diff options
17 files changed, 539 insertions, 250 deletions
diff --git a/apex/jobscheduler/service/java/com/android/server/AppStateTrackerImpl.java b/apex/jobscheduler/service/java/com/android/server/AppStateTrackerImpl.java index e08200b055d8..5fc77451e832 100644 --- a/apex/jobscheduler/service/java/com/android/server/AppStateTrackerImpl.java +++ b/apex/jobscheduler/service/java/com/android/server/AppStateTrackerImpl.java @@ -23,6 +23,7 @@ import android.app.AppOpsManager; import android.app.AppOpsManager.PackageOps; import android.app.IActivityManager; import android.app.usage.UsageStatsManager; +import android.content.AttributionSource; import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; @@ -746,8 +747,10 @@ public class AppStateTrackerImpl implements AppStateTracker { public void opChanged(int op, int uid, String packageName) throws RemoteException { boolean restricted = false; try { - restricted = mAppOpsService.checkOperation(TARGET_OP, - uid, packageName) != AppOpsManager.MODE_ALLOWED; + final AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(packageName).build(); + restricted = mAppOpsService.checkOperationWithState(TARGET_OP, + attributionSource.asState()) != AppOpsManager.MODE_ALLOWED; } catch (RemoteException e) { // Shouldn't happen } diff --git a/apex/jobscheduler/service/java/com/android/server/tare/InternalResourceService.java b/apex/jobscheduler/service/java/com/android/server/tare/InternalResourceService.java index b8397d2cd1b4..95f901c4a365 100644 --- a/apex/jobscheduler/service/java/com/android/server/tare/InternalResourceService.java +++ b/apex/jobscheduler/service/java/com/android/server/tare/InternalResourceService.java @@ -38,6 +38,7 @@ import android.app.tare.EconomyManager; import android.app.tare.IEconomyManager; import android.app.usage.UsageEvents; import android.app.usage.UsageStatsManagerInternal; +import android.content.AttributionSource; import android.content.BroadcastReceiver; import android.content.ContentResolver; import android.content.Context; @@ -230,8 +231,11 @@ public class InternalResourceService extends SystemService { public void opChanged(int op, int uid, String packageName) { boolean restricted = false; try { - restricted = mAppOpsService.checkOperation( - AppOpsManager.OP_RUN_ANY_IN_BACKGROUND, uid, packageName) + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .build(); + restricted = mAppOpsService.checkOperationWithState( + AppOpsManager.OP_RUN_ANY_IN_BACKGROUND, attributionSource.asState()) != AppOpsManager.MODE_ALLOWED; } catch (RemoteException e) { // Shouldn't happen diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index 9a19d8edf8a8..7e84ceb4a61d 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -8305,7 +8305,9 @@ public class AppOpsManager { */ public int unsafeCheckOpRawNoThrow(int op, int uid, @NonNull String packageName) { try { - return mService.checkOperationRaw(op, uid, packageName, null); + final AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(packageName).build(); + return mService.checkOperationWithStateRaw(op, attributionSource.asState()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } @@ -8468,7 +8470,12 @@ public class AppOpsManager { } } - SyncNotedAppOp syncOp = mService.noteOperation(op, uid, packageName, attributionTag, + final AttributionSource attributionSource = + new AttributionSource.Builder(uid) + .setPackageName(packageName) + .setAttributionTag(attributionTag) + .build(); + SyncNotedAppOp syncOp = mService.noteOperationWithState(op, attributionSource.asState(), collectionMode == COLLECT_ASYNC, message, shouldCollectMessage); if (syncOp.getOpMode() == MODE_ALLOWED) { @@ -8708,7 +8715,9 @@ public class AppOpsManager { @UnsupportedAppUsage public int checkOp(int op, int uid, String packageName) { try { - int mode = mService.checkOperation(op, uid, packageName); + final AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(packageName).build(); + int mode = mService.checkOperationWithState(op, attributionSource.asState()); if (mode == MODE_ERRORED) { throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName)); } @@ -8729,7 +8738,9 @@ public class AppOpsManager { @UnsupportedAppUsage public int checkOpNoThrow(int op, int uid, String packageName) { try { - int mode = mService.checkOperation(op, uid, packageName); + final AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(packageName).build(); + int mode = mService.checkOperationWithState(op, attributionSource.asState()); return mode == AppOpsManager.MODE_FOREGROUND ? AppOpsManager.MODE_ALLOWED : mode; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); @@ -8974,8 +8985,14 @@ public class AppOpsManager { } } - SyncNotedAppOp syncOp = mService.startOperation(token, op, uid, packageName, - attributionTag, startIfModeDefault, collectionMode == COLLECT_ASYNC, message, + final AttributionSource attributionSource = + new AttributionSource.Builder(uid) + .setPackageName(packageName) + .setAttributionTag(attributionTag) + .build(); + SyncNotedAppOp syncOp = mService.startOperationWithState(token, op, + attributionSource.asState(), startIfModeDefault, + collectionMode == COLLECT_ASYNC, message, shouldCollectMessage, attributionFlags, attributionChainId); if (syncOp.getOpMode() == MODE_ALLOWED) { @@ -9188,7 +9205,12 @@ public class AppOpsManager { public void finishOp(IBinder token, int op, int uid, @NonNull String packageName, @Nullable String attributionTag) { try { - mService.finishOperation(token, op, uid, packageName, attributionTag); + final AttributionSource attributionSource = + new AttributionSource.Builder(uid) + .setPackageName(packageName) + .setAttributionTag(attributionTag) + .build(); + mService.finishOperationWithState(token, op, attributionSource.asState()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } diff --git a/core/java/android/app/AppOpsManagerInternal.java b/core/java/android/app/AppOpsManagerInternal.java index 43023fe9c2ab..a3de8faa1273 100644 --- a/core/java/android/app/AppOpsManagerInternal.java +++ b/core/java/android/app/AppOpsManagerInternal.java @@ -26,11 +26,12 @@ import android.util.SparseArray; import android.util.SparseIntArray; import com.android.internal.app.IAppOpsCallback; -import com.android.internal.util.function.HeptFunction; import com.android.internal.util.function.HexFunction; +import com.android.internal.util.function.NonaFunction; import com.android.internal.util.function.QuadFunction; -import com.android.internal.util.function.QuintConsumer; import com.android.internal.util.function.QuintFunction; +import com.android.internal.util.function.TriConsumer; +import com.android.internal.util.function.TriFunction; import com.android.internal.util.function.UndecFunction; /** @@ -45,15 +46,13 @@ public abstract class AppOpsManagerInternal { * Allows overriding check operation behavior. * * @param code The op code to check. - * @param uid The UID for which to check. - * @param packageName The package for which to check. - * @param attributionTag The attribution tag for which to check. + * @param attributionSource the {@link AttributionSource} responsible for data access * @param raw Whether to check the raw op i.e. not interpret the mode based on UID state. * @param superImpl The super implementation. * @return The app op check result. */ - int checkOperation(int code, int uid, String packageName, @Nullable String attributionTag, - boolean raw, QuintFunction<Integer, Integer, String, String, Boolean, Integer> + int checkOperation(int code, AttributionSource attributionSource, + boolean raw, TriFunction<Integer, AttributionSource, Boolean, Integer> superImpl); /** @@ -73,25 +72,23 @@ public abstract class AppOpsManagerInternal { * Allows overriding note operation behavior. * * @param code The op code to note. - * @param uid The UID for which to note. - * @param packageName The package for which to note. {@code null} for system package. - * @param featureId Id of the feature in the package + * @param attributionSource the {@link AttributionSource} responsible for data access * @param shouldCollectAsyncNotedOp If an {@link AsyncNotedAppOp} should be collected * @param message The message in the async noted op * @param superImpl The super implementation. * @return The app op note result. */ - SyncNotedAppOp