Fix implementing AFMS.executeAppFunction

Flag: android.app.appfunctions.flags.enable_app_function_manager Test: manual Bug: 357551503 Change-Id: If74128b30b54e95e8ed826b675f1bad59d337583
author: Oluwarotimi Adesina <oadesina@google.com> 2024-08-20 14:55:12 +0000
committer: Oluwarotimi Adesina <oadesina@google.com> 2024-08-20 21:44:18 +0000
commit: 5cdcf519e3dfa3476a198f6f190e96da312aa243 (patch)
tree: cac58e80c4a5a69dad596f88c95230ac2afb33f7
parent: a2574c97ab89807d290ddc8fc09514eef05cc510 (diff)
3 files changed, 31 insertions, 11 deletions
diff --git a/core/java/android/app/appfunctions/IAppFunctionManager.aidl b/core/java/android/app/appfunctions/IAppFunctionManager.aidl
index 14944f043d74..ef37095fbfa4 100644
--- a/core/java/android/app/appfunctions/IAppFunctionManager.aidl
+++ b/core/java/android/app/appfunctions/IAppFunctionManager.aidl
@@ -20,10 +20,11 @@ import android.app.appfunctions.ExecuteAppFunctionAidlRequest;
 import android.app.appfunctions.IExecuteAppFunctionCallback;
 
 /**
-* Interface between an app and the server implementation service (AppFunctionManagerService).
-* @hide
-*/
-oneway interface IAppFunctionManager {
+ * Defines the interface for apps to interact with the app function execution service
+ * {@code AppFunctionManagerService} running in the system server process.
+ * @hide
+ */
+interface IAppFunctionManager {
     /**
     * Executes an app function provided by {@link AppFunctionService} through the system.
     *
diff --git a/core/java/android/app/appfunctions/IAppFunctionService.aidl b/core/java/android/app/appfunctions/IAppFunctionService.aidl
index 12b5c55c7441..cc5a20cfa194 100644
--- a/core/java/android/app/appfunctions/IAppFunctionService.aidl
+++ b/core/java/android/app/appfunctions/IAppFunctionService.aidl
@@ -21,7 +21,14 @@ import android.app.appfunctions.IExecuteAppFunctionCallback;
 import android.app.appfunctions.ExecuteAppFunctionRequest;
 
 
- /** {@hide} */
+/**
+ * Defines the interface for the system server to request the execution of an app function within
+ * the app process.
+ *
+ * This interface is implemented by the app and exposed to the system server via a {@code Service}.
+ *
+ * @hide
+ */
 oneway interface IAppFunctionService {
     /**
      * Called by the system to execute a specific app function.
diff --git a/services/appfunctions/java/com/android/server/appfunctions/AppFunctionManagerServiceImpl.java b/services/appfunctions/java/com/android/server/appfunctions/AppFunctionManagerServiceImpl.java
index e2167a889cff..e48512158ce3 100644
--- a/services/appfunctions/java/com/android/server/appfunctions/AppFunctionManagerServiceImpl.java
+++ b/services/appfunctions/java/com/android/server/appfunctions/AppFunctionManagerServiceImpl.java
@@ -82,10 +82,19 @@ public class AppFunctionManagerServiceImpl extends IAppFunctionManager.Stub {
         final SafeOneTimeExecuteAppFunctionCallback safeExecuteAppFunctionCallback =
                 new SafeOneTimeExecuteAppFunctionCallback(executeAppFunctionCallback);
 
-        String validatedCallingPackage = mCallerValidator
-                .validateCallingPackage(requestInternal.getCallingPackage());
-        UserHandle targetUser = mCallerValidator.verifyTargetUserHandle(
-                requestInternal.getUserHandle(), validatedCallingPackage);
+        String validatedCallingPackage;
+        UserHandle targetUser;
+        try {
+            validatedCallingPackage = mCallerValidator
+                    .validateCallingPackage(requestInternal.getCallingPackage());
+            targetUser = mCallerValidator.verifyTargetUserHandle(
+                    requestInternal.getUserHandle(), validatedCallingPackage);
+        } catch (SecurityException exception) {
+            safeExecuteAppFunctionCallback.onResult(new ExecuteAppFunctionResponse
+                    .Builder(ExecuteAppFunctionResponse.RESULT_DENIED,
+                    exception.getMessage()).build());
+            return;
+        }
 
         // TODO(b/354956319): Add and honor the new enterprise policies.
         if (mCallerValidator.isUserOrganizationManaged(targetUser)) {
@@ -107,8 +116,11 @@ public class AppFunctionManagerServiceImpl extends IAppFunctionManager.Stub {
 
         if (!mCallerValidator.verifyCallerCanExecuteAppFunction(
                 validatedCallingPackage, targetPackageName)) {
-            throw new SecurityException("Caller does not have permission to execute the app "
-                    + "function.");
+            safeExecuteAppFunctionCallback.onResult(new ExecuteAppFunctionResponse
+                    .Builder(ExecuteAppFunctionResponse.RESULT_DENIED,
+                    "Caller does not have permission to execute the appfunction")
+                    .build());
+            return;
         }
 
         Intent serviceIntent = mInternalServiceHelper.resolveAppFunctionService(
author	Oluwarotimi Adesina <oadesina@google.com>	2024-08-20 14:55:12 +0000
committer	Oluwarotimi Adesina <oadesina@google.com>	2024-08-20 21:44:18 +0000
commit	5cdcf519e3dfa3476a198f6f190e96da312aa243 (patch)
tree	cac58e80c4a5a69dad596f88c95230ac2afb33f7
parent	a2574c97ab89807d290ddc8fc09514eef05cc510 (diff)