diff options
19 files changed, 215 insertions, 138 deletions
diff --git a/core/java/android/app/ActivityManager.java b/core/java/android/app/ActivityManager.java index d76e20114816..37a1e62c8cc0 100644 --- a/core/java/android/app/ActivityManager.java +++ b/core/java/android/app/ActivityManager.java @@ -4699,8 +4699,14 @@ public class ActivityManager { @UnsupportedAppUsage public static int checkComponentPermission(String permission, int uid, int owningUid, boolean exported) { + return checkComponentPermission(permission, uid, Context.DEVICE_ID_DEFAULT, + owningUid, exported); + } + + /** @hide */ + public static int checkComponentPermission(String permission, int uid, int deviceId, + int owningUid, boolean exported) { // Root, system server get to do everything. - final int appId = UserHandle.getAppId(uid); if (canAccessUnexportedComponents(uid)) { return PackageManager.PERMISSION_GRANTED; } @@ -4727,8 +4733,7 @@ public class ActivityManager { return PackageManager.PERMISSION_GRANTED; } try { - return AppGlobals.getPackageManager() - .checkUidPermission(permission, uid); + return AppGlobals.getPermissionManager().checkUidPermission(uid, permission, deviceId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -4737,8 +4742,8 @@ public class ActivityManager { /** @hide */ public static int checkUidPermission(String permission, int uid) { try { - return AppGlobals.getPackageManager() - .checkUidPermission(permission, uid); + return AppGlobals.getPermissionManager().checkUidPermission( + uid, permission, Context.DEVICE_ID_DEFAULT); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index 0e3a6959bed7..9121cf09c982 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -827,7 +827,8 @@ public class ApplicationPackageManager extends PackageManager { @Override public int checkPermission(String permName, String pkgName) { - return PermissionManager.checkPackageNamePermission(permName, pkgName, getUserId()); + return PermissionManager.checkPackageNamePermission(permName, pkgName, + mContext.getDeviceId(), getUserId()); } @Override diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java index 2056eca800e1..ab567ac20bd2 100644 --- a/core/java/android/app/ContextImpl.java +++ b/core/java/android/app/ContextImpl.java @@ -2262,7 +2262,7 @@ class ContextImpl extends Context { Log.v(TAG, "Treating renounced permission " + permission + " as denied"); return PERMISSION_DENIED; } - return PermissionManager.checkPermission(permission, pid, uid); + return PermissionManager.checkPermission(permission, pid, uid, getDeviceId()); } /** @hide */ diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl index 46260ea5e658..a8b1688cc43b 100644 --- a/core/java/android/app/IActivityManager.aidl +++ b/core/java/android/app/IActivityManager.aidl @@ -924,4 +924,6 @@ interface IActivityManager { void unregisterUidFrozenStateChangedCallback(in IUidFrozenStateChangedCallback callback); @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.PACKAGE_USAGE_STATS)") int[] getUidFrozenState(in int[] uids); + + int checkPermissionForDevice(in String permission, int pid, int uid, int deviceId); } diff --git a/core/java/android/app/UiAutomationConnection.java b/core/java/android/app/UiAutomationConnection.java index 52949d6d1fbd..6f4abfdc05c1 100644 --- a/core/java/android/app/UiAutomationConnection.java +++ b/core/java/android/app/UiAutomationConnection.java @@ -343,6 +343,9 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub { } } + /** + * Grants permission for the {@link Context#DEVICE_ID_DEFAULT default device} + */ @Override public void grantRuntimePermission(String packageName, String permission, int userId) throws RemoteException { @@ -353,12 +356,16 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub { } final long identity = Binder.clearCallingIdentity(); try { - mPermissionManager.grantRuntimePermission(packageName, permission, userId); + mPermissionManager.grantRuntimePermission(packageName, permission, + Context.DEVICE_ID_DEFAULT, userId); } finally { Binder.restoreCallingIdentity(identity); } } + /** + * Revokes permission for the {@link Context#DEVICE_ID_DEFAULT default device} + */ @Override public void revokeRuntimePermission(String packageName, String permission, int userId) throws RemoteException { @@ -369,7 +376,8 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub { } final long identity = Binder.clearCallingIdentity(); try { - mPermissionManager.revokeRuntimePermission(packageName, permission, userId, null); + mPermissionManager.revokeRuntimePermission(packageName, permission, + Context.DEVICE_ID_DEFAULT, userId, null); } finally { Binder.restoreCallingIdentity(identity); } diff --git a/core/java/android/permission/IPermissionManager.aidl b/core/java/android/permission/IPermissionManager.aidl index d19fd8fdf87b..18ede44dca20 100644 --- a/core/java/android/permission/IPermissionManager.aidl +++ b/core/java/android/permission/IPermissionManager.aidl @@ -42,10 +42,10 @@ interface IPermissionManager { void removePermission(String permissionName); - int getPermissionFlags(String packageName, String permissionName, int userId); + int getPermissionFlags(String packageName, String permissionName, int deviceId, int userId); void updatePermissionFlags(String packageName, String permissionName, int flagMask, - int flagValues, boolean checkAdjustPolicyFlagPermission, int userId); + int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId); void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId); @@ -62,17 +62,18 @@ interface IPermissionManager { boolean removeAllowlistedRestrictedPermission(String