noteOperation(int code, int uid, @Nullable String packageName, - @Nullable String featureId, boolean shouldCollectAsyncNotedOp, + SyncNotedAppOp noteOperation(int code, AttributionSource attributionSource, + boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage, - @NonNull HeptFunction<Integer, Integer, String, String, Boolean, String, Boolean, + @NonNull QuintFunction<Integer, AttributionSource, Boolean, String, Boolean, SyncNotedAppOp> superImpl); /** * Allows overriding note proxy operation behavior. * * @param code The op code to note. - * @param attributionSource The permission identity of the caller. + * @param attributionSource the {@link AttributionSource} responsible for data access * @param shouldCollectAsyncNotedOp If an {@link AsyncNotedAppOp} should be collected * @param message The message in the async noted op * @param shouldCollectMessage whether to collect messages @@ -110,9 +107,7 @@ public abstract class AppOpsManagerInternal { * * @param token The client state. * @param code The op code to start. - * @param uid The UID for which to note. - * @param packageName The package for which to note. {@code null} for system package. - * @param attributionTag the attribution tag. + * @param attributionSource the {@link AttributionSource} responsible for data access * @param startIfModeDefault Whether to start the op of the mode is default. * @param shouldCollectAsyncNotedOp If an {@link AsyncNotedAppOp} should be collected * @param message The message in the async noted op @@ -122,12 +117,12 @@ public abstract class AppOpsManagerInternal { * @param superImpl The super implementation. * @return The app op note result. */ - SyncNotedAppOp startOperation(IBinder token, int code, int uid, - @Nullable String packageName, @Nullable String attributionTag, + SyncNotedAppOp startOperation(IBinder token, int code, + AttributionSource attributionSource, boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage, @AttributionFlags int attributionFlags, int attributionChainId, - @NonNull UndecFunction<IBinder, Integer, Integer, String, String, Boolean, + @NonNull NonaFunction<IBinder, Integer, AttributionSource, Boolean, Boolean, String, Boolean, Integer, Integer, SyncNotedAppOp> superImpl); /** @@ -135,7 +130,7 @@ public abstract class AppOpsManagerInternal { * * @param clientId The client calling start, represented by an IBinder * @param code The op code to start. - * @param attributionSource The permission identity of the caller. + * @param attributionSource the {@link AttributionSource} responsible for data access * @param startIfModeDefault Whether to start the op of the mode is default. * @param shouldCollectAsyncNotedOp If an {@link AsyncNotedAppOp} should be collected * @param message The message in the async noted op @@ -161,21 +156,19 @@ public abstract class AppOpsManagerInternal { * * @param clientId The client state. * @param code The op code to finish. - * @param uid The UID for which the op was noted. - * @param packageName The package for which it was noted. {@code null} for system package. - * @param attributionTag the attribution tag. + * @param attributionSource the {@link AttributionSource} responsible for data access */ - default void finishOperation(IBinder clientId, int code, int uid, String packageName, - String attributionTag, - @NonNull QuintConsumer<IBinder, Integer, Integer, String, String> superImpl) { - superImpl.accept(clientId, code, uid, packageName, attributionTag); + default void finishOperation(IBinder clientId, int code, + AttributionSource attributionSource, + @NonNull TriConsumer<IBinder, Integer, AttributionSource> superImpl) { + superImpl.accept(clientId, code, attributionSource); } /** * Allows overriding finish proxy op. * * @param code The op code to finish. - * @param attributionSource The permission identity of the caller. + * @param attributionSource the {@link AttributionSource} responsible for data access * @param skipProxyOperation Whether to skip the proxy in the proxy/proxied operation * @param clientId The client calling finishProxyOperation * @param superImpl The "standard" implementation to potentially call diff --git a/core/java/android/content/AttributionSource.java b/core/java/android/content/AttributionSource.java index 4b2cee698df2..c2bc974a42ae 100644 --- a/core/java/android/content/AttributionSource.java +++ b/core/java/android/content/AttributionSource.java @@ -235,6 +235,12 @@ public final class AttributionSource implements Parcelable { } /** @hide */ + public AttributionSource withUid(int uid) { + return new AttributionSource(uid, getPid(), getPackageName(), getAttributionTag(), + getToken(), mAttributionSourceState.renouncedPermissions, getDeviceId(), getNext()); + } + + /** @hide */ public AttributionSource withPid(int pid) { return new AttributionSource(getUid(), pid, getPackageName(), getAttributionTag(), getToken(), mAttributionSourceState.renouncedPermissions, getDeviceId(), getNext()); diff --git a/core/java/com/android/internal/app/IAppOpsService.aidl b/core/java/com/android/internal/app/IAppOpsService.aidl index 492e2ac7cc28..1b05982a7569 100644 --- a/core/java/com/android/internal/app/IAppOpsService.aidl +++ b/core/java/com/android/internal/app/IAppOpsService.aidl @@ -42,18 +42,22 @@ import com.android.internal.app.MessageSamplingConfig; // frameworks/native/libs/permission/include/binder/IAppOpsService.h must match the order here. // Please be careful to respect both these issues when modifying this file. interface IAppOpsService { - // These methods are also called by native code, so please be careful that the number in - // frameworks/native/libs/permission/include/binder/IAppOpsService.h matches the ordering here. + // Deprecated, use checkOperationWithState instead. int checkOperation(int code, int uid, String packageName); + // Deprecated, use noteOperationWithState instead. SyncNotedAppOp noteOperation(int code, int uid, String packageName, @nullable String attributionTag, boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage); + // Deprecated, use startOperationWithState instead. SyncNotedAppOp startOperation(IBinder clientId, int code, int uid, String packageName, @nullable String attributionTag, boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, int attributionFlags, int attributionChainId); + // Deprecated, use finishOperationWithState instead. @UnsupportedAppUsage void finishOperation(IBinder clientId, int code, int uid, String packageName, @nullable String attributionTag); + // These methods are also called by native code, so please be careful that the number in + // frameworks/native/libs/permission/include/binder/IAppOpsService.h matches the ordering here. void startWatchingMode(int op, String packageName, IAppOpsCallback callback); void stopWatchingMode(IAppOpsCallback callback); int permissionToOpCode(String permission); @@ -134,20 +138,33 @@ interface IAppOpsService { void stopWatchingAsyncNoted(String packageName, IAppOpsAsyncNotedCallback callback); List<AsyncNotedAppOp> extractAsyncOps(String packageName); + // Deprecated, use checkOperationWithStateRaw instead. int checkOperationRaw(int code, int uid, String packageName, @nullable String attributionTag); void reloadNonHistoricalState(); void collectNoteOpCallsForValidation(String stackTrace, int op, String packageName, long version); - + // These methods are also called by native code, so please be careful that the number in + // frameworks/native/libs/permission/include/binder/IAppOpsService.h matches the ordering here. + int checkOperationWithState(int code, in AttributionSourceState attributionSourceState); + int checkOperationWithStateRaw(int code, in AttributionSourceState attributionSourceState); + SyncNotedAppOp noteOperationWithState(int code, in AttributionSourceState attributionSourceState, + boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage); + SyncNotedAppOp startOperationWithState(IBinder clientId, int code, + in AttributionSourceState attributionSourceState, boolean startIfModeDefault, + boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, + int attributionFlags, int attributionChainId); + void finishOperationWithState(IBinder clientId, int code, in AttributionSourceState attributionSourceState); + // End of methods