Merge "Clear permissions for virtual devices" into main

author: Manjeet Rulhania <mrulhania@google.com> 2023-12-06 23:38:21 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-12-06 23:38:21 +0000
commit: fb2d9f7cc45c9ccc3ee80d71f6d77333a68e90e7 (patch)
tree: ff9720bd921b02b139a4c2975847f0f80102ebcf
parent: 13db1201157b8172751e2e94b553c55812d8fcee (diff)
parent: bfd2e7a5e6883d47fdd75cb7a3c05412f2171df2 (diff)
2 files changed, 47 insertions, 4 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt
index bb68bc5c791d..44609acf7894 100644
--- a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt
@@ -61,6 +61,38 @@ class DevicePermissionPolicy : SchemePolicy() {
         }
     }
 
+    fun MutateStateScope.removeInactiveDevicesPermission(activePersistentDeviceIds: Set<String>) {
+        newState.userStates.forEachIndexed { _, userId, userState ->
+            userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ ->
+                val appIdDevicePermissionFlags =
+                    newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags()
+                val devicePermissionFlags =
+                    appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed
+
+                val removePersistentDeviceIds = mutableSetOf<String>()
+                devicePermissionFlags.forEachIndexed { _, deviceId, _ ->
+                    if (!activePersistentDeviceIds.contains(deviceId)) {
+                        removePersistentDeviceIds.add(deviceId)
+                    }
+                }
+
+                removePersistentDeviceIds.forEach { deviceId -> devicePermissionFlags -= deviceId }
+            }
+        }
+    }
+
+    fun MutateStateScope.onDeviceIdRemoved(deviceId: String) {
+        newState.userStates.forEachIndexed { _, userId, userState ->
+            userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ ->
+                val appIdDevicePermissionFlags =
+                    newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags()
+                val devicePermissionFlags =
+                    appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed
+                devicePermissionFlags -= deviceId
+            }
+        }
+    }
+
     override fun MutateStateScope.onStorageVolumeMounted(
         volumeUuid: String?,
         packageNames: List<String>,
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 7c539502461b..a7d32492d6e2 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -2314,6 +2314,18 @@ class PermissionService(private val service: AccessCheckingService) :
         service.onSystemReady()
         virtualDeviceManagerInternal =
             LocalServices.getService(VirtualDeviceManagerInternal::class.java)
+
+        virtualDeviceManagerInternal?.allPersistentDeviceIds?.let { persistentDeviceIds ->
+            service.mutateState {
+                with(devicePolicy) { removeInactiveDevicesPermission(persistentDeviceIds) }
+            }
+        }
+
+        // trim permission states for the external devices, when they are removed.
+        virtualDeviceManagerInternal?.registerPersistentDeviceIdRemovedListener { persistentDeviceId
+            ->
+            service.mutateState { with(devicePolicy) { onDeviceIdRemoved(persistentDeviceId) } }
+        }
         permissionControllerManager =
             PermissionControllerManager(context, PermissionThread.getHandler())
     }
@@ -2681,8 +2693,8 @@ class PermissionService(private val service: AccessCheckingService) :
                         permissionName in NOTIFICATIONS_PERMISSIONS &&
                             runtimePermissionRevokedUids.get(uid, true)
                 }
-                runtimePermissionChangedUidDevices
-                    .getOrPut(uid) { mutableSetOf() } += persistentDeviceId
+                runtimePermissionChangedUidDevices.getOrPut(uid) { mutableSetOf() } +=
+                    persistentDeviceId
             }
 
             if (permission.hasGids && !wasPermissionGranted && isPermissionGranted) {
@@ -2799,8 +2811,7 @@ class PermissionService(private val service: AccessCheckingService) :
 
         fun onPermissionsChanged(uid: Int, persistentDeviceId: String) {
             if (listeners.registeredCallbackCount > 0) {
-                obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0, persistentDeviceId)
-                    .sendToTarget()
+                obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0, persistentDeviceId).sendToTarget()
             }
         }
author	Manjeet Rulhania <mrulhania@google.com>	2023-12-06 23:38:21 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-12-06 23:38:21 +0000
commit	fb2d9f7cc45c9ccc3ee80d71f6d77333a68e90e7 (patch)
tree	ff9720bd921b02b139a4c2975847f0f80102ebcf
parent	13db1201157b8172751e2e94b553c55812d8fcee (diff)
parent	bfd2e7a5e6883d47fdd75cb7a3c05412f2171df2 (diff)