Binder.getCallingUid()); } - /** This can be called with or without the global lock held. */ - void enforceCallerIsRecentsOrHasPermission(String permission, String func) { - if (getRecentTasks().isCallerRecents(Binder.getCallingUid())) { - return; - } - - if (permission.equals(MANAGE_ACTIVITY_TASKS) || permission.equals(MANAGE_ACTIVITY_STACKS)) { - enforceTaskPermission(func); - } else { - mAmInternal.enforceCallingPermission(permission, func); - } - } - /** * Returns true if the app can close system dialogs. Otherwise it either throws a {@link * SecurityException} or returns false with a logcat message depending on whether the app @@ -3263,7 +3244,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { public void resizePrimarySplitScreen(Rect dockedBounds, Rect tempDockedTaskBounds, Rect tempDockedTaskInsetBounds, Rect tempOtherTaskBounds, Rect tempOtherTaskInsetBounds) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "resizePrimarySplitScreen()"); + enforceTaskPermission("resizePrimarySplitScreen()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -3301,7 +3282,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void setSplitScreenResizing(boolean resizing) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, "setSplitScreenResizing()"); + enforceTaskPermission("setSplitScreenResizing()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -3371,8 +3352,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void cancelTaskWindowTransition(int taskId) { - enforceCallerIsRecentsOrHasPermission(MANAGE_ACTIVITY_TASKS, - "cancelTaskWindowTransition()"); + enforceTaskPermission("cancelTaskWindowTransition()"); final long ident = Binder.clearCallingIdentity(); try { synchronized (mGlobalLock) { @@ -3391,7 +3371,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public TaskSnapshot getTaskSnapshot(int taskId, boolean isLowResolution) { - enforceCallerIsRecentsOrHasPermission(READ_FRAME_BUFFER, "getTaskSnapshot()"); + mAmInternal.enforceCallingPermission(READ_FRAME_BUFFER, "getTaskSnapshot()"); final long ident = Binder.clearCallingIdentity(); try { return getTaskSnapshot(taskId, isLowResolution, true /* restoreFromDisk */); @@ -3526,7 +3506,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void stopAppSwitches() { - enforceCallerIsRecentsOrHasPermission(STOP_APP_SWITCHES, "stopAppSwitches"); + mAmInternal.enforceCallingPermission(STOP_APP_SWITCHES, "stopAppSwitches"); synchronized (mGlobalLock) { mAppSwitchesAllowed = false; mLastStopAppSwitchesTime = SystemClock.uptimeMillis(); @@ -3535,7 +3515,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { @Override public void resumeAppSwitches() { - enforceCallerIsRecentsOrHasPermission(STOP_APP_SWITCHES, "resumeAppSwitches"); + mAmInternal.enforceCallingPermission(STOP_APP_SWITCHES, "resumeAppSwitches"); synchronized (mGlobalLock) { mAppSwitchesAllowed = true; } @@ -5135,11 +5115,6 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { } @Override - public void enforceCallerIsRecentsOrHasPermission(String permission, String func) { - ActivityTaskManagerService.this.enforceCallerIsRecentsOrHasPermission(permission, func); - } - - @Override public boolean checkCanCloseSystemDialogs(int pid, int uid, @Nullable String packageName) { return ActivityTaskManagerService.this.checkCanCloseSystemDialogs(pid, uid, packageName); diff --git a/services/core/java/com/android/server/wm/Session.java b/services/core/java/com/android/server/wm/Session.java index b1606c506d5b..3d3e31da469c 100644 --- a/services/core/java/com/android/server/wm/Session.java +++ b/services/core/java/com/android/server/wm/Session.java @@ -103,6 +103,8 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient { private final ArraySet<WindowSurfaceController> mAlertWindowSurfaces = new ArraySet<>(); private final DragDropController mDragDropController; final boolean mCanAddInternalSystemWindow; + private final boolean mCanStartTasksFromRecents; + // If non-system overlays from this process can be hidden by the user or app using // HIDE_NON_SYSTEM_OVERLAY_WINDOWS. final boolean mOverlaysCanBeHidden; @@ -134,6 +136,8 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient { mCanCreateSystemApplicationOverlay = service.mContext.checkCallingOrSelfPermission(SYSTEM_APPLICATION_OVERLAY) == PERMISSION_GRANTED; + mCanStartTasksFromRecents = service.mContext.checkCallingOrSelfPermission( + START_TASKS_FROM_RECENTS) == PERMISSION_GRANTED; mOverlaysCanBeHidden = !mCanAddInternalSystemWindow && !mService.mAtmInternal.isCallerRecents(mUid); mCanAcquireSleepToken = service.mContext.checkCallingOrSelfPermission(DEVICE_POWER) @@ -374,8 +378,9 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient { } else if (hasShortcut) { // Restrict who can start a shortcut drag since it will start the shortcut as the // target shortcut package - mService.mAtmService.enforceCallerIsRecentsOrHasPermission(START_TASKS_FROM_RECENTS, - "performDrag"); + if (!mCanStartTasksFromRecents) { + throw new SecurityException("Requires START_TASKS_FROM_RECENTS permission"); + } for (int i = 0; i < data.getItemCount(); i++) { final ClipData.Item item = data.getItemAt(i); final Intent intent = item.getIntent(); @@ -403,8 +408,9 @@ class Session extends IWindowSession.Stub implements IBinder.DeathRecipient { } } else if (hasTask) { // TODO(b/169894807): Consider opening this up for tasks from the same app as the caller - mService.mAtmService.enforceCallerIsRecentsOrHasPermission(START_TASKS_FROM_RECENTS, - "performDrag"); + if (!mCanStartTasksFromRecents) { + throw new SecurityException("Requires START_TASKS_FROM_RECENTS permission"); + } for (int i = 0; i < data.getItemCount(); i++) { final ClipData.Item item = data.getItemAt(i); final Intent intent = item.getIntent(); diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index b6fabee33d60..8b50e6d81236 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -3938,8 +3938,10 @@ public class WindowManagerService extends IWindowManager.Stub @Override public void setIgnoreOrientationRequest(int displayId, boolean ignoreOrientationRequest) { - mAtmInternal.enforceCallerIsRecentsOrHasPermission( - android.Manifest.permission.SET_ORIENTATION, "setIgnoreOrientationRequest()"); + if (!checkCallingPermission( + android.Manifest.permission.SET_ORIENTATION, "setIgnoreOrientationRequest()")) { + throw new SecurityException("Requires SET_ORIENTATION permission"); + } final long origId = Binder.clearCallingIdentity(); try { @@ -6002,8 +6004,10 @@ public class WindowManagerService extends IWindowManager.Stub @Override public void setRecentsVisibility(boolean visible) { - mAtmInternal.enforceCallerIsRecentsOrHasPermission(android.Manifest.permission.STATUS_BAR, - "setRecentsVisibility()"); + if (!checkCallingPermission( + android.Manifest.permission.STATUS_BAR, "setRecentsVisibility()")) { + throw new SecurityException("Requires STATUS_BAR permission"); + } synchronized (mGlobalLock) { mPolicy.setRecentsVisibilityLw(visible); } @@ -6011,8 +6015,11 @@ public class WindowManagerService extends IWindowManager.Stub @Override public void hideTransientBars(int displayId) { - mAtmInternal.enforceCallerIsRecentsOrHasPermission(android.Manifest.permission.STATUS_BAR, - "hideTransientBars()"); + if (!checkCallingPermission( + android.Manifest.permission.STATUS_BAR, "hideTransientBars()")) { + throw new SecurityException("Requires STATUS_BAR permission"); + } + synchronized (mGlobalLock) { final DisplayContent displayContent = mRoot.getDisplayContent(displayId); if (displayContent != null) { @@ -8314,8 +8321,11 @@ public class WindowManagerService extends IWindowManager.Stub /** Return whether layer tracing is enabled */ public boolean isLayerTracing() { - mAtmInternal.enforceCallerIsRecentsOrHasPermission(android.Manifest.permission.DUMP, - "isLayerTracing"); + if (!checkCallingPermission( + android.Manifest.permission.DUMP, "isLayerTracing()")) { + throw new SecurityException("Requires DUMP permission"); + } + final long token = Binder.clearCallingIdentity(); try { Parcel data = null; @@ -8347,8 +8357,11 @@ public class WindowManagerService extends IWindowManager.Stub /** Enable or disable layer tracing */ public void setLayerTracing(boolean enabled) { - mAtmInternal.enforceCallerIsRecentsOrHasPermission(android.Manifest.permission.DUMP, - "setLayerTracing"); + if (!checkCallingPermission( + android.Manifest.permission.DUMP, "setLayerTracing()")) { + throw new SecurityException("Requires DUMP permission"); + } + final long token = Binder.clearCallingIdentity(); try { Parcel data = null; @@ -8374,8 +8387,11 @@ public class WindowManagerService extends IWindowManager.Stub /** Set layer tracing flags. */ public void setLayerTracingFlags(int flags) { - mAtmInternal.enforceCallerIsRecentsOrHasPermission(android.Manifest.permission.DUMP, - "setLayerTracingFlags"); + if (!checkCallingPermission( + android.Manifest.permission.DUMP, "setLayerTracingFlags")) { + throw new SecurityException("Requires DUMP permission"); + } + final long token = Binder.clearCallingIdentity(); try { Parcel data = null; diff --git a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java index df8a720d59b9..110bb21b5851 100644 --- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java +++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java @@ -164,9 +164,7 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase { @SmallTest public void testRegisterSystemActionWithoutPermission() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy) - .enforceCallerIsRecentsOrHasPermission( - Manifest.permission.MANAGE_ACCESSIBILITY, - AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION); + .enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); try { mA11yms.registerSystemAction(TEST_ACTION, ACTION_ID); @@ -185,9 +183,7 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase { @SmallTest public void testUnregisterSystemActionWithoutPermission() throws Exception { doThrow(SecurityException.class).when(mMockSecurityPolicy) - .enforceCallerIsRecentsOrHasPermission( - Manifest.permission.MANAGE_ACCESSIBILITY, - AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION); + .enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY); try { mA11yms.unregisterSystemAction(ACTION_ID); diff --git a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java index cc8ac86d6b59..c7e7c7861370 100644 --- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java +++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java @@ -51,9 +51,6 @@ import android.util.ArraySet; import android.view.accessibility.AccessibilityEvent; import android.view.accessibility.AccessibilityWindowInfo; -import com.android.server.LocalServices; -import com.android.server.wm.ActivityTaskManagerInternal; - import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -123,7 +120,6 @@ public class AccessibilitySecurityPolicyTest { @Mock private AccessibilityWindowManager mMockA11yWindowManager; @Mock private AppWidgetManagerInternal mMockAppWidgetManager; @Mock private AccessibilitySecurityPolicy.AccessibilityUserManager mMockA11yUserManager; - @Mock private ActivityTaskManagerInternal mMockActivityTaskManagerInternal; @Before public void setUp() { @@ -132,10 +128,6 @@ public class AccessibilitySecurityPolicyTest { when(mMockContext.getSystemService(Context.USER_SERVICE)).thenReturn(mMockUserManager); when(mMockContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mMockAppOpsManager); - LocalServices.removeServiceForTest(ActivityTaskManagerInternal.class); - LocalServices.addService( - ActivityTaskManagerInternal.class, mMockActivityTaskManagerInternal); - mA11ySecurityPolicy = new AccessibilitySecurityPolicy(mMockContext, mMockA11yUserManager); mA11ySecurityPolicy.setAccessibilityWindowManager(mMockA11yWindowManager); mA11ySecurityPolicy.setAppWidgetManager(mMockAppWidgetManager); @@ -570,10 +562,4 @@ public class AccessibilitySecurityPolicyTest { APP_UID, PACKAGE_NAME); } - @Test - public void testEnforceCallerIsRecentsOrHasPermission() { - mA11ySecurityPolicy.enforceCallerIsRecentsOrHasPermission(PERMISSION, FUNCTION); - verify(mMockActivityTaskManagerInternal).enforceCallerIsRecentsOrHasPermission( - PERMISSION, FUNCTION); - } } diff --git a/services/tests/wmtests/src/com/android/server/wm/DragDropControllerTests.java b/services/tests/wmtests/src/com/android/server/wm/DragDropControllerTests.java index 70d47a580801..8703c3103607 100644 --- a/services/tests/wmtests/src/com/android/server/wm/DragDropControllerTests.java +++ b/services/tests/wmtests/src/com/android/server/wm/DragDropControllerTests.java @@ -16,11 +16,13 @@ package com.android.server.wm; +import static android.Manifest.permission.START_TASKS_FROM_RECENTS; import static android.app.WindowConfiguration.ACTIVITY_TYPE_STANDARD; import static android.app.WindowConfiguration.WINDOWING_MODE_FULLSCREEN; import static android.content.ClipDescription.MIMETYPE_APPLICATION_ACTIVITY; import static android.content.ClipDescription.MIMETYPE_APPLICATION_SHORTCUT; import static android.content.ClipDescription.MIMETYPE_APPLICATION_TASK; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.view.DragEvent.ACTION_DRAG_STARTED; import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_INTERCEPT_GLOBAL_DRAG_AND_DROP; import