also called by native code (there may be more blocks like this of native + // methods later in this file). SyncNotedAppOp noteProxyOperationWithState(int code, - in AttributionSourceState attributionSourceStateState, - boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, - boolean skipProxyOperation); + in AttributionSourceState attributionSourceStateState, + boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, + boolean skipProxyOperation); SyncNotedAppOp startProxyOperationWithState(IBinder clientId, int code, - in AttributionSourceState attributionSourceStateState, boolean startIfModeDefault, - boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, - boolean skipProxyOperation, int proxyAttributionFlags, int proxiedAttributionFlags, - int attributionChainId); + in AttributionSourceState attributionSourceStateState, boolean startIfModeDefault, + boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, + boolean skipProxyOperation, int proxyAttributionFlags, int proxiedAttributionFlags, + int attributionChainId); void finishProxyOperationWithState(IBinder clientId, int code, - in AttributionSourceState attributionSourceStateState, boolean skipProxyOperation); + in AttributionSourceState attributionSourceStateState, boolean skipProxyOperation); } diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 15fc2dc15d02..02235096ac15 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -61,6 +61,7 @@ import android.app.KeyguardManager; import android.app.PendingIntent; import android.app.admin.SecurityLog; import android.app.usage.StorageStatsManager; +import android.content.AttributionSource; import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; @@ -2138,8 +2139,13 @@ class StorageManagerService extends IStorageManager.Stub | MATCH_DIRECT_BOOT_UNAWARE | MATCH_UNINSTALLED_PACKAGES | MATCH_ANY_USER, userId, Process.myUid())) { try { - boolean hasLegacy = mIAppOpsService.checkOperation(OP_LEGACY_STORAGE, ai.uid, - ai.packageName) == MODE_ALLOWED; + final AttributionSource attributionSource = new AttributionSource.Builder(ai.uid) + .setPackageName(ai.packageName) + .build(); + boolean hasLegacy = + mIAppOpsService.checkOperationWithState( + OP_LEGACY_STORAGE, attributionSource.asState()) + == MODE_ALLOWED; updateLegacyStorageApps(ai.packageName, ai.uid, hasLegacy); } catch (RemoteException e) { Slog.e(TAG, "Failed to check legacy op for package " + ai.packageName, e); @@ -4540,8 +4546,11 @@ class StorageManagerService extends IStorageManager.Stub // sharing the uid and allow same level of storage access for all packages even if // one of the packages has the appop granted. for (String uidPackageName : packagesForUid) { - if (mIAppOpsService.checkOperation( - OP_REQUEST_INSTALL_PACKAGES, uid, uidPackageName) == MODE_ALLOWED) { + final AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(uidPackageName).build(); + if (mIAppOpsService.checkOperationWithState( + OP_REQUEST_INSTALL_PACKAGES, attributionSource.asState()) + == MODE_ALLOWED) { hasInstallOp = true; break; } @@ -4838,8 +4847,11 @@ class StorageManagerService extends IStorageManager.Stub @Override public boolean hasExternalStorageAccess(int uid, String packageName) { try { - final int opMode = mIAppOpsService.checkOperation( - OP_MANAGE_EXTERNAL_STORAGE, uid, packageName); + final AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(packageName).build(); + final int opMode = + mIAppOpsService.checkOperationWithState( + OP_MANAGE_EXTERNAL_STORAGE, attributionSource.asState()); if (opMode == AppOpsManager.MODE_DEFAULT) { return mIPackageManager.checkUidPermission( MANAGE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED; diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index 5f1a7e7e8123..4bdb4da97144 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -167,6 +167,7 @@ import android.compat.annotation.ChangeId; import android.compat.annotation.EnabledAfter; import android.compat.annotation.EnabledSince; import android.compat.annotation.Overridable; +import android.content.AttributionSource; import android.content.ComponentName; import android.content.ComponentName.WithComponentName; import android.content.Context; @@ -1100,8 +1101,12 @@ public final class ActiveServices { SystemClock.uptimeMillis()); // Use current time, not lastActivity. } } - mAm.mAppOpsService.startOperation(AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, null, + final AttributionSource attributionSource = new AttributionSource.Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.startOperationWithState(AppOpsManager.getToken(mAm.mAppOpsService), + AppOpsManager.OP_START_FOREGROUND, + attributionSource.asState(), true, false, null, false, AppOpsManager.ATTRIBUTION_FLAGS_NONE, AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE); } @@ -2451,10 +2456,15 @@ public final class ActiveServices { stopProcStatsOp = false; } - mAm.mAppOpsService.startOperation( + final AttributionSource attributionSource = new AttributionSource + .Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.startOperationWithState( AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, - null, true, false, "", false, AppOpsManager.ATTRIBUTION_FLAGS_NONE, + AppOpsManager.OP_START_FOREGROUND, attributionSource.asState(), + true, false, "", false, + AppOpsManager.ATTRIBUTION_FLAGS_NONE, AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE); registerAppOpCallbackLocked(r); mAm.updateForegroundServiceUsageStats(r.name, r.userId, true); @@ -2514,10 +2524,13 @@ public final class ActiveServices { if (alreadyStartedOp) { // If we had previously done a start op for direct foreground start, // we have cleared the flag so can now drop it. - mAm.mAppOpsService.finishOperation( + final AttributionSource attributionSource = new AttributionSource + .Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.finishOperationWithState( AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, - null); + AppOpsManager.OP_START_FOREGROUND, attributionSource.asState()); } } } else { @@ -2560,9 +2573,13 @@ public final class ActiveServices { SystemClock.uptimeMillis()); } } - mAm.mAppOpsService.finishOperation( + final AttributionSource attributionSource = + new AttributionSource.Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.finishOperationWithState( AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, null); + AppOpsManager.OP_START_FOREGROUND, attributionSource.asState()); unregisterAppOpCallbackLocked(r); logFGSStateChangeLocked(r, FOREGROUND_SERVICE_STATE_CHANGED__STATE__EXIT, @@ -5704,8 +5721,12 @@ public final class ActiveServices { SystemClock.uptimeMillis()); } } - mAm.mAppOpsService.finishOperation(AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, null); + final AttributionSource attributionSource = new AttributionSource + .Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.finishOperationWithState(AppOpsManager.getToken(mAm.mAppOpsService), + AppOpsManager.OP_START_FOREGROUND, attributionSource.asState()); mServiceFGAnrTimer.cancel(r); if (r.app != null) { Message msg = mAm.mHandler.obtainMessage( @@ -5770,9 +5791,13 @@ public final class ActiveServices { SystemClock.uptimeMillis()); } } - mAm.mAppOpsService.finishOperation( + final AttributionSource attributionSource = new AttributionSource + .Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.finishOperationWithState( AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, null); + AppOpsManager.OP_START_FOREGROUND, attributionSource.asState()); unregisterAppOpCallbackLocked(r); r.mFgsExitTime = SystemClock.uptimeMillis(); logFGSStateChangeLocked(r, @@ -8491,8 +8516,11 @@ public final class ActiveServices { mAm.mBatteryStatsService.noteServiceStartRunning(callingUid, callingPackage, cn.getClassName()); - mAm.mAppOpsService.startOperation(AppOpsManager.getToken(mAm.mAppOpsService), - AppOpsManager.OP_START_FOREGROUND, r.appInfo.uid, r.packageName, null, + final AttributionSource attributionSource = new AttributionSource.Builder(r.appInfo.uid) + .setPackageName(r.packageName) + .build(); + mAm.mAppOpsService.startOperationWithState(AppOpsManager.getToken(mAm.mAppOpsService), + AppOpsManager.OP_START_FOREGROUND, attributionSource.asState(), true, false, null, false, AppOpsManager.ATTRIBUTION_FLAGS_NONE, AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE); registerAppOpCallbackLocked(r); diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index e88d0c6baf26..afc2356085cc 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -428,10 +428,11 @@ import com.android.internal.util.FastPrintWriter; import com.android.internal.util.FrameworkStatsLog; import com.android.internal.util.MemInfoReader; import com.android.internal.util.Preconditions; -import com.android.internal.util.function.HeptFunction; import com.android.internal.util.function.HexFunction; +import com.android.internal.util.function.NonaFunction; import com.android.internal.util.function.QuadFunction; import com.android.internal.util.function.QuintFunction; +import com.android.internal.util.function.TriFunction; import com.android.internal.util.function.UndecFunction; import com.android.server.AlarmManagerInternal; import com.android.server.BootReceiver; @@ -3150,8 +3151,11 @@ public class ActivityManagerService extends IActivityManager.Stub } private boolean hasUsageStatsPermission(String callingPackage, int callingUid, int callingPid) { - final int mode = mAppOpsService.noteOperation(AppOpsManager.OP_GET_USAGE_STATS, - callingUid, callingPackage, null, false, "", false).getOpMode(); + final AttributionSource attributionSource = new AttributionSource.Builder(callingUid) + .setPackageName(callingPackage) + .build(); + final int mode = mAppOpsService.noteOperationWithState(AppOpsManager.OP_GET_USAGE_STATS, + attributionSource.asState(), false, "", false).getOpMode(); if (mode == AppOpsManager.MODE_DEFAULT) { return checkPermission(Manifest.permission.PACKAGE_USAGE_STATS, callingPid, callingUid) == PackageManager.PERMISSION_GRANTED; @@ -5929,9 +5933,18 @@ public class ActivityManagerService extends IActivityManager.Stub @Override public int noteOp(String op, int uid, String packageName) { // TODO moltmann: Allow to specify featureId - return mActivityManagerService.mAppOpsService - .noteOperation(AppOpsManager.strOpToOp(op), uid, packageName, null, - false, "", false).getOpMode(); + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .build(); + return mActivityManagerService + .mAppOpsService + .noteOperationWithState( + AppOpsManager.strOpToOp(op), + attributionSource.asState(), + false, + "", + false) + .getOpMode(); } @Override @@ -20059,20 +20072,26 @@ public class ActivityManagerService extends IActivityManager.Stub } @Override - public int checkOperation(int code, int uid, String packageName, - String attributionTag, boolean raw, - QuintFunction<Integer, Integer, String, String, Boolean, Integer> superImpl) { + public int checkOperation(int code, AttributionSource attributionSource, boolean raw, + TriFunction<Integer, AttributionSource, Boolean, Integer> superImpl) { + final int uid = attributionSource.getUid(); + if (uid == mTargetUid && isTargetOp(code)) { final int shellUid = UserHandle.getUid(UserHandle.getUserId(uid), Process.SHELL_UID); + final AttributionSource shellAttributionSource = + new AttributionSource.Builder(shellUid) + .setPackageName("com.android.shell") + .build(); + final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(code, shellUid, "com.android.shell", null, raw); + return superImpl.apply(code, shellAttributionSource, raw); } finally { Binder.restoreCallingIdentity(identity); } } - return superImpl.apply(code, uid, packageName, attributionTag, raw); + return superImpl.apply(code, attributionSource, raw); } @Override @@ -20092,23 +20111,30 @@ public class ActivityManagerService extends IActivityManager.Stub } @Override - public SyncNotedAppOp noteOperation(int code, int uid, @Nullable String packageName, - @Nullable String featureId, boolean shouldCollectAsyncNotedOp, + public SyncNotedAppOp noteOperation(int code, AttributionSource attributionSource, + boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage, - @NonNull HeptFunction<Integer, Integer, String, String, Boolean, String, Boolean, + @NonNull QuintFunction<Integer, AttributionSource, Boolean, String, Boolean, SyncNotedAppOp> superImpl) { + final int uid = attributionSource.getUid(); + final String attributionTag = attributionSource.getAttributionTag(); if (uid == mTargetUid && isTargetOp(code)) { final int shellUid = UserHandle.getUid(UserHandle.getUserId(uid), Process.SHELL_UID); final long identity = Binder.clearCallingIdentity(); + final AttributionSource shellAttributionSource = + new AttributionSource.Builder(shellUid) + .setPackageName("com.android.shell") + .setAttributionTag(attributionTag) + .build(); try { - return superImpl.apply(code, shellUid, "com.android.shell", featureId, + return superImpl.apply(code, shellAttributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage); } finally { Binder.restoreCallingIdentity(identity); } } - return superImpl.apply(code, uid, packageName, featureId, shouldCollectAsyncNotedOp, + return superImpl.apply(code, attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage); } @@ -20139,28 +20165,37 @@ public class ActivityManagerService extends IActivityManager.Stub } @Override - public SyncNotedAppOp startOperation(IBinder token, int code, int uid, - @Nullable String packageName, @Nullable String attributionTag, + public SyncNotedAppOp startOperation(IBinder token, int code, + AttributionSource attributionSource, boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage, @AttributionFlags int attributionFlags, int attributionChainId, - @NonNull UndecFunction<IBinder, Integer, Integer, String, String, Boolean, + @NonNull NonaFunction<IBinder, Integer, AttributionSource, Boolean, Boolean, String, Boolean, Integer, Integer, SyncNotedAppOp> superImpl) { + final int uid = attributionSource.getUid(); + final String attributionTag = attributionSource.getAttributionTag(); + if (uid == mTargetUid && isTargetOp(code)) { final int shellUid = UserHandle.getUid(UserHandle.getUserId(uid), Process.SHELL_UID); final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(token, code, shellUid, "com.android.shell", - attributionTag, startIfModeDefault, shouldCollectAsyncNotedOp, message, + final AttributionSource shellAttributionSource = + new AttributionSource.Builder(shellUid) + .setPackageName("com.android.shell") + .setAttributionTag(attributionTag) + .build(); + + return superImpl.apply(token, code, shellAttributionSource, + startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId); } finally { Binder.restoreCallingIdentity(identity); } } - return superImpl.apply(token, code, uid, packageName, attributionTag, - startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, - attributionFlags, attributionChainId); + return superImpl.apply(token, code, attributionSource, startIfModeDefault, + shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, + attributionChainId); } @Override diff --git a/services/core/java/com/android/server/am/AppPermissionTracker.java b/services/core/java/com/android/server/am/AppPermissionTracker.java index 18a91535a34c..947fcd38f5a0 100644 --- a/services/core/java/com/android/server/am/AppPermissionTracker.java +++ b/services/core/java/com/android/server/am/AppPermissionTracker.java @@ -37,6 +37,7 @@ import static com.android.server.am.BaseAppStateTracker.STATE_TYPE_PERMISSION; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.AppOpsManager; +import android.content.AttributionSource; import android.content.Context; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager.OnPermissionsChangedListener; @@ -192,7 +193,11 @@ final class AppPermissionTracker extends BaseAppStateTracker<AppPermissionPolicy if (DEBUG_PERMISSION_TRACKER) { final IAppOpsService appOpsService = mInjector.getIAppOpsService(); try { - final int mode = appOpsService.checkOperation(op, uid, packageName); + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .build(); + final int mode = + appOpsService.checkOperationWithState(op, attributionSource.asState()); Slog.i(TAG, "onOpChanged: " + opToPublicName(op) + " " + UserHandle.formatUid(uid) + " " + packageName + " " + mode); @@ -307,7 +312,11 @@ final class AppPermissionTracker extends BaseAppStateTracker<AppPermissionPolicy final IAppOpsService appOpsService = mInjector.getIAppOpsService(); for (String pkg : packages) { try { - final int mode = appOpsService.checkOperation(mAppOp, mUid, pkg); + final