packageName, String permissionName, int flags, int userId); - void grantRuntimePermission(String packageName, String permissionName, int userId); + void grantRuntimePermission(String packageName, String permissionName, int deviceId, int userId); - void revokeRuntimePermission(String packageName, String permissionName, int userId, - String reason); + void revokeRuntimePermission(String packageName, String permissionName, int deviceId, + int userId, String reason); void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId); boolean shouldShowRequestPermissionRationale(String packageName, String permissionName, - int userId); + int deviceId, int userId); - boolean isPermissionRevokedByPolicy(String packageName, String permissionName, int userId); + boolean isPermissionRevokedByPolicy(String packageName, String permissionName, int deviceId, + int userId); List<SplitPermissionInfoParcelable> getSplitPermissions(); @@ -94,4 +95,8 @@ interface IPermissionManager { void registerAttributionSource(in AttributionSourceState source); boolean isRegisteredAttributionSource(in AttributionSourceState source); + + int checkPermission(String packageName, String permissionName, int deviceId, int userId); + + int checkUidPermission(int uid, String permissionName, int deviceId); } diff --git a/core/java/android/permission/PermissionManager.java b/core/java/android/permission/PermissionManager.java index 9ae87deccc8b..7d3921049712 100644 --- a/core/java/android/permission/PermissionManager.java +++ b/core/java/android/permission/PermissionManager.java @@ -66,6 +66,7 @@ import android.os.RemoteException; import android.os.ServiceManager; import android.os.SystemClock; import android.os.UserHandle; +import android.text.TextUtils; import android.util.ArrayMap; import android.util.ArraySet; import android.util.DebugUtils; @@ -571,7 +572,7 @@ public final class PermissionManager { @NonNull String permissionName) { try { return mPermissionManager.isPermissionRevokedByPolicy(packageName, permissionName, - mContext.getUserId()); + mContext.getDeviceId(), mContext.getUserId()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -615,7 +616,7 @@ public final class PermissionManager { } try { mPermissionManager.grantRuntimePermission(packageName, permissionName, - user.getIdentifier()); + mContext.getDeviceId(), user.getIdentifier()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -652,8 +653,8 @@ public final class PermissionManager { + reason, new RuntimeException()); } try { - mPermissionManager - .revokeRuntimePermission(packageName, permName, user.getIdentifier(), reason); + mPermissionManager.revokeRuntimePermission(packageName, permName, + mContext.getDeviceId(), user.getIdentifier(), reason); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -680,7 +681,7 @@ public final class PermissionManager { @NonNull UserHandle user) { try { return mPermissionManager.getPermissionFlags(packageName, permissionName, - user.getIdentifier()); + mContext.getDeviceId(), user.getIdentifier()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -719,7 +720,8 @@ public final class PermissionManager { final boolean checkAdjustPolicyFlagPermission = mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.Q; mPermissionManager.updatePermissionFlags(packageName, permissionName, flagMask, - flagValues, checkAdjustPolicyFlagPermission, user.getIdentifier()); + flagValues, checkAdjustPolicyFlagPermission, + mContext.getDeviceId(), user.getIdentifier()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -975,7 +977,7 @@ public final class PermissionManager { try { final String packageName = mContext.getPackageName(); return mPermissionManager.shouldShowRequestPermissionRationale(packageName, - permissionName, mContext.getUserId()); + permissionName, mContext.getDeviceId(), mContext.getUserId()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -1509,8 +1511,8 @@ public final class PermissionManager { // to reduce duplicate logcat output. private static volatile boolean sShouldWarnMissingActivityManager = true; - /* @hide */ - private static int checkPermissionUncached(@Nullable String permission, int pid, int uid) { + private static int checkPermissionUncached(@Nullable String permission, int pid, int uid, + int deviceId) { final IActivityManager am = ActivityManager.getService(); if (am == null) { // Well this is super awkward; we somehow don't have an active ActivityManager @@ -1531,7 +1533,7 @@ public final class PermissionManager { } try { sShouldWarnMissingActivityManager = true; - return am.checkPermission(permission, pid, uid); + return am.checkPermissionForDevice(permission, pid, uid, deviceId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -1551,26 +1553,26 @@ public final class PermissionManager { final String permission; final int pid; final int uid; + final int deviceId; - PermissionQuery(@Nullable String permission, int pid, int uid) { + PermissionQuery(@Nullable String permission, int pid, int uid, int deviceId) { this.permission = permission; this.pid = pid; this.uid = uid; + this.deviceId = deviceId; } @Override public String toString() { - return String.format("PermissionQuery(permission=\"%s\", pid=%s, uid=%s)", - permission, pid, uid); + return TextUtils.formatSimple("PermissionQuery(permission=\"%s\", pid=%d, uid=%d, " + + "deviceId=%d)", permission, pid, uid, deviceId); } @Override public int hashCode() { // N.B. pid doesn't count toward equality and therefore shouldn't count for // hashing either. - int hash = Objects.hashCode(permission); - hash = hash * 13 + Objects.hashCode(uid); - return hash; + return