diff options
| author | 2022-02-09 06:20:11 +0000 | |
|---|---|---|
| committer | 2022-02-09 06:20:11 +0000 | |
| commit | 898058eb428f11a4e57fc82b0fe86c00f43281f7 (patch) | |
| tree | c9005543403267dbb300fdaf66a270af802cf81f | |
| parent | 7fab305427e3499b175f13741c5e868716820d0a (diff) | |
| parent | 15703451445df94e7cc17fca031fc8e0640d3aae (diff) | |
Merge "Migrate DynamicSystemService to @EnforcePermission" am: b845dbac21 am: 746cfb436c am: 3dd695c244 am: 1570345144
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1946229
Change-Id: I08c2d542318f8b17ff00400a2a9c96620b7529f5
| -rw-r--r-- | core/java/android/os/image/IDynamicSystemService.aidl | 15 | ||||
| -rw-r--r-- | services/core/java/com/android/server/DynamicSystemService.java | 26 |
2 files changed, 32 insertions, 9 deletions
diff --git a/core/java/android/os/image/IDynamicSystemService.aidl b/core/java/android/os/image/IDynamicSystemService.aidl index a5a40ad55853..4e69952fac2f 100644 --- a/core/java/android/os/image/IDynamicSystemService.aidl +++ b/core/java/android/os/image/IDynamicSystemService.aidl @@ -26,6 +26,7 @@ interface IDynamicSystemService * @param dsuSlot Name used to identify this installation * @return true if the call succeeds */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean startInstallation(@utf8InCpp String dsuSlot); /** @@ -36,6 +37,7 @@ interface IDynamicSystemService * @param readOnly True if this partition is readOnly * @return true if the call succeeds */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean createPartition(@utf8InCpp String name, long size, boolean readOnly); /** @@ -43,12 +45,14 @@ interface IDynamicSystemService * * @return true if the partition installation completes without error. */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean closePartition(); /** * Finish a previously started installation. Installations without * a cooresponding finishInstallation() will be cleaned up during device boot. */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean finishInstallation(); /** @@ -57,6 +61,7 @@ interface IDynamicSystemService * * @return GsiProgress */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") GsiProgress getInstallationProgress(); /** @@ -66,21 +71,25 @@ interface IDynamicSystemService * * @return true if the call succeeds */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean abort(); /** * @return true if the device is running an DynamicAnroid image */ + @RequiresNoPermission boolean isInUse(); /** * @return true if the device has an DynamicSystem image installed */ + @RequiresNoPermission boolean isInstalled(); /** * @return true if the device has an DynamicSystem image enabled */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean isEnabled(); /** @@ -88,6 +97,7 @@ interface IDynamicSystemService * * @return true if the call succeeds */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean remove(); /** @@ -97,6 +107,7 @@ interface IDynamicSystemService * * @return true if the call succeeds */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean setEnable(boolean enable, boolean oneShot); /** @@ -106,6 +117,7 @@ interface IDynamicSystemService * @param fd fd that points to a ashmem * @param size size of the ashmem file */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean setAshmem(in ParcelFileDescriptor fd, long size); /** @@ -115,6 +127,7 @@ interface IDynamicSystemService * @param bytes number of bytes that can be read from stream. * @return true on success, false otherwise. */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean submitFromAshmem(long bytes); /** @@ -124,10 +137,12 @@ interface IDynamicSystemService * @return true on success, false if partition doesn't have a * valid VBMeta block to retrieve the AVB key from. */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") boolean getAvbPublicKey(out AvbPublicKey dst); /** * Returns the suggested scratch partition size for overlayFS. */ + @EnforcePermission("MANAGE_DYNAMIC_SYSTEM") long suggestScratchSize(); } diff --git a/services/core/java/com/android/server/DynamicSystemService.java b/services/core/java/com/android/server/DynamicSystemService.java index e29e894a5cc0..e924012c8892 100644 --- a/services/core/java/com/android/server/DynamicSystemService.java +++ b/services/core/java/com/android/server/DynamicSystemService.java @@ -16,8 +16,9 @@ package com.android.server; +import android.annotation.EnforcePermission; +import android.annotation.RequiresNoPermission; import android.content.Context; -import android.content.pm.PackageManager; import android.gsi.AvbPublicKey; import android.gsi.GsiProgress; import android.gsi.IGsiService; @@ -53,20 +54,12 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } private IGsiService getGsiService() { - checkPermission(); if (mGsiService != null) { return mGsiService; } return IGsiService.Stub.asInterface(ServiceManager.waitForService("gsiservice")); } - private void checkPermission() { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) - != PackageManager.PERMISSION_GRANTED) { - throw new SecurityException("Requires MANAGE_DYNAMIC_SYSTEM permission"); - } - } - class GsiServiceCallback extends IGsiServiceCallback.Stub { // 0 for success private int mResult = -1; @@ -82,6 +75,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean startInstallation(String dsuSlot) throws RemoteException { IGsiService service = getGsiService(); mGsiService = service; @@ -124,6 +118,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean createPartition(String name, long size, boolean readOnly) throws RemoteException { IGsiService service = getGsiService(); @@ -135,6 +130,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean closePartition() throws RemoteException { IGsiService service = getGsiService(); if (service.closePartition() != 0) { @@ -145,6 +141,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean finishInstallation() throws RemoteException { IGsiService service = getGsiService(); if (service.closeInstall() != 0) { @@ -155,21 +152,25 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public GsiProgress getInstallationProgress() throws RemoteException { return getGsiService().getInstallProgress(); } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean abort() throws RemoteException { return getGsiService().cancelGsiInstall(); } @Override + @RequiresNoPermission public boolean isInUse() { return SystemProperties.getBoolean("ro.gsid.image_running", false); } @Override + @RequiresNoPermission public boolean isInstalled() { boolean installed = SystemProperties.getBoolean("gsid.image_installed", false); Slog.i(TAG, "isInstalled(): " + installed); @@ -177,11 +178,13 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean isEnabled() throws RemoteException { return getGsiService().isGsiEnabled(); } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean remove() throws RemoteException { try { GsiServiceCallback callback = new GsiServiceCallback(); @@ -197,6 +200,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean setEnable(boolean enable, boolean oneShot) throws RemoteException { IGsiService gsiService = getGsiService(); if (enable) { @@ -220,6 +224,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean setAshmem(ParcelFileDescriptor ashmem, long size) { try { return getGsiService().setGsiAshmem(ashmem, size); @@ -229,6 +234,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean submitFromAshmem(long size) { try { return getGsiService().commitGsiChunkFromAshmem(size); @@ -238,6 +244,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public boolean getAvbPublicKey(AvbPublicKey dst) { try { return getGsiService().getAvbPublicKey(dst) == 0; @@ -247,6 +254,7 @@ public class DynamicSystemService extends IDynamicSystemService.Stub { } @Override + @EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM) public long suggestScratchSize() throws RemoteException { return getGsiService().suggestScratchSize(); } |