AttributionSource attributionSource = + new AttributionSource.Builder(mUid).setPackageName(pkg).build(); + final int mode = + appOpsService.checkOperationWithState( + mAppOp, attributionSource.asState()); if (mode == AppOpsManager.MODE_ALLOWED) { mAppOpAllowed = true; return; diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java index 052b0c2078d1..d6997daaa12b 100644 --- a/services/core/java/com/android/server/appop/AppOpsService.java +++ b/services/core/java/com/android/server/appop/AppOpsService.java @@ -1143,22 +1143,32 @@ public class AppOpsService extends IAppOpsService.Stub { } }, RARELY_USED_PACKAGES_INITIALIZATION_DELAY_MILLIS); - getPackageManagerInternal().setExternalSourcesPolicy( - new PackageManagerInternal.ExternalSourcesPolicy() { - @Override - public int getPackageTrustedToInstallApps(String packageName, int uid) { - int appOpMode = checkOperation(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES, - uid, packageName); - switch (appOpMode) { - case AppOpsManager.MODE_ALLOWED: - return PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED; - case AppOpsManager.MODE_ERRORED: - return PackageManagerInternal.ExternalSourcesPolicy.USER_BLOCKED; - default: - return PackageManagerInternal.ExternalSourcesPolicy.USER_DEFAULT; - } - } - }); + getPackageManagerInternal() + .setExternalSourcesPolicy( + new PackageManagerInternal.ExternalSourcesPolicy() { + @Override + public int getPackageTrustedToInstallApps(String packageName, int uid) { + final AttributionSource attributionSource = + new AttributionSource.Builder(uid) + .setPackageName(packageName) + .build(); + int appOpMode = + checkOperationWithState( + AppOpsManager.OP_REQUEST_INSTALL_PACKAGES, + attributionSource.asState()); + switch (appOpMode) { + case AppOpsManager.MODE_ALLOWED: + return PackageManagerInternal.ExternalSourcesPolicy + .USER_TRUSTED; + case AppOpsManager.MODE_ERRORED: + return PackageManagerInternal.ExternalSourcesPolicy + .USER_BLOCKED; + default: + return PackageManagerInternal.ExternalSourcesPolicy + .USER_DEFAULT; + } + } + }); } @VisibleForTesting @@ -2534,22 +2544,41 @@ public class AppOpsService extends IAppOpsService.Stub { } } + /** @deprecated Use {@link #checkOperationWithStateRaw} instead. */ @Override public int checkOperationRaw(int code, int uid, String packageName, - @Nullable String attributionTag) { - return mCheckOpsDelegateDispatcher.checkOperation(code, uid, packageName, attributionTag, - true /*raw*/); + @Nullable String attributionTag) { + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName).setAttributionTag(attributionTag).build(); + return mCheckOpsDelegateDispatcher.checkOperation(code, attributionSource, true /*raw*/); + } + + @Override + public int checkOperationWithStateRaw(int code, AttributionSourceState attributionSourceState) { + final AttributionSource attributionSource = new AttributionSource(attributionSourceState); + return mCheckOpsDelegateDispatcher.checkOperation(code, attributionSource, true /*raw*/); } + /** @deprecated Use {@link #checkOperationWithState} instead. */ @Override public int checkOperation(int code, int uid, String packageName) { - return mCheckOpsDelegateDispatcher.checkOperation(code, uid, packageName, null, - false /*raw*/); + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .build(); + return mCheckOpsDelegateDispatcher.checkOperation(code, attributionSource, false /*raw*/); } - private int checkOperationImpl(int code, int uid, String packageName, - @Nullable String attributionTag, boolean raw) { + @Override + public int checkOperationWithState(int code, AttributionSourceState attributionSourceState) { + final AttributionSource attributionSource = new AttributionSource(attributionSourceState); + return mCheckOpsDelegateDispatcher.checkOperation(code, attributionSource, false /*raw*/); + } + + private int checkOperationImpl(int code, AttributionSource attributionSource, boolean raw) { verifyIncomingOp(code); + final String packageName = attributionSource.getPackageName(); + final int uid = attributionSource.getUid(); + final String attributionTag = attributionSource.getAttributionTag(); if (!isIncomingPackageValid(packageName, UserHandle.getUserId(uid))) { return AppOpsManager.opToDefaultMode(code); } @@ -2614,7 +2643,10 @@ public class AppOpsService extends IAppOpsService.Stub { if (mode != AppOpsManager.MODE_ALLOWED) { return mode; } - return checkOperation(code, uid, packageName); + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .build(); + return checkOperationWithState(code, attributionSource.asState()); } @Override @@ -2758,17 +2790,38 @@ public class AppOpsService extends IAppOpsService.Stub { proxiedFlags, shouldCollectAsyncNotedOp, message, shouldCollectMessage); } + /** @deprecated Use {@link #noteOperationWithState} instead. */ @Override public SyncNotedAppOp noteOperation(int code, int uid, String packageName, String attributionTag, boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage) { - return mCheckOpsDelegateDispatcher.noteOperation(code, uid, packageName, - attributionTag, shouldCollectAsyncNotedOp, message, shouldCollectMessage); + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .setAttributionTag(attributionTag) + .build(); + return mCheckOpsDelegateDispatcher.noteOperation(code, attributionSource, + shouldCollectAsyncNotedOp, message, shouldCollectMessage); + } + + @Override + public SyncNotedAppOp noteOperationWithState( + int code, + AttributionSourceState attributionSourceState, + boolean shouldCollectAsyncNotedOp, + String message, + boolean shouldCollectMessage) { + final AttributionSource attributionSource = new AttributionSource(attributionSourceState); + return mCheckOpsDelegateDispatcher.noteOperation( + code, attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage); } - private SyncNotedAppOp noteOperationImpl(int code, int uid, @Nullable String packageName, - @Nullable String attributionTag, boolean shouldCollectAsyncNotedOp, + private SyncNotedAppOp noteOperationImpl(int code, AttributionSource attributionSource, + boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage) { + final int uid = attributionSource.getUid(); + final String packageName = attributionSource.getPackageName(); + final String attributionTag = attributionSource.getAttributionTag(); + verifyIncomingUid(uid); verifyIncomingOp(code); if (!isIncomingPackageValid(packageName, UserHandle.getUserId(uid))) { @@ -3163,22 +3216,42 @@ public class AppOpsService extends IAppOpsService.Stub { } } + /** @deprecated Use {@link #startOperationWithState} instead. */ @Override public SyncNotedAppOp startOperation(IBinder token, int code, int uid, - @Nullable String packageName, @Nullable String attributionTag, + @Nullable String packageName, @Nullable String attributionTag, + boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, + String message, boolean shouldCollectMessage, @AttributionFlags int attributionFlags, + int attributionChainId) { + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .setAttributionTag(attributionTag) + .build(); + return mCheckOpsDelegateDispatcher.startOperation(token, code, attributionSource, + startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, + attributionFlags, attributionChainId); + } + + @Override + public SyncNotedAppOp startOperationWithState(IBinder token, int code, + AttributionSourceState attributionSourceState, boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, @AttributionFlags int attributionFlags, int attributionChainId) { - return mCheckOpsDelegateDispatcher.startOperation(token, code, uid, packageName, - attributionTag, startIfModeDefault, shouldCollectAsyncNotedOp, message, + final AttributionSource attributionSource = new AttributionSource(attributionSourceState); + return mCheckOpsDelegateDispatcher.startOperation(token, code, attributionSource, + startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId); } - private SyncNotedAppOp startOperationImpl(@NonNull IBinder clientId, int code, int uid, - @Nullable String packageName, @Nullable String attributionTag, - boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, @NonNull String message, + private SyncNotedAppOp startOperationImpl(@NonNull IBinder clientId, int code, + AttributionSource