diff options
| -rw-r--r-- | core/java/android/companion/virtual/IVirtualDevice.aidl | 32 | ||||
| -rw-r--r-- | services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java | 92 |
2 files changed, 67 insertions, 57 deletions
diff --git a/core/java/android/companion/virtual/IVirtualDevice.aidl b/core/java/android/companion/virtual/IVirtualDevice.aidl index 22ea9f2094cb..9ab7cf9a8fc6 100644 --- a/core/java/android/companion/virtual/IVirtualDevice.aidl +++ b/core/java/android/companion/virtual/IVirtualDevice.aidl @@ -60,62 +60,73 @@ interface IVirtualDevice { /** * Closes the virtual device and frees all associated resources. */ + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void close(); /** * Notifies of an audio session being started. */ + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void onAudioSessionStarting( int displayId, IAudioRoutingCallback routingCallback, IAudioConfigChangedCallback configChangedCallback); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void onAudioSessionEnded(); - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void createVirtualDpad( in VirtualDpadConfig config, IBinder token); - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void createVirtualKeyboard( in VirtualKeyboardConfig config, IBinder token); - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void createVirtualMouse( in VirtualMouseConfig config, IBinder token); - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void createVirtualTouchscreen( in VirtualTouchscreenConfig config, IBinder token); - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void createVirtualNavigationTouchpad( in VirtualNavigationTouchpadConfig config, IBinder token); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void unregisterInputDevice(IBinder token); int getInputDeviceId(IBinder token); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendDpadKeyEvent(IBinder token, in VirtualKeyEvent event); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendKeyEvent(IBinder token, in VirtualKeyEvent event); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendButtonEvent(IBinder token, in VirtualMouseButtonEvent event); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendRelativeEvent(IBinder token, in VirtualMouseRelativeEvent event); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendScrollEvent(IBinder token, in VirtualMouseScrollEvent event); + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendTouchEvent(IBinder token, in VirtualTouchEvent event); /** * Creates a virtual sensor, capable of injecting sensor events into the system. */ - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void createVirtualSensor(IBinder tokenm, in VirtualSensorConfig config); /** * Removes the sensor corresponding to the given token from the system. */ - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void unregisterSensor(IBinder token); /** * Sends an event to the virtual sensor corresponding to the given token. */ - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") boolean sendSensorEvent(IBinder token, in VirtualSensorEvent event); /** @@ -126,6 +137,7 @@ interface IVirtualDevice { PointF getCursorPosition(IBinder token); /** Sets whether to show or hide the cursor while this virtual device is active. */ + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void setShowPointerIcon(boolean showPointerIcon); /** @@ -133,9 +145,9 @@ interface IVirtualDevice { * when matching the provided IntentFilter and calls the callback with the intercepted * intent. */ - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void registerIntentInterceptor( in IVirtualDeviceIntentInterceptor intentInterceptor, in IntentFilter filter); - @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE)") + @EnforcePermission("CREATE_VIRTUAL_DEVICE") void unregisterIntentInterceptor(in IVirtualDeviceIntentInterceptor intentInterceptor); } diff --git a/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java b/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java index 4d173d66fcb4..be80e019b98c 100644 --- a/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java +++ b/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java @@ -22,9 +22,9 @@ import static android.app.admin.DevicePolicyManager.NEARBY_STREAMING_SAME_MANAGE import static android.view.WindowManager.LayoutParams.FLAG_SECURE; import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS; +import android.annotation.EnforcePermission; import android.annotation.NonNull; import android.annotation.Nullable; -import android.annotation.RequiresPermission; import android.annotation.StringRes; import android.app.Activity; import android.app.ActivityOptions; @@ -62,6 +62,7 @@ import android.os.Binder; import android.os.IBinder; import android.os.LocaleList; import android.os.Looper; +import android.os.PermissionEnforcer; import android.os.PowerManager; import android.os.RemoteException; import android.os.ResultReceiver; @@ -198,6 +199,7 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub IVirtualDeviceActivityListener activityListener, Consumer<ArraySet<Integer>> runningAppsChangedCallback, VirtualDeviceParams params) { + super(PermissionEnforcer.fromContext(context)); UserHandle ownerUserHandle = UserHandle.getUserHandleForUid(ownerUid); mContext = context.createContextAsUser(ownerUserHandle, 0); mAssociationInfo = associationInfo; @@ -337,11 +339,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void close() { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to close the virtual device"); - + super.close_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mPerDisplayWakelocks.isEmpty()) { mPerDisplayWakelocks.forEach((displayId, wakeLock) -> { @@ -389,14 +389,12 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub return mWindowPolicyControllers; } - @RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void onAudioSessionStarting(int displayId, @NonNull IAudioRoutingCallback routingCallback, @Nullable IAudioConfigChangedCallback configChangedCallback) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to start audio session"); + super.onAudioSessionStarting_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mVirtualDisplayIds.contains(displayId)) { throw new SecurityException( @@ -413,12 +411,10 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } } - @RequiresPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void onAudioSessionEnded() { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to stop audio session"); + super.onAudioSessionEnded_enforcePermission(); synchronized (mVirtualDeviceLock) { if (mVirtualAudioController != null) { mVirtualAudioController.stopListening(); @@ -428,9 +424,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void createVirtualDpad(VirtualDpadConfig config, @NonNull IBinder deviceToken) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to create a virtual dpad"); + super.createVirtualDpad_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mVirtualDisplayIds.contains(config.getAssociatedDisplayId())) { throw new SecurityException( @@ -448,9 +444,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void createVirtualKeyboard(VirtualKeyboardConfig config, @NonNull IBinder deviceToken) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to create a virtual keyboard"); + super.createVirtualKeyboard_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mVirtualDisplayIds.contains(config.getAssociatedDisplayId())) { throw new SecurityException( @@ -470,9 +466,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void createVirtualMouse(VirtualMouseConfig config, @NonNull IBinder deviceToken) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to create a virtual mouse"); + super.createVirtualMouse_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mVirtualDisplayIds.contains(config.getAssociatedDisplayId())) { throw new SecurityException( @@ -490,10 +486,10 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void createVirtualTouchscreen(VirtualTouchscreenConfig config, @NonNull IBinder deviceToken) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to create a virtual touchscreen"); + super.createVirtualTouchscreen_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mVirtualDisplayIds.contains(config.getAssociatedDisplayId())) { throw new SecurityException( @@ -520,11 +516,10 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void createVirtualNavigationTouchpad(VirtualNavigationTouchpadConfig config, @NonNull IBinder deviceToken) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to create a virtual navigation touchpad"); + super.createVirtualNavigationTouchpad_enforcePermission(); synchronized (mVirtualDeviceLock) { if (!mVirtualDisplayIds.contains(config.getAssociatedDisplayId())) { throw new SecurityException( @@ -552,11 +547,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void unregisterInputDevice(IBinder token) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to unregister this input device"); - + super.unregisterInputDevice_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { mInputController.unregisterInputDevice(token); @@ -577,7 +570,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendDpadKeyEvent(IBinder token, VirtualKeyEvent event) { + super.sendDpadKeyEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mInputController.sendDpadKeyEvent(token, event); @@ -587,7 +582,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendKeyEvent(IBinder token, VirtualKeyEvent event) { + super.sendKeyEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mInputController.sendKeyEvent(token, event); @@ -597,7 +594,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendButtonEvent(IBinder token, VirtualMouseButtonEvent event) { + super.sendButtonEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mInputController.sendButtonEvent(token, event); @@ -607,7 +606,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendTouchEvent(IBinder token, VirtualTouchEvent event) { + super.sendTouchEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mInputController.sendTouchEvent(token, event); @@ -617,7 +618,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendRelativeEvent(IBinder token, VirtualMouseRelativeEvent event) { + super.sendRelativeEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mInputController.sendRelativeEvent(token, event); @@ -627,7 +630,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendScrollEvent(IBinder token, VirtualMouseScrollEvent event) { + super.sendScrollEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mInputController.sendScrollEvent(token, event); @@ -647,11 +652,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void setShowPointerIcon(boolean showPointerIcon) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to unregister this input device"); - + super.setShowPointerIcon_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { synchronized (mVirtualDeviceLock) { @@ -666,12 +669,11 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void createVirtualSensor( @NonNull IBinder deviceToken, @NonNull VirtualSensorConfig config) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to create a virtual sensor"); + super.createVirtualSensor_enforcePermission(); Objects.requireNonNull(config); Objects.requireNonNull(deviceToken); final long ident = Binder.clearCallingIdentity(); @@ -683,10 +685,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void unregisterSensor(@NonNull IBinder token) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to unregister a virtual sensor"); + super.unregisterSensor_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { mSensorController.unregisterSensor(token); @@ -696,10 +697,9 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public boolean sendSensorEvent(@NonNull IBinder token, @NonNull VirtualSensorEvent event) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to send a virtual sensor event"); + super.sendSensorEvent_enforcePermission(); final long ident = Binder.clearCallingIdentity(); try { return mSensorController.sendSensorEvent(token, event); @@ -709,25 +709,23 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void registerIntentInterceptor(IVirtualDeviceIntentInterceptor intentInterceptor, IntentFilter filter) { + super.registerIntentInterceptor_enforcePermission(); Objects.requireNonNull(intentInterceptor); Objects.requireNonNull(filter); - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to register intent interceptor"); synchronized (mVirtualDeviceLock) { mIntentInterceptors.put(intentInterceptor.asBinder(), filter); } } @Override // Binder call + @EnforcePermission(android.Manifest.permission.CREATE_VIRTUAL_DEVICE) public void unregisterIntentInterceptor( @NonNull IVirtualDeviceIntentInterceptor intentInterceptor) { + super.unregisterIntentInterceptor_enforcePermission(); Objects.requireNonNull(intentInterceptor); - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.CREATE_VIRTUAL_DEVICE, - "Permission required to unregister intent interceptor"); synchronized (mVirtualDeviceLock) { mIntentInterceptors.remove(intentInterceptor.asBinder()); } |