diff options
| author | 2024-06-06 14:19:55 -0700 | |
|---|---|---|
| committer | 2024-06-07 10:38:44 -0700 | |
| commit | b77cbf433fc4f2d87fb22a6aeb0c4dfeae578ef3 (patch) | |
| tree | a5cf872c07572f59d76bf39c604f664c7be0c574 | |
| parent | 6b410e61ff3df87e5a6df130b8d578d6075347cb (diff) | |
Implement finishOperation in shell delegate
Also causes finishProxyOperation to no longer call the finish
implementation on both shell and delegated app
Fixes: 260180018
Test: atest HotwordDetectionServiceBasicTest#testHotwordDetectionService_concurrentCapture
Change-Id: I0bfc6bb6b3c6201158348d5b6777f6a66934f390
| -rw-r--r-- | core/java/android/app/AppOpsManagerInternal.java | 6 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/AccessCheckDelegate.java | 55 |
2 files changed, 39 insertions, 22 deletions
diff --git a/core/java/android/app/AppOpsManagerInternal.java b/core/java/android/app/AppOpsManagerInternal.java index f8a8f5dedc4c..b21defbcc0e3 100644 --- a/core/java/android/app/AppOpsManagerInternal.java +++ b/core/java/android/app/AppOpsManagerInternal.java @@ -172,11 +172,9 @@ public abstract class AppOpsManagerInternal { * @param virtualDeviceId the device for which to finish the op * @param superImpl */ - default void finishOperation(IBinder clientId, int code, int uid, String packageName, + void finishOperation(IBinder clientId, int code, int uid, String packageName, String attributionTag, int virtualDeviceId, @NonNull HexConsumer<IBinder, Integer, - Integer, String, String, Integer> superImpl) { - superImpl.accept(clientId, code, uid, packageName, attributionTag, virtualDeviceId); - } + Integer, String, String, Integer> superImpl); /** * Allows overriding finish proxy op. diff --git a/services/core/java/com/android/server/pm/permission/AccessCheckDelegate.java b/services/core/java/com/android/server/pm/permission/AccessCheckDelegate.java index 3edd6975ab7d..f518769bdb35 100644 --- a/services/core/java/com/android/server/pm/permission/AccessCheckDelegate.java +++ b/services/core/java/com/android/server/pm/permission/AccessCheckDelegate.java @@ -38,6 +38,7 @@ import android.util.SparseArray; import com.android.internal.util.ArrayUtils; import com.android.internal.util.function.DodecFunction; +import com.android.internal.util.function.HexConsumer; import com.android.internal.util.function.HexFunction; import com.android.internal.util.function.OctFunction; import com.android.internal.util.function.QuadFunction; @@ -269,8 +270,8 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe if (isDelegatePermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { - return checkPermission(SHELL_PKG, permissionName, - persistentDeviceId, userId, superImpl); + return checkPermission(SHELL_PKG, permissionName, persistentDeviceId, + userId, superImpl); } finally { Binder.restoreCallingIdentity(identity); } @@ -323,8 +324,7 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe Process.SHELL_UID); final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(code, shellUid, "com.android.shell", null, - virtualDeviceId, raw); + return superImpl.apply(code, shellUid, SHELL_PKG, null, virtualDeviceId, raw); } finally { Binder.restoreCallingIdentity(identity); } @@ -340,7 +340,7 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe Process.SHELL_UID); final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(code, usage, shellUid, "com.android.shell"); + return superImpl.apply(code, usage, shellUid, SHELL_PKG); } finally { Binder.restoreCallingIdentity(identity); } @@ -359,9 +359,8 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe Process.SHELL_UID); final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(code, shellUid, "com.android.shell", featureId, - virtualDeviceId, shouldCollectAsyncNotedOp, message, - shouldCollectMessage); + return superImpl.apply(code, shellUid, SHELL_PKG, featureId, virtualDeviceId, + shouldCollectAsyncNotedOp, message, shouldCollectMessage); } finally { Binder.restoreCallingIdentity(identity); } @@ -382,8 +381,8 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe final long identity = Binder.clearCallingIdentity(); try { return superImpl.apply(code, - new AttributionSource(shellUid, Process.INVALID_PID, - "com.android.shell", attributionSource.getAttributionTag(), + new AttributionSource(shellUid, Process.INVALID_PID, SHELL_PKG, + attributionSource.getAttributionTag(), attributionSource.getToken(), /*renouncedPermissions*/ null, attributionSource.getDeviceId(), attributionSource.getNext()), shouldCollectAsyncNotedOp, message, shouldCollectMessage, @@ -409,10 +408,9 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe Process.SHELL_UID); final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(token, code, shellUid, "com.android.shell", - attributionTag, virtualDeviceId, startIfModeDefault, - shouldCollectAsyncNotedOp, message, shouldCollectMessage, - attributionFlags, attributionChainId); + return superImpl.apply(token, code, shellUid, SHELL_PKG, attributionTag, + virtualDeviceId, startIfModeDefault, shouldCollectAsyncNotedOp, message, + shouldCollectMessage, attributionFlags, attributionChainId); } finally { Binder.restoreCallingIdentity(identity); } @@ -438,8 +436,8 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe final long identity = Binder.clearCallingIdentity(); try { return superImpl.apply(clientId, code, - new AttributionSource(shellUid, Process.INVALID_PID, - "com.android.shell", attributionSource.getAttributionTag(), + new AttributionSource(shellUid, Process.INVALID_PID, SHELL_PKG, + attributionSource.getAttributionTag(), attributionSource.getToken(), /*renouncedPermissions*/ null, attributionSource.getDeviceId(), attributionSource.getNext()), startIfModeDefault, shouldCollectAsyncNotedOp, message, @@ -465,11 +463,12 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe final long identity = Binder.clearCallingIdentity(); try { superImpl.apply(clientId, code, - new AttributionSource(shellUid, Process.INVALID_PID, - "com.android.shell", attributionSource.getAttributionTag(), + new AttributionSource(shellUid, Process.INVALID_PID, SHELL_PKG, + attributionSource.getAttributionTag(), attributionSource.getToken(), /*renouncedPermissions*/ null, attributionSource.getDeviceId(), attributionSource.getNext()), skipProxyOperation); + return; } finally { Binder.restoreCallingIdentity(identity); } @@ -477,6 +476,26 @@ public interface AccessCheckDelegate extends CheckPermissionDelegate, CheckOpsDe superImpl.apply(clientId, code, attributionSource, skipProxyOperation); } + @Override + public void finishOperation(IBinder clientId, int code, int uid, String packageName, + String attributionTag, int virtualDeviceId, @NonNull HexConsumer<IBinder, Integer, + Integer, String, String, Integer> superImpl) { + if (uid == mDelegateAndOwnerUid && isDelegateOp(code)) { + final int shellUid = + UserHandle.getUid(UserHandle.getUserId(uid), Process.SHELL_UID); + final long identity = Binder.clearCallingIdentity(); + try { + superImpl.accept(clientId, code, shellUid, SHELL_PKG, attributionTag, + virtualDeviceId); + return; + } finally { + Binder.restoreCallingIdentity(identity); + } + } + superImpl.accept(clientId, code, uid, packageName, attributionTag, + virtualDeviceId); + } + private boolean isDelegatePermission(@NonNull String permission) { // null permissions means all permissions are delegated return mDelegateAndOwnerUid != INVALID_UID |