attributionSource, boolean startIfModeDefault, + boolean shouldCollectAsyncNotedOp, @NonNull String message, boolean shouldCollectMessage, @AttributionFlags int attributionFlags, int attributionChainId) { + final String packageName = attributionSource.getPackageName(); + final int uid = attributionSource.getUid(); + final String attributionTag = attributionSource.getAttributionTag(); verifyIncomingUid(uid); verifyIncomingOp(code); if (!isIncomingPackageValid(packageName, UserHandle.getUserId(uid))) { @@ -3200,7 +3273,7 @@ public class AppOpsService extends IAppOpsService.Stub { int result = MODE_DEFAULT; if (code == OP_RECORD_AUDIO_HOTWORD || code == OP_RECEIVE_AMBIENT_TRIGGER_AUDIO || code == OP_RECORD_AUDIO_SANDBOXED) { - result = checkOperation(OP_RECORD_AUDIO, uid, packageName); + result = checkOperationWithState(OP_RECORD_AUDIO, attributionSource.asState()); // Check result if (result != AppOpsManager.MODE_ALLOWED) { return new SyncNotedAppOp(result, code, attributionTag, packageName); @@ -3208,7 +3281,7 @@ public class AppOpsService extends IAppOpsService.Stub { } // As a special case for OP_CAMERA_SANDBOXED. if (code == OP_CAMERA_SANDBOXED) { - result = checkOperation(OP_CAMERA, uid, packageName); + result = checkOperationWithState(OP_CAMERA, attributionSource.asState()); // Check result if (result != AppOpsManager.MODE_ALLOWED) { return new SyncNotedAppOp(result, code, attributionTag, packageName); @@ -3512,15 +3585,29 @@ public class AppOpsService extends IAppOpsService.Stub { packageName); } + /** @deprecated Use {@link #finishOperationWithState} instead. */ @Override public void finishOperation(IBinder clientId, int code, int uid, String packageName, String attributionTag) { - mCheckOpsDelegateDispatcher.finishOperation(clientId, code, uid, packageName, - attributionTag); + final AttributionSource attributionSource = new AttributionSource.Builder(uid) + .setPackageName(packageName) + .setAttributionTag(attributionTag) + .build(); + mCheckOpsDelegateDispatcher.finishOperation(clientId, code, attributionSource); } - private void finishOperationImpl(IBinder clientId, int code, int uid, String packageName, - String attributionTag) { + @Override + public void finishOperationWithState(IBinder clientId, int code, + AttributionSourceState attributionSourceState) { + final AttributionSource attributionSource = new AttributionSource(attributionSourceState); + mCheckOpsDelegateDispatcher.finishOperation(clientId, code, attributionSource); + } + + private void finishOperationImpl(IBinder clientId, int code, + AttributionSource attributionSource) { + final String packageName = attributionSource.getPackageName(); + final int uid = attributionSource.getUid(); + final String attributionTag = attributionSource.getAttributionTag(); verifyIncomingUid(uid); verifyIncomingOp(code); if (!isIncomingPackageValid(packageName, UserHandle.getUserId(uid))) { @@ -5103,8 +5190,13 @@ public class AppOpsService extends IAppOpsService.Stub { } if (shell.packageName != null) { - shell.mInterface.startOperation(shell.mToken, shell.op, shell.packageUid, - shell.packageName, shell.attributionTag, true, true, + final AttributionSource shellAttributionSource = + new AttributionSource.Builder(shell.packageUid) + .setPackageName(shell.packageName) + .setAttributionTag(shell.attributionTag) + .build(); + shell.mInterface.startOperationWithState(shell.mToken, shell.op, + shellAttributionSource.asState(), true, true, "appops start shell command", true, AppOpsManager.ATTRIBUTION_FLAG_ACCESSOR, ATTRIBUTION_CHAIN_ID_NONE); } else { @@ -5119,8 +5211,13 @@ public class AppOpsService extends IAppOpsService.Stub { } if (shell.packageName != null) { - shell.mInterface.finishOperation(shell.mToken, shell.op, shell.packageUid, - shell.packageName, shell.attributionTag); + final AttributionSource shellAttributionSource = + new AttributionSource.Builder(shell.packageUid) + .setPackageName(shell.packageName) + .setAttributionTag(shell.attributionTag) + .build(); + shell.mInterface.finishOperationWithState(shell.mToken, shell.op, + shellAttributionSource.asState()); } else { return -1; } @@ -6666,25 +6763,24 @@ public class AppOpsService extends IAppOpsService.Stub { return mCheckOpsDelegate; } - public int checkOperation(int code, int uid, String packageName, - @Nullable String attributionTag, boolean raw) { + public int checkOperation(int code, AttributionSource attributionSource, boolean raw) { if (mPolicy != null) { if (mCheckOpsDelegate != null) { - return mPolicy.checkOperation(code, uid, packageName, attributionTag, raw, + return mPolicy.checkOperation(code, attributionSource, raw, this::checkDelegateOperationImpl); } else { - return mPolicy.checkOperation(code, uid, packageName, attributionTag, raw, + return mPolicy.checkOperation(code, attributionSource, raw, AppOpsService.this::checkOperationImpl); } } else if (mCheckOpsDelegate != null) { - return checkDelegateOperationImpl(code, uid, packageName, attributionTag, raw); + return checkDelegateOperationImpl(code, attributionSource, raw); } - return checkOperationImpl(code, uid, packageName, attributionTag, raw); + return checkOperationImpl(code, attributionSource, raw); } - private int checkDelegateOperationImpl(int code, int uid, String packageName, - @Nullable String attributionTag, boolean raw) { - return mCheckOpsDelegate.checkOperation(code, uid, packageName, attributionTag, raw, + private int checkDelegateOperationImpl(int code, AttributionSource attributionSource, + boolean raw) { + return mCheckOpsDelegate.checkOperation(code, attributionSource, raw, AppOpsService.this::checkOperationImpl); } @@ -6709,32 +6805,32 @@ public class AppOpsService extends IAppOpsService.Stub { AppOpsService.this::checkAudioOperationImpl); } - public SyncNotedAppOp noteOperation(int code, int uid, String packageName, - String attributionTag, boolean shouldCollectAsyncNotedOp, String message, + public SyncNotedAppOp noteOperation(int code, AttributionSource attributionSource, + boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage) { if (mPolicy != null) { if (mCheckOpsDelegate != null) { - return mPolicy.noteOperation(code, uid, packageName, attributionTag, + return mPolicy.noteOperation(code, attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage, this::noteDelegateOperationImpl); } else { - return mPolicy.noteOperation(code, uid, packageName, attributionTag, + return mPolicy.noteOperation(code, attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage, AppOpsService.this::noteOperationImpl); } } else if (mCheckOpsDelegate != null) { - return noteDelegateOperationImpl(code, uid, packageName, - attributionTag, shouldCollectAsyncNotedOp, message, shouldCollectMessage); + return noteDelegateOperationImpl(code, attributionSource, shouldCollectAsyncNotedOp, + message, shouldCollectMessage); } - return noteOperationImpl(code, uid, packageName, attributionTag, + return noteOperationImpl(code, attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage); } - private SyncNotedAppOp noteDelegateOperationImpl(int code, int uid, - @Nullable String packageName, @Nullable String featureId, + private SyncNotedAppOp noteDelegateOperationImpl(int code, + AttributionSource attributionSource, boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage) { - return mCheckOpsDelegate.noteOperation(code, uid, packageName, featureId, + return mCheckOpsDelegate.noteOperation(code, attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage, AppOpsService.this::noteOperationImpl); } @@ -6770,39 +6866,38 @@ public class AppOpsService extends IAppOpsService.Stub { AppOpsService.this::noteProxyOperationImpl); } - public SyncNotedAppOp startOperation(IBinder token, int code, int uid, - @Nullable String packageName, @NonNull String attributionTag, - boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, - @Nullable String message, boolean shouldCollectMessage, - @AttributionFlags int attributionFlags, int attributionChainId) { + public SyncNotedAppOp startOperation(IBinder token, int code, + AttributionSource attributionSource, boolean startIfModeDefault, + boolean shouldCollectAsyncNotedOp, @Nullable String message, + boolean shouldCollectMessage, @AttributionFlags int attributionFlags, + int attributionChainId) { if (mPolicy != null) { if (mCheckOpsDelegate != null) { - return mPolicy.startOperation(token, code, uid, packageName, - attributionTag, startIfModeDefault, shouldCollectAsyncNotedOp, message, + return mPolicy.startOperation(token, code, attributionSource, + startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId, this::startDelegateOperationImpl); } else { - return mPolicy.startOperation(token, code, uid, packageName, attributionTag, + return mPolicy.startOperation(token, code, attributionSource, startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId, AppOpsService.this::startOperationImpl); } } else if (mCheckOpsDelegate != null) { - return startDelegateOperationImpl(token, code, uid, packageName, attributionTag, + return startDelegateOperationImpl(token, code, attributionSource, startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId); } - return startOperationImpl(token, code, uid, packageName, attributionTag, + return startOperationImpl(token, code, attributionSource, startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId); } - private SyncNotedAppOp startDelegateOperationImpl(IBinder token, int code, int uid, - @Nullable String packageName, @Nullable String attributionTag, - boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, String message, - boolean shouldCollectMessage, @AttributionFlags int attributionFlags, - int attributionChainId) { - return mCheckOpsDelegate.startOperation(token, code, uid, packageName, attributionTag, + private SyncNotedAppOp startDelegateOperationImpl(IBinder token, int code, + AttributionSource attributionSource, boolean startIfModeDefault, + boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, + @AttributionFlags int attributionFlags, int attributionChainId) { + return mCheckOpsDelegate.startOperation(token, code, attributionSource, startIfModeDefault, shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, attributionChainId, AppOpsService.this::startOperationImpl); } @@ -6848,26 +6943,26 @@ public class AppOpsService extends IAppOpsService.Stub { attributionChainId, AppOpsService.this::startProxyOperationImpl); } - public void finishOperation(IBinder clientId, int code, int uid, String packageName, - String attributionTag) { + public void finishOperation(IBinder clientId, int code, + AttributionSource attributionSource) { if (mPolicy != null) { if (mCheckOpsDelegate != null) { - mPolicy.finishOperation(clientId, code, uid, packageName, attributionTag, + mPolicy.finishOperation(clientId, code, attributionSource, this::finishDelegateOperationImpl); } else { - mPolicy.finishOperation(clientId, code, uid, packageName, attributionTag, + mPolicy.finishOperation(clientId, code, attributionSource, AppOpsService.this::finishOperationImpl); } } else if (mCheckOpsDelegate != null) { - finishDelegateOperationImpl(clientId, code, uid, packageName, attributionTag); + finishDelegateOperationImpl(clientId, code, attributionSource); } else { - finishOperationImpl(clientId, code, uid, packageName, attributionTag); + finishOperationImpl(clientId, code, attributionSource); } } - private void finishDelegateOperationImpl(IBinder clientId, int code, int uid, - String packageName, String attributionTag) { - mCheckOpsDelegate.finishOperation(clientId, code, uid, packageName, attributionTag, + private void finishDelegateOperationImpl(IBinder clientId, int code, + AttributionSource attributionSource) { + mCheckOpsDelegate.finishOperation(clientId, code, attributionSource, AppOpsService.this::finishOperationImpl); } diff --git a/services/core/java/com/android/server/policy/AppOpsPolicy.java b/services/core/java/com/android/server/policy/AppOpsPolicy.java index b83421fe78d7..c2821aef2142 100644 --- a/services/core/java/com/android/server/policy/AppOpsPolicy.java +++ b/services/core/java/com/android/server/policy/AppOpsPolicy.java @@ -50,11 +50,12 @@ import android.util.Log; import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; -import com.android.internal.util.function.HeptFunction; import com.android.internal.util.function.HexFunction; +import com.android.internal.util.function.NonaFunction; import com.android.internal.util.function.QuadFunction; -import com.android.internal.util.function.QuintConsumer; import com.android.internal.util.function.QuintFunction; +import com.android.internal.util.function.TriConsumer; +import com.android.internal.util.function.TriFunction; import com.android.internal.util.function.UndecFunction; import com.android.server.LocalServices; @@ -229,10 +230,12 @@ public final class AppOpsPolicy implements AppOpsManagerInternal.CheckOpsDelegat } @Override - public int checkOperation(int code, int uid, String packageName, - @Nullable String attributionTag, boolean raw, - QuintFunction<Integer, Integer, String, String, Boolean, Integer> superImpl) { - return superImpl.apply(code, resolveUid(code, uid), packageName, attributionTag, raw); + public int checkOperation(int code, AttributionSource attributionSource, boolean raw, + TriFunction<Integer, AttributionSource, Boolean, Integer> superImpl) { + final int uid = attributionSource.getUid(); + final AttributionSource resolvedAttributionSource = + attributionSource.withUid(resolveUid(code, uid)); + return superImpl.apply(code, resolvedAttributionSource, raw); } @Override @@ -242,21 +245,25 @@ public final class AppOpsPolicy implements AppOpsManagerInternal.CheckOpsDelegat } @Override - public SyncNotedAppOp noteOperation(int code, int uid, @Nullable String packageName, - @Nullable String attributionTag, boolean shouldCollectAsyncNotedOp, @Nullable - String message, boolean shouldCollectMessage, @NonNull HeptFunction<Integer, Integer, - String, String, Boolean, String, Boolean, SyncNotedAppOp> superImpl) { - return superImpl.apply(resolveDatasourceOp(code, uid, packageName, attributionTag), - resolveUid(code, uid), packageName, attributionTag, shouldCollectAsyncNotedOp, - message, shouldCollectMessage); + public SyncNotedAppOp noteOperation(int code, AttributionSource attributionSource, + boolean shouldCollectAsyncNotedOp, @Nullable + String message, boolean shouldCollectMessage, + @NonNull QuintFunction<Integer, AttributionSource, Boolean, String, Boolean, + SyncNotedAppOp> superImpl) { + final int uid = attributionSource.getUid(); + final AttributionSource resolvedAttributionSource = + attributionSource.withUid(resolveUid(code, uid)); + return superImpl.apply(resolveDatasourceOp(code, uid, attributionSource.getPackageName(), + attributionSource.getAttributionTag()), resolvedAttributionSource, + shouldCollectAsyncNotedOp, message, shouldCollectMessage); } @Override public SyncNotedAppOp noteProxyOperation(int code, @NonNull AttributionSource attributionSource, boolean shouldCollectAsyncNotedOp, @Nullable String message, boolean shouldCollectMessage, boolean skipProxyOperation, @NonNull HexFunction<Integer, - AttributionSource, Boolean, String, Boolean, Boolean, - SyncNotedAppOp> superImpl) { + AttributionSource, Boolean, String, Boolean, Boolean, + SyncNotedAppOp> superImpl) { return superImpl.apply(resolveDatasourceOp(code, attributionSource.getUid(), attributionSource.getPackageName(), attributionSource.getAttributionTag()), attributionSource, shouldCollectAsyncNotedOp, message, shouldCollectMessage, @@ -264,17 +271,21 @@ public final class AppOpsPolicy implements AppOpsManagerInternal.CheckOpsDelegat } @Override - public SyncNotedAppOp startOperation(IBinder token, int code, int uid, - @Nullable String packageName, @Nullable String attributionTag, + public SyncNotedAppOp startOperation(IBinder token, int code, + AttributionSource attributionSource, boolean startIfModeDefault, boolean shouldCollectAsyncNotedOp, String message, boolean shouldCollectMessage, @AttributionFlags int attributionFlags, - int attributionChainId, @NonNull UndecFunction<IBinder, Integer, Integer, String, - String, Boolean, Boolean, String, Boolean, Integer, Integer, - SyncNotedAppOp> superImpl) { - return superImpl.apply(token, resolveDatasourceOp(code, uid, packageName, attributionTag), - resolveUid(code, uid), packageName, attributionTag, startIfModeDefault, - shouldCollectAsyncNotedOp, message, shouldCollectMessage, attributionFlags, - attributionChainId); + int attributionChainId, + @NonNull