Objects.hash(permission, uid, deviceId); } @Override @@ -1585,7 +1587,7 @@ public final class PermissionManager { } catch (ClassCastException ex) { return false; } - return uid == other.uid + return uid == other.uid && deviceId == other.deviceId && Objects.equals(permission, other.permission); } } @@ -1599,13 +1601,14 @@ public final class PermissionManager { 2048, CACHE_KEY_PACKAGE_INFO, "checkPermission") { @Override public Integer recompute(PermissionQuery query) { - return checkPermissionUncached(query.permission, query.pid, query.uid); + return checkPermissionUncached(query.permission, query.pid, query.uid, + query.deviceId); } }; /** @hide */ - public static int checkPermission(@Nullable String permission, int pid, int uid) { - return sPermissionCache.query(new PermissionQuery(permission, pid, uid)); + public static int checkPermission(@Nullable String permission, int pid, int uid, int deviceId) { + return sPermissionCache.query(new PermissionQuery(permission, pid, uid, deviceId)); } /** @@ -1625,26 +1628,29 @@ public final class PermissionManager { private static final class PackageNamePermissionQuery { final String permName; final String pkgName; + final int deviceId; @UserIdInt final int userId; PackageNamePermissionQuery(@Nullable String permName, @Nullable String pkgName, - @UserIdInt int userId) { + int deviceId, @UserIdInt int userId) { this.permName = permName; this.pkgName = pkgName; + this.deviceId = deviceId; this.userId = userId; } @Override public String toString() { - return String.format( - "PackageNamePermissionQuery(pkgName=\"%s\", permName=\"%s, userId=%s\")", - pkgName, permName, userId); + return TextUtils.formatSimple( + "PackageNamePermissionQuery(pkgName=\"%s\", permName=\"%s\", " + + "deviceId=%s, userId=%s\")", + pkgName, permName, deviceId, userId); } @Override public int hashCode() { - return Objects.hash(permName, pkgName, userId); + return Objects.hash(permName, pkgName, deviceId, userId); } @Override @@ -1660,16 +1666,17 @@ public final class PermissionManager { } return Objects.equals(permName, other.permName) && Objects.equals(pkgName, other.pkgName) + && deviceId == other.deviceId && userId == other.userId; } } /* @hide */ private static int checkPackageNamePermissionUncached( - String permName, String pkgName, @UserIdInt int userId) { + String permName, String pkgName, int deviceId, @UserIdInt int userId) { try { - return ActivityThread.getPackageManager().checkPermission( - permName, pkgName, userId); + return ActivityThread.getPermissionManager().checkPermission( + pkgName, permName, deviceId, userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -1683,7 +1690,7 @@ public final class PermissionManager { @Override public Integer recompute(PackageNamePermissionQuery query) { return checkPackageNamePermissionUncached( - query.permName, query.pkgName, query.userId); + query.permName, query.pkgName, query.deviceId, query.userId); } @Override public boolean bypass(PackageNamePermissionQuery query) { @@ -1692,14 +1699,14 @@ public final class PermissionManager { }; /** - * Check whether a package has a permission. + * Check whether a package has a permission for given device. * * @hide */ - public static int checkPackageNamePermission(String permName, String pkgName, + public static int checkPackageNamePermission(String permName, String pkgName, int deviceId, @UserIdInt int userId) { return sPackageNamePermissionCache.query( - new PackageNamePermissionQuery(permName, pkgName, userId)); + new PackageNamePermissionQuery(permName, pkgName, deviceId, userId)); } /** diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index eaa1b97113a8..9691bb99b94a 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -5822,12 +5822,25 @@ public class ActivityManagerService extends IActivityManager.Stub /** * Allows if {@code pid} is {@link #MY_PID}, then denies if the {@code pid} has been denied * provided non-{@code null} {@code permission} before. Otherwise calls into - * {@link ActivityManager#checkComponentPermission(String, int, int, boolean)}. + * {@link ActivityManager#checkComponentPermission(String, int, int, int, boolean)}. */ @PackageManager.PermissionResult @PermissionMethod public static int checkComponentPermission(@PermissionName String permission, int pid, int uid, int owningUid, boolean exported) { + return checkComponentPermission(permission, pid, uid, Context.DEVICE_ID_DEFAULT, + owningUid, exported); + } + + /** + * Allows if {@code pid} is {@link #MY_PID}, then denies if the {@code pid} has been denied + * provided non-{@code null} {@code permission} before. Otherwise calls into + * {@link ActivityManager#checkComponentPermission(String, int, int, int, boolean)}. + */ + @PackageManager.PermissionResult + @PermissionMethod + public static int checkComponentPermission(@PermissionName String permission, int pid, int uid, + int deviceId, int owningUid, boolean exported) { if (pid == MY_PID) { return PackageManager.PERMISSION_GRANTED; } @@ -5846,7 +5859,7 @@ public class ActivityManagerService extends IActivityManager.Stub } } } - return ActivityManager.checkComponentPermission(permission, uid, + return ActivityManager.checkComponentPermission(permission, uid, deviceId, owningUid, exported); } @@ -5875,10 +5888,27 @@ public class ActivityManagerService extends IActivityManager.Stub @PackageManager.PermissionResult @PermissionMethod public int checkPermission(@PermissionName String permission, int pid, int uid) { + return checkPermissionForDevice(permission, pid, uid, Context.DEVICE_ID_DEFAULT); + } + + /** + * As the only public entry point for permissions checking, this