static android.view.WindowManager.LayoutParams.TYPE_BASE_APPLICATION; @@ -34,6 +36,7 @@ import static com.android.dx.mockito.inline.extended.ExtendedMockito.when; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.verify; import android.app.PendingIntent; @@ -278,6 +281,8 @@ public class DragDropControllerTests extends WindowTestsBase { @Test public void testValidateAppShortcutArguments() { + doReturn(PERMISSION_GRANTED).when(mWm.mContext) + .checkCallingOrSelfPermission(eq(START_TASKS_FROM_RECENTS)); final Session session = new Session(mWm, new IWindowSessionCallback.Stub() { @Override public void onAnimatorScaleChanged(float scale) {} @@ -329,6 +334,8 @@ public class DragDropControllerTests extends WindowTestsBase { @Test public void testValidateAppTaskArguments() { + doReturn(PERMISSION_GRANTED).when(mWm.mContext) + .checkCallingOrSelfPermission(eq(START_TASKS_FROM_RECENTS)); final Session session = new Session(mWm, new IWindowSessionCallback.Stub() { @Override public void onAnimatorScaleChanged(float scale) {} diff --git a/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java b/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java index 673b00f25824..21fd04ee3ae9 100644 --- a/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java +++ b/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java @@ -45,7 +45,6 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.ArgumentMatchers.anyInt; -import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.reset; @@ -58,7 +57,6 @@ import android.app.ActivityManager.RecentTaskInfo; import android.app.ActivityManager.RunningTaskInfo; import android.app.ActivityTaskManager; import android.content.ComponentName; -import android.content.pm.PackageManager; import android.content.pm.ParceledListSlice; import android.content.pm.UserInfo; import android.os.Bundle; @@ -1109,28 +1107,6 @@ public class RecentTasksTest extends WindowTestsBase { assertEquals(originalStackCount, mTaskContainer.getRootTaskCount()); } - @Test - public void testNotRecentsComponent_denyApiAccess() throws Exception { - doReturn(PackageManager.PERMISSION_DENIED).when(mAtm) - .checkGetTasksPermission(anyString(), anyInt(), anyInt()); - // Expect the following methods to fail due to recents component not being set - mRecentTasks.setIsCallerRecentsOverride(TestRecentTasks.DENY_THROW_SECURITY_EXCEPTION); - doTestRecentTasksApis(false /* expectNoSecurityException */); - // Don't throw for the following tests - mRecentTasks.setIsCallerRecentsOverride(TestRecentTasks.DENY); - testGetTasksApis(false /* expectNoSecurityException */); - } - - @Test - public void testRecentsComponent_allowApiAccessWithoutPermissions() { - doReturn(PackageManager.PERMISSION_DENIED).when(mAtm) - .checkGetTasksPermission(anyString(), anyInt(), anyInt()); - // Set the recents component and ensure that the following calls do not fail - mRecentTasks.setIsCallerRecentsOverride(TestRecentTasks.GRANT); - doTestRecentTasksApis(true /* expectNoSecurityException */); - testGetTasksApis(true /* expectNoSecurityException */); - } - private void doTestRecentTasksApis(boolean expectCallable) { assertSecurityException(expectCallable, () -> mAtm.removeTask(INVALID_STACK_ID)); assertSecurityException(expectCallable, @@ -1295,13 +1271,7 @@ public class RecentTasksTest extends WindowTestsBase { } private static class TestRecentTasks extends RecentTasks { - static final int GRANT = 0; - static final int DENY = 1; - static final int DENY_THROW_SECURITY_EXCEPTION = 2; - - private boolean mOverrideIsCallerRecents; private boolean mIsTrimmableOverride; - private int mIsCallerRecentsPolicy; public boolean mLastAllowed; @@ -1334,26 +1304,6 @@ public class RecentTasksTest extends WindowTestsBase { return new int[] { TEST_USER_0_ID, TEST_QUIET_USER_ID }; } - @Override - boolean isCallerRecents(int callingUid) { - if (mOverrideIsCallerRecents) { - switch (mIsCallerRecentsPolicy) { - case GRANT: - return true; - case DENY: - return false; - case DENY_THROW_SECURITY_EXCEPTION: - throw new SecurityException(); - } - } - return super.isCallerRecents(callingUid); - } - - void setIsCallerRecentsOverride(int policy) { - mOverrideIsCallerRecents = true; - mIsCallerRecentsPolicy = policy; - } - /** * To simplify the setup for some tests, the caller can request that we only rely on the * visible range test to determine what is trimmable. In this case, we don't try to |