Add system server test API to force enforce signature permission allowlist.

So that we can test it in cts-root. This CL also creates a PermissionManagerLocal that is suitable for exposing system server local APIs. Bug: 308573169 Test: SignaturePermissionAllowlistTest Ignore-AOSP-First: New directory Change-Id: I5df799fd321e54b6cea14a929529a27f6436161c
author: Hai Zhang <zhanghai@google.com> 2024-02-15 17:15:09 -0800
committer: Hai Zhang <zhanghai@google.com> 2024-03-11 17:26:49 -0700
commit: 70baff8c57fd9cafbafffdc05b0fd314fa0373d3 (patch)
tree: 1565a6ed6a293e55080f68ad5c4ddf82eaf9bbda
parent: 2239f2cae2a9dbba430c3278fd0f4fdc7fad8b3e (diff)
5 files changed, 104 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/permission/OWNERS b/services/core/java/com/android/server/permission/OWNERS
new file mode 100644
index 000000000000..fb6099cf7e5a
--- /dev/null
+++ b/services/core/java/com/android/server/permission/OWNERS
@@ -0,0 +1,3 @@
+# Bug component: 137825
+
+include platform/frameworks/base:/core/java/android/permission/OWNERS
diff --git a/services/core/java/com/android/server/permission/PermissionManagerLocal.java b/services/core/java/com/android/server/permission/PermissionManagerLocal.java
new file mode 100644
index 000000000000..7251e6ee62de
--- /dev/null
+++ b/services/core/java/com/android/server/permission/PermissionManagerLocal.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.permission;
+
+import android.annotation.TestApi;
+import com.android.internal.annotations.Keep;
+
+/**
+ * In-process API for server side permission related infrastructure.
+ *
+ * @hide
+ */
+@Keep
+@TestApi
+public interface PermissionManagerLocal {
+
+    /**
+     * Get whether signature permission allowlist is enforced even on debuggable builds.
+     *
+     * @return whether the signature permission allowlist is force enforced
+     */
+    @TestApi
+    boolean isSignaturePermissionAllowlistForceEnforced();
+
+    /**
+     * Set whether signature permission allowlist is enforced even on debuggable builds.
+     *
+     * @param forceEnforced whether the signature permission allowlist is force enforced
+     */
+    @TestApi
+    void setSignaturePermissionAllowlistForceEnforced(boolean forceEnforced);
+}
diff --git a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
index acaec211440d..fd2e8c8fc9e7 100644
--- a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
@@ -27,9 +27,11 @@ import com.android.server.LocalServices
 import com.android.server.SystemConfig
 import com.android.server.SystemService
 import com.android.server.appop.AppOpsCheckingServiceInterface
+import com.android.server.permission.PermissionManagerLocal
 import com.android.server.permission.access.appop.AppOpService
 import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports
 import com.android.server.permission.access.immutable.* // ktlint-disable no-wildcard-imports
+import com.android.server.permission.access.permission.PermissionManagerLocalImpl
 import com.android.server.permission.access.permission.PermissionService
 import com.android.server.pm.KnownPackages
 import com.android.server.pm.PackageManagerLocal
@@ -63,6 +65,11 @@ class AccessCheckingService(context: Context) : SystemService(context) {
 
         LocalServices.addService(AppOpsCheckingServiceInterface::class.java, appOpService)
         LocalServices.addService(PermissionManagerServiceInterface::class.java, permissionService)
+
+        LocalManagerRegistry.addManager(
+            PermissionManagerLocal::class.java,
+            PermissionManagerLocalImpl(this)
+        )
     }
 
     fun initialize() {
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
index 67df67fdf6c1..af8ce31205bf 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
@@ -63,6 +63,12 @@ class AppIdPermissionPolicy : SchemePolicy() {
 
     private val privilegedPermissionAllowlistViolations = MutableIndexedSet<String>()
 
+    /**
+     * Test-only switch to enforce signature permission allowlist even on debuggable builds.
+     */
+    @Volatile
+    var isSignaturePermissionAllowlistForceEnforced = false
+
     override val subjectScheme: String
         get() = UidUri.SCHEME
 
@@ -1274,7 +1280,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
                     SigningDetails.CertCapabilities.PERMISSION
                 )
         if (!Flags.signaturePermissionAllowlistEnabled()) {
-            return hasCommonSigner;
+            return hasCommonSigner
         }
         if (!hasCommonSigner) {
             return false
@@ -1308,7 +1314,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
                         " ${packageState.packageName} (${packageState.path}) not in" +
                         " signature permission allowlist"
                 )
-                if (!Build.isDebuggable()) {
+                if (!Build.isDebuggable() || isSignaturePermissionAllowlistForceEnforced) {
                     return false
                 }
             }
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionManagerLocalImpl.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionManagerLocalImpl.kt
new file mode 100644
index 000000000000..ad2d70bbe147
--- /dev/null
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionManagerLocalImpl.kt
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.permission.access.permission
+
+import android.os.Build
+import com.android.server.permission.PermissionManagerLocal
+import com.android.server.permission.access.AccessCheckingService
+import com.android.server.permission.access.PermissionUri
+import com.android.server.permission.access.UidUri
+
+class PermissionManagerLocalImpl(
+    private val service: AccessCheckingService
+) : PermissionManagerLocal {
+    private val policy =
+        service.getSchemePolicy(UidUri.SCHEME, PermissionUri.SCHEME) as AppIdPermissionPolicy
+
+    override fun isSignaturePermissionAllowlistForceEnforced(): Boolean {
+        check(Build.isDebuggable())
+        return policy.isSignaturePermissionAllowlistForceEnforced
+    }
+
+    override fun setSignaturePermissionAllowlistForceEnforced(forceEnforced: Boolean) {
+        check(Build.isDebuggable())
+        policy.isSignaturePermissionAllowlistForceEnforced = forceEnforced
+    }
+}
author	Hai Zhang <zhanghai@google.com>	2024-02-15 17:15:09 -0800
committer	Hai Zhang <zhanghai@google.com>	2024-03-11 17:26:49 -0700
commit	70baff8c57fd9cafbafffdc05b0fd314fa0373d3 (patch)
tree	1565a6ed6a293e55080f68ad5c4ddf82eaf9bbda
parent	2239f2cae2a9dbba430c3278fd0f4fdc7fad8b3e (diff)