method + * can enforce the semantic that requesting a check on a null global + * permission is automatically denied. (Internally a null permission + * string is used when calling {@link #checkComponentPermission} in cases + * when only uid-based security is needed.) + * + * This can be called with or without the global lock held. + */ + @Override + @PackageManager.PermissionResult + @PermissionMethod + public int checkPermissionForDevice(@PermissionName String permission, int pid, int uid, + int deviceId) { if (permission == null) { return PackageManager.PERMISSION_DENIED; } - return checkComponentPermission(permission, pid, uid, -1, true); + return checkComponentPermission(permission, pid, uid, deviceId, -1, true); } /** diff --git a/services/core/java/com/android/server/notification/PermissionHelper.java b/services/core/java/com/android/server/notification/PermissionHelper.java index 93c83e181ec1..85c140c67949 100644 --- a/services/core/java/com/android/server/notification/PermissionHelper.java +++ b/services/core/java/com/android/server/notification/PermissionHelper.java @@ -196,19 +196,20 @@ public final class PermissionHelper { int uid = mPackageManager.getPackageUid(packageName, 0, userId); boolean currentlyGranted = hasPermission(uid); if (grant && !currentlyGranted) { - mPermManager.grantRuntimePermission(packageName, NOTIFICATION_PERMISSION, userId); + mPermManager.grantRuntimePermission(packageName, NOTIFICATION_PERMISSION, + Context.DEVICE_ID_DEFAULT, userId); } else if (!grant && currentlyGranted) { mPermManager.revokeRuntimePermission(packageName, NOTIFICATION_PERMISSION, - userId, TAG); + Context.DEVICE_ID_DEFAULT, userId, TAG); } int flagMask = FLAG_PERMISSION_USER_SET | FLAG_PERMISSION_USER_FIXED; flagMask = userSet || !grant ? flagMask | FLAG_PERMISSION_GRANTED_BY_DEFAULT : flagMask; if (userSet) { - mPermManager.updatePermissionFlags(packageName, NOTIFICATION_PERMISSION, - flagMask, FLAG_PERMISSION_USER_SET, true, userId); + mPermManager.updatePermissionFlags(packageName, NOTIFICATION_PERMISSION, flagMask, + FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, userId); } else { mPermManager.updatePermissionFlags(packageName, NOTIFICATION_PERMISSION, - flagMask, 0, true, userId); + flagMask, 0, true, Context.DEVICE_ID_DEFAULT, userId); } } catch (RemoteException e) { Slog.e(TAG, "Could not reach system server", e); @@ -236,7 +237,7 @@ public final class PermissionHelper { try { try { int flags = mPermManager.getPermissionFlags(packageName, NOTIFICATION_PERMISSION, - userId); + Context.DEVICE_ID_DEFAULT, userId); return (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 || (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0; } catch (RemoteException e) { @@ -253,7 +254,7 @@ public final class PermissionHelper { try { try { int flags = mPermManager.getPermissionFlags(packageName, NOTIFICATION_PERMISSION, - userId); + Context.DEVICE_ID_DEFAULT, userId); return (flags & (PackageManager.FLAG_PERMISSION_USER_SET | PackageManager.FLAG_PERMISSION_USER_FIXED)) != 0; } catch (RemoteException e) { @@ -270,7 +271,7 @@ public final class PermissionHelper { try { try { int flags = mPermManager.getPermissionFlags(packageName, NOTIFICATION_PERMISSION, - userId); + Context.DEVICE_ID_DEFAULT, userId); return (flags & (PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT | PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE)) != 0; } catch (RemoteException e) { diff --git a/services/core/java/com/android/server/pm/BackgroundInstallControlService.java b/services/core/java/com/android/server/pm/BackgroundInstallControlService.java index 1b34c703f663..7f0aadce3143 100644 --- a/services/core/java/com/android/server/pm/BackgroundInstallControlService.java +++ b/services/core/java/com/android/server/pm/BackgroundInstallControlService.java @@ -234,7 +234,7 @@ public class BackgroundInstallControlService extends SystemService { // the installers without INSTALL_PACKAGES perm can't perform // the installation in background. So we can just filter out them. if (mPermissionManager.checkPermission(installerPackageName, - android.Manifest.permission.INSTALL_PACKAGES, + android.Manifest.permission.INSTALL_PACKAGES, Context.DEVICE_ID_DEFAULT, userId) != PackageManager.PERMISSION_GRANTED) { return; } @@ -433,7 +433,7 @@ public class BackgroundInstallControlService extends SystemService { return true; } return mPermissionManager.checkPermission(pkgName, - android.Manifest.permission.INSTALL_PACKAGES, + android.Manifest.permission.INSTALL_PACKAGES, Context.DEVICE_ID_DEFAULT, userId) == PackageManager.PERMISSION_GRANTED; } diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java index 7aa5c65f7f4c..1b5272514b63 100644 --- a/services/core/java/com/android/server/pm/ComputerEngine.java +++ b/services/core/java/com/android/server/pm/ComputerEngine.java @@ -2583,7 +2583,7 @@ public class ComputerEngine implements Computer { // NOTE: Can't remove without a major refactor. Keep around for now. public final int checkUidPermission(String permName, int uid) { - return mPermissionManager.checkUidPermission(uid, permName); + return mPermissionManager.checkUidPermission(uid, permName, Context.DEVICE_ID_DEFAULT); } public int getPackageUidInternal(String packageName, @@ -4528,8 +4528,8 @@ public class ComputerEngine implements Computer { int numMatch = 0; for (int i=0; i<permissions.length; i++) { final String permission = permissions[i]; - if (mPermissionManager.checkPermission(ps.getPackageName(), permission, userId) - == PERMISSION_GRANTED) { + if (mPermissionManager.checkPermission(ps.getPackageName(), permission, + Context.DEVICE_ID_DEFAULT, userId) == PERMISSION_GRANTED) { tmp[i] = true; numMatch++; } else { diff --git a/services/core/java/com/android/server/pm/DumpHelper.java b/services/core/java/com/android/server/pm/DumpHelper.java index b5647d0092f5..f3ea42e0e0da 100644 --- a/services/core/java/com/android/server/pm/DumpHelper.java +++ b/services/core/java/com/android/server/pm/DumpHelper.java @@ -23,6 +23,7 @@ import static com.android.server.pm.PackageManagerServiceUtils.dumpCriticalInfo; import android.annotation.NonNull; import android.content.ComponentName; +import android.content.Context; import android.content.pm.FeatureInfo; import android.content.pm.PackageManager; import android.os.Binder; @@ -160,7 +161,8 @@ final class DumpHelper { pkg = snapshot.resolveInternalPackageName(pkg, PackageManager.VERSION_CODE_HIGHEST); - pw.println(mPermissionManager.checkPermission(perm, pkg, user)); + pw.println(mPermissionManager.checkPermission( + pkg, perm, Context.DEVICE_ID_DEFAULT, user)); return; } else if ("l".equals(cmd) || "libraries".equals(cmd)) { dumpState.setDump(DumpState.DUMP_LIBS); diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 5a81a1af50ec..6a656df60dce 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -2825,7 +2825,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService // NOTE: Can't remove due to unsupported app usage public int checkPermission(String permName, String pkgName, int userId) { - return mPermissionManager.checkPermission(pkgName, permName, userId); + return mPermissionManager.checkPermission(pkgName, permName, Context.DEVICE_ID_DEFAULT, + userId); } public String getSdkSandboxPackageName() { diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index dbe2d54567c2..7609073e149c 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -218,9 +218,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } - private int checkPermission(String pkgName, String permName, @UserIdInt int userId) { + @Override + @PackageManager.PermissionResult + public int checkPermission(String packageName, String permissionName, int deviceId, + @UserIdInt int userId) { // Not using Objects.requireNonNull() here for compatibility reasons. - if (pkgName == null || permName == null) { + if (packageName == null || permissionName == null) { return PackageManager.PERMISSION_DENIED; } @@ -230,15 +233,18 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { - return mPermissionManagerServiceImpl.checkPermission(pkgName, permName, userId); + return mPermissionManagerServiceImpl.checkPermission( + packageName, permissionName, userId); } - return checkPermissionDelegate.checkPermission(pkgName, permName, userId, + return checkPermissionDelegate.checkPermission(packageName, permissionName, userId, mPermissionManagerServiceImpl::checkPermission); } - private int checkUidPermission(int uid, String permName) { + @Override + @PackageManager.PermissionResult + public int checkUidPermission(int uid, String permissionName, int deviceId) { // Not using Objects.requireNonNull() here for compatibility reasons. - if (permName == null) { + if (permissionName == null) { return PackageManager.PERMISSION_DENIED; } @@ -248,9 +254,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { - return mPermissionManagerServiceImpl.checkUidPermission(uid, permName); + return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName); } - return checkPermissionDelegate.checkUidPermission(uid, permName, + return checkPermissionDelegate.checkUidPermission(uid, permissionName, mPermissionManagerServiceImpl::checkUidPermission); } @@ -502,14 +508,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @Override - public int getPermissionFlags(String packageName, String permissionName, int userId) { + public int getPermissionFlags(String packageName, String permissionName, int deviceId, + int userId) { return mPermissionManagerServiceImpl .getPermissionFlags(packageName, permissionName, userId); } @Override public void updatePermissionFlags(String packageName, String permissionName, int flagMask, - int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { + int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { mPermissionManagerServiceImpl.updatePermissionFlags(packageName, permissionName, flagMask, flagValues, checkAdjustPolicyFlagPermission, userId); } @@ -551,15 +558,16 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @Override - public void grantRuntimePermission(String packageName, String permissionName, int userId) { + public void grantRuntimePermission(String packageName, String permissionName, int deviceId, + int userId) { mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, userId); } @Override - public void revokeRuntimePermission(String packageName, String permissionName, int userId, - String reason) { - mPermissionManagerServiceImpl.revokeRuntimePermission(packageName, permissionName, userId, - reason); + public void revokeRuntimePermission(String packageName, String permissionName, int deviceId, + int userId, String reason) { + mPermissionManagerServiceImpl.revokeRuntimePermission(packageName, permissionName, + userId, reason); } @Override @@ -570,14 +578,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permissionName, - int userId) { + int deviceId, int userId) { return mPermissionManagerServiceImpl.shouldShowRequestPermissionRationale(packageName, permissionName, userId); } @Override public boolean isPermissionRevokedByPolicy(String packageName, String permissionName, - int userId) { + int deviceId, int userId) { return mPermissionManagerServiceImpl .isPermissionRevokedByPolicy(packageName, permissionName, userId); } @@ -592,14 +600,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { private class PermissionManagerServiceInternalImpl implements PermissionManagerServiceInternal { @Override public int checkPermission(@NonNull String packageName, @NonNull String permissionName, - @UserIdInt int userId) { + int deviceId, @UserIdInt int userId) { return PermissionManagerService.this.checkPermission(packageName, permissionName, - userId); + deviceId, userId); } @Override - public int checkUidPermission(int uid, @NonNull String permissionName) { - return PermissionManagerService.this.checkUidPermission(uid, permissionName); + public int checkUidPermission(int uid, @NonNull String permissionName, int deviceId) { + return PermissionManagerService.this.checkUidPermission(uid, permissionName, deviceId); } @Override @@ -805,6 +813,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { public void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId) { mPermissionManagerServiceImpl.resetRuntimePermissions(pkg, userId); } + @Override public void resetRuntimePermissionsForUser(@UserIdInt int userId) { mPermissionManagerServiceImpl.resetRuntimePermissionsForUser(userId); diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java index cf2b69cbc512..98adeb66388e 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java @@ -46,12 +46,13 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter * * @param packageName the name of the package you are checking against * @param permissionName the name of the permission you are checking for + * @param deviceId the device ID * @param userId the user ID * @return {@code PERMISSION_GRANTED} if the permission is granted, or {@code PERMISSION_DENIED} * otherwise */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - int checkPermission(@NonNull String packageName, @NonNull String permissionName, + int checkPermission(@NonNull String packageName, @NonNull String permissionName, int deviceId, @UserIdInt int userId); /** @@ -59,11 +60,12 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter * * @param uid the UID * @param permissionName the name of the permission you are checking for + * @param deviceId the device for which you are checking the permission * @return {@code PERMISSION_GRANTED} if the permission is granted, or {@code PERMISSION_DENIED} * otherwise */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - int checkUidPermission(int uid, @NonNull String permissionName); + int checkUidPermission(int uid, @NonNull String permissionName, int deviceId); /** * Get whether permission review is required for a package. @@ -73,8 +75,7 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter * @return whether permission review is required */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - boolean isPermissionsReviewRequired(@NonNull String packageName, - @UserIdInt int userId); + boolean isPermissionsReviewRequired(@NonNull String packageName, @UserIdInt int userId); /** * Reset the runtime permission state changes for a package. @@ -85,8 +86,7 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter * @param userId the user ID */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - void resetRuntimePermissions(@NonNull AndroidPackage pkg, - @UserIdInt int userId); + void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); /** * Reset the runtime permission state changes for all packages in a user. diff --git a/services/core/java/com/android/server/policy/PermissionPolicyService.java b/services/core/java/com/android/server/policy/PermissionPolicyService.java index 2679fcebbc25..d6e35e8b1fd3 100644 --- a/services/core/java/com/android/server/policy/PermissionPolicyService.java +++ b/services/core/java/com/android/server/policy/PermissionPolicyService.java @@ -1421,8 +1421,8 @@ public final class PermissionPolicyService extends SystemService { } boolean hasCreatedNotificationChannels = mNotificationManager .getNumNotificationChannelsForPackage(pkgName, uid, true) > 0; - boolean granted = mPermissionManagerInternal.checkUidPermission(uid, POST_NOTIFICATIONS) - == PackageManager.PERMISSION_GRANTED; + boolean granted = mPermissionManagerInternal.checkUidPermission(uid, POST_NOTIFICATIONS, + Context.DEVICE_ID_DEFAULT) == PackageManager.PERMISSION_GRANTED; int flags = mPackageManager.getPermissionFlags(POST_NOTIFICATIONS, pkgName, user); boolean explicitlySet = (flags & PermissionManager.EXPLICIT_SET_FLAGS) != 0; return !granted && hasCreatedNotificationChannels && !explicitlySet; diff --git a/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java b/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java index fe23eeecdf46..bb91939c430e 100644 --- a/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java +++ b/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java @@ -2435,10 +2435,11 @@ public final class BackgroundRestrictionTest { private void setPermissionState(String packageName, int uid, String perm, boolean granted) { doReturn(granted ? PERMISSION_GRANTED : PERMISSION_DENIED) .when(mPermissionManagerServiceInternal) - .checkUidPermission(uid, perm); + .checkUidPermission(uid, perm, Context.DEVICE_ID_DEFAULT); doReturn(granted ? PERMISSION_GRANTED : PERMISSION_DENIED) .when(mPermissionManagerServiceInternal) - .checkPermission(packageName, perm, UserHandle.getUserId(uid)); + .checkPermission( + packageName, perm, Context.DEVICE_ID_DEFAULT, UserHandle.getUserId(uid)); try { doReturn(granted ? PERMISSION_GRANTED : PERMISSION_DENIED) .when(mIActivityManager) diff --git a/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java b/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java index ba91647f96ed..daf18edaf2de 100644 --- a/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java +++ b/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java @@ -402,7 +402,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_DENIED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, 0); mTestLooper.dispatchAll(); @@ -415,7 +415,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, 0); mTestLooper.dispatchAll(); @@ -428,7 +428,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.USER_INTERACTION, USER_ID_1, INSTALLER_NAME_1, 0); mTestLooper.dispatchAll(); @@ -441,7 +441,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_1); mTestLooper.dispatchAll(); @@ -464,7 +464,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_1); generateUsageEvent(Event.ACTIVITY_STOPPED, @@ -489,7 +489,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_1); generateUsageEvent(Event.ACTIVITY_STOPPED, @@ -520,7 +520,7 @@ public final class BackgroundInstallControlServiceTest { assertEquals(0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps()); doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(Event.ACTIVITY_STOPPED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_1); mTestLooper.dispatchAll(); @@ -605,7 +605,7 @@ public final class BackgroundInstallControlServiceTest { // So it's not a background install. Thus, it's null for the return of // mBackgroundInstallControlService.getBackgroundInstalledPackages() doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_1); generateUsageEvent(Event.ACTIVITY_STOPPED, @@ -651,7 +651,7 @@ public final class BackgroundInstallControlServiceTest { // it's a background install. Thus, it's not null for the return of // mBackgroundInstallControlService.getBackgroundInstalledPackages() doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_2); generateUsageEvent(Event.ACTIVITY_STOPPED, @@ -701,7 +701,7 @@ public final class BackgroundInstallControlServiceTest { // it's a background install. Thus, it's not null for the return of // mBackgroundInstallControlService.getBackgroundInstalledPackages() doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_2, INSTALLER_NAME_2, USAGE_EVENT_TIMESTAMP_2); generateUsageEvent(Event.ACTIVITY_STOPPED, @@ -752,7 +752,7 @@ public final class BackgroundInstallControlServiceTest { // as a background install. Since we do not want to treat side-loaded apps as background // install getBackgroundInstalledPackages() is expected to return null doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_2); generateUsageEvent(Event.ACTIVITY_STOPPED, @@ -801,7 +801,7 @@ public final class BackgroundInstallControlServiceTest { // as a background install. Since we do not want to treat side-loaded apps as background // install getBackgroundInstalledPackages() is expected to return null doReturn(PackageManager.PERMISSION_GRANTED).when(mPermissionManager).checkPermission( - anyString(), anyString(), anyInt()); + anyString(), anyString(), anyInt(), anyInt()); generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_2); generateUsageEvent(Event.ACTIVITY_STOPPED, diff --git a/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java b/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java index 539f329cae98..318f932bf4e4 100644 --- a/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java +++ b/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java @@ -246,10 +246,10 @@ public class PermissionHelperTest extends UiServiceTestCase { mPermissionHelper.setNotificationPermission("pkg", 10, true, true); verify(mPermManager).grantRuntimePermission( - "pkg", Manifest.permission.POST_NOTIFICATIONS, 10); + "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10); verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS, USER_FLAG_MASK | FLAG_PERMISSION_GRANTED_BY_DEFAULT, - FLAG_PERMISSION_USER_SET, true, 10); + FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, 10); } @Test @@ -259,16 +259,16 @@ public class PermissionHelperTest extends UiServiceTestCase { .thenReturn(PERMISSION_DENIED); when(mPermManager.getPermissionFlags(anyString(), eq(Manifest.permission.POST_NOTIFICATIONS), - anyInt())).thenReturn(FLAG_PERMISSION_GRANTED_BY_DEFAULT); + anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_GRANTED_BY_DEFAULT); PermissionHelper.PackagePermission pkgPerm = new PermissionHelper.PackagePermission( "pkg", 10, true, false); mPermissionHelper.setNotificationPermission(pkgPerm); verify(mPermManager).grantRuntimePermission( - "pkg", Manifest.permission.POST_NOTIFICATIONS, 10); + "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10); verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS, USER_FLAG_MASK | FLAG_PERMISSION_GRANTED_BY_DEFAULT, - FLAG_PERMISSION_USER_SET, true, 10); + FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, 10); } @Test @@ -279,10 +279,11 @@ public class PermissionHelperTest extends UiServiceTestCase { mPermissionHelper.setNotificationPermission("pkg", 10, false, true); verify(mPermManager).revokeRuntimePermission( - eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), eq(10), anyString()); + eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), + eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString()); verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS, USER_FLAG_MASK | FLAG_PERMISSION_GRANTED_BY_DEFAULT, - FLAG_PERMISSION_USER_SET, true, 10); + FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, 10); } @Test @@ -293,9 +294,9 @@ public class PermissionHelperTest extends UiServiceTestCase { mPermissionHelper.setNotificationPermission("pkg", 10, true, false); verify(mPermManager).grantRuntimePermission( - "pkg", Manifest.permission.POST_NOTIFICATIONS, 10); + "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10); verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS, - USER_FLAG_MASK, 0, true, 10); + USER_FLAG_MASK, 0, true, Context.DEVICE_ID_DEFAULT, 10); } @Test @@ -306,36 +307,37 @@ public class PermissionHelperTest extends UiServiceTestCase { mPermissionHelper.setNotificationPermission("pkg", 10, false, false); verify(mPermManager).revokeRuntimePermission( - eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), eq(10), anyString()); + eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), + eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString()); verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS, USER_FLAG_MASK | FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, - true, 10); + true, Context.DEVICE_ID_DEFAULT, 10); } @Test public void testSetNotificationPermission_SystemFixedPermNotSet() throws Exception { when(mPermManager.getPermissionFlags(anyString(), eq(Manifest.permission.POST_NOTIFICATIONS), - anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED); + anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED); mPermissionHelper.setNotificationPermission("pkg", 10, false, true); verify(mPermManager, never()).revokeRuntimePermission( - anyString(), anyString(), anyInt(), anyString()); + anyString(), anyString(), anyInt(), anyInt(), anyString()); verify(mPermManager, never()).updatePermissionFlags( - anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyInt()); + anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyInt(), anyInt()); } @Test public void testSetNotificationPermission_PolicyFixedPermNotSet() throws Exception { when(mPermManager.getPermissionFlags(anyString(), eq(Manifest.permission.POST_NOTIFICATIONS), - anyInt())).thenReturn(FLAG_PERMISSION_POLICY_FIXED); + anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_POLICY_FIXED); mPermissionHelper.setNotificationPermission("pkg", 10, false, true); verify(mPermManager, never()).revokeRuntimePermission( - anyString(), anyString(), anyInt(), anyString()); + anyString(), anyString(), anyInt(), anyInt(), anyString()); verify(mPermManager, never()).updatePermissionFlags( - anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyInt()); + anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyInt(), anyInt()); } @Test @@ -345,7 +347,7 @@ public class PermissionHelperTest extends UiServiceTestCase { mPermissionHelper.setNotificationPermission("pkg", 10, true, false); verify(mPermManager, never()).grantRuntimePermission( - "pkg", Manifest.permission.POST_NOTIFICATIONS, 10); + "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10); } @Test @@ -355,7 +357,8 @@ public class PermissionHelperTest extends UiServiceTestCase { mPermissionHelper.setNotificationPermission("pkg", 10, false, false); verify(mPermManager, never()).revokeRuntimePermission( - eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), eq(10), anyString()); + eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), + eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString()); } @Test @@ -374,26 +377,27 @@ public class PermissionHelperTest extends UiServiceTestCase { verify(mContext, never()).checkPermission( eq(Manifest.permission.POST_NOTIFICATIONS), eq(-1), eq(testUid)); verify(mPermManager, never()).revokeRuntimePermission( - eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), eq(10), anyString()); + eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS), + eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString()); } @Test public void testIsPermissionFixed() throws Exception { when(mPermManager.getPermissionFlags(anyString(), eq(Manifest.permission.POST_NOTIFICATIONS), - anyInt())).thenReturn(FLAG_PERMISSION_USER_SET); + anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_USER_SET); assertThat(mPermissionHelper.isPermissionFixed("pkg", 0)).isFalse(); when(mPermManager.getPermissionFlags(anyString(), - eq(Manifest.permission.POST_NOTIFICATIONS), + eq(Manifest.permission.POST_NOTIFICATIONS), anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_USER_SET|FLAG_PERMISSION_POLICY_FIXED); assertThat(mPermissionHelper.isPermissionFixed("pkg", 0)).isTrue(); when(mPermManager.getPermissionFlags(anyString(), eq(Manifest.permission.POST_NOTIFICATIONS), - anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED); + anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED); assertThat(mPermissionHelper.isPermissionFixed("pkg", 0)).isTrue(); } @@ -434,13 +438,14 @@ public class PermissionHelperTest extends UiServiceTestCase { .thenReturn(requesting); // 2 and 3 are user-set permissions - when(mPermManager.getPermissionFlags( - "first", Manifest.permission.POST_NOTIFICATIONS, userId)).thenReturn(0); - when(mPermManager.getPermissionFlags( - "second", Manifest.permission.POST_NOTIFICATIONS, userId)) + when(mPermManager.getPermissionFlags("first", Manifest.permission.POST_NOTIFICATIONS, + Context.DEVICE_ID_DEFAULT, userId)) + .thenReturn(0); + when(mPermManager.getPermissionFlags("second", Manifest.permission.POST_NOTIFICATIONS, + Context.DEVICE_ID_DEFAULT, userId)) .thenReturn(FLAG_PERMISSION_USER_SET); - when(mPermManager.getPermissionFlags( - "third", Manifest.permission.POST_NOTIFICATIONS, userId)) + when(mPermManager.getPermissionFlags("third", Manifest.permission.POST_NOTIFICATIONS, + Context.DEVICE_ID_DEFAULT, userId)) .thenReturn(FLAG_PERMISSION_USER_SET); Map<Pair<Integer, String>, Pair<Boolean, Boolean>> expected = |