NonaFunction<IBinder, Integer, AttributionSource, Boolean, Boolean, String, + Boolean, Integer, Integer, + SyncNotedAppOp> superImpl) { + final int uid = attributionSource.getUid(); + final AttributionSource resolvedAttributionSource = + attributionSource.withUid(resolveUid(code, uid)); + return superImpl.apply(token, resolveDatasourceOp(code, uid, + attributionSource.getPackageName(), attributionSource.getAttributionTag()), + resolvedAttributionSource, startIfModeDefault, shouldCollectAsyncNotedOp, message, + shouldCollectMessage, attributionFlags, attributionChainId); } @Override @@ -293,11 +304,14 @@ public final class AppOpsPolicy implements AppOpsManagerInternal.CheckOpsDelegat } @Override - public void finishOperation(IBinder clientId, int code, int uid, String packageName, - String attributionTag, - @NonNull QuintConsumer<IBinder, Integer, Integer, String, String> superImpl) { - superImpl.accept(clientId, resolveDatasourceOp(code, uid, packageName, attributionTag), - resolveUid(code, uid), packageName, attributionTag); + public void finishOperation(IBinder clientId, int code, AttributionSource attributionSource, + @NonNull TriConsumer<IBinder, Integer, AttributionSource> superImpl) { + final int uid = attributionSource.getUid(); + final AttributionSource resolvedAttributionSource = + attributionSource.withUid(resolveUid(code, uid)); + superImpl.accept(clientId, resolveDatasourceOp(code, uid, + attributionSource.getPackageName(), attributionSource.getAttributionTag()), + resolvedAttributionSource); } @Override diff --git a/services/tests/mockingservicestests/src/com/android/server/AppStateTrackerTest.java b/services/tests/mockingservicestests/src/com/android/server/AppStateTrackerTest.java index 47ae97fc5d27..7ceccc57c0f1 100644 --- a/services/tests/mockingservicestests/src/com/android/server/AppStateTrackerTest.java +++ b/services/tests/mockingservicestests/src/com/android/server/AppStateTrackerTest.java @@ -44,6 +44,7 @@ import android.app.AppOpsManager.PackageOps; import android.app.IActivityManager; import android.app.IUidObserver; import android.app.usage.UsageStatsManager; +import android.content.AttributionSourceState; import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; @@ -229,12 +230,20 @@ public class AppStateTrackerTest { private AppStateTrackerTestable newInstance() throws Exception { MockitoAnnotations.initMocks(this); - when(mMockIAppOpsService.checkOperation(eq(TARGET_OP), anyInt(), anyString())) - .thenAnswer(inv -> { - return mRestrictedPackages.indexOf( - Pair.create(inv.getArgument(1), inv.getArgument(2))) >= 0 ? - AppOpsManager.MODE_IGNORED : AppOpsManager.MODE_ALLOWED; - }); + when(mMockIAppOpsService.checkOperationWithState(eq(TARGET_OP), any())) + .thenAnswer( + (Answer<Integer>) + invocation -> { + AttributionSourceState attribution = + (AttributionSourceState) invocation.getArguments()[1]; + return mRestrictedPackages.indexOf( + Pair.create( + attribution.uid, + attribution.packageName)) + >= 0 + ? AppOpsManager.MODE_IGNORED + : AppOpsManager.MODE_ALLOWED; + }); final AppStateTrackerTestable instance = new AppStateTrackerTestable(); diff --git a/services/tests/mockingservicestests/src/com/android/server/am/ActivityManagerServiceTest.java b/services/tests/mockingservicestests/src/com/android/server/am/ActivityManagerServiceTest.java index 40b5458b06b9..3ee8050cda3e 100644 --- a/services/tests/mockingservicestests/src/com/android/server/am/ActivityManagerServiceTest.java +++ b/services/tests/mockingservicestests/src/com/android/server/am/ActivityManagerServiceTest.java @@ -69,6 +69,7 @@ import android.app.BroadcastOptions; import android.app.IApplicationThread; import android.app.IUidObserver; import android.app.SyncNotedAppOp; +import android.content.AttributionSourceState; import android.content.ComponentName; import android.content.Context; import android.content.Intent; @@ -223,12 +224,16 @@ public class ActivityManagerServiceTest { assertThat(sProcessListSettingsListener).isNotNull(); } - private void mockNoteOperation() { + private void mockNoteOp() { SyncNotedAppOp allowed = new SyncNotedAppOp(AppOpsManager.MODE_ALLOWED, AppOpsManager.OP_GET_USAGE_STATS, null, mContext.getPackageName()); - when(mAppOpsService.noteOperation(eq(AppOpsManager.OP_GET_USAGE_STATS), eq(Process.myUid()), - nullable(String.class), nullable(String.class), any(Boolean.class), - nullable(String.class), any(Boolean.class))).thenReturn(allowed); + when(mAppOpsService.noteOperationWithState( + eq(AppOpsManager.OP_GET_USAGE_STATS), + any(AttributionSourceState.class), + any(Boolean.class), + nullable(String.class), + any(Boolean.class))) + .thenReturn(allowed); } @After @@ -609,7 +614,7 @@ public class ActivityManagerServiceTest { */ @Test public void testDispatchUids_dispatchNeededChanges() throws RemoteException { - mockNoteOperation(); + mockNoteOp(); final int[] changesToObserve = { ActivityManager.UID_OBSERVER_PROCSTATE, @@ -818,7 +823,7 @@ public class ActivityManagerServiceTest { */ @Test public void testDispatchUidChanges_procStateCutpoint() throws RemoteException { - mockNoteOperation(); + mockNoteOp(); final IUidObserver observer = mock(IUidObserver.Stub.class); @@ -888,7 +893,7 @@ public class ActivityManagerServiceTest { */ @Test public void testDispatchUidChanges_validateUidsUpdated() { - mockNoteOperation(); + mockNoteOp(); final int[] changesForPendingItems = UID_RECORD_CHANGES; diff --git a/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java b/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java index bb91939c430e..dcbee83b839b 100644 --- a/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java +++ b/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java @@ -113,6 +113,8 @@ import android.app.Notification; import android.app.NotificationManager; import android.app.role.RoleManager; import android.app.usage.AppStandbyInfo; +import android.content.AttributionSource; +import android.content.AttributionSourceState; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; @@ -2454,9 +2456,12 @@ public final class BackgroundRestrictionTest { doReturn(granted ? MODE_ALLOWED : MODE_IGNORED) .when(mAppOpsManager) .checkOpNoThrow(op, uid, packageName); + AttributionSource attributionSource = + new AttributionSource.Builder(uid).setPackageName(packageName).build(); + AttributionSourceState attributionSourceState = attributionSource.asState(); doReturn(granted ? MODE_ALLOWED : MODE_IGNORED) .when(mIAppOpsService) - .checkOperation(op, uid, packageName); + .checkOperationWithState(eq(op), eq(attributionSourceState)); } catch (RemoteException e) { // Ignore. } diff --git a/services/tests/mockingservicestests/src/com/android/server/appop/AppOpsServiceTest.java b/services/tests/mockingservicestests/src/com/android/server/appop/AppOpsServiceTest.java index 646f4862d75d..daed5df4edd7 100644 --- a/services/tests/mockingservicestests/src/com/android/server/appop/AppOpsServiceTest.java +++ b/services/tests/mockingservicestests/src/com/android/server/appop/AppOpsServiceTest.java @@ -49,6 +49,7 @@ import static org.mockito.ArgumentMatchers.nullable; import android.app.AppOpsManager; import android.app.AppOpsManager.OpEntry; import android.app.AppOpsManager.PackageOps; +import android.content.AttributionSource; import android.content.ContentResolver; import android.content.Context; import android.content.pm.PackageManagerInternal; @@ -216,18 +217,21 @@ public class AppOpsServiceTest { } @Test - public void testNoteOperationAndGetOpsForPackage() { + public void testNoteOpAndGetOpsForPackage() { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); mAppOpsService.setMode(OP_WRITE_SMS, mMyUid, sMyPackageName, MODE_ERRORED); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); // Note an op that's allowed. - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), false, + null, false); List<PackageOps> loggedOps = getLoggedOps(); assertContainsOp(loggedOps, OP_READ_SMS, mTestStartMillis, -1, MODE_ALLOWED); // Note another op that's not allowed. - mAppOpsService.noteOperation(OP_WRITE_SMS, mMyUid, sMyPackageName, null, false, null, - false); + mAppOpsService.noteOperationWithState(OP_WRITE_SMS, attributionSource.asState(), false, + null, false); loggedOps = getLoggedOps(); assertContainsOp(loggedOps, OP_READ_SMS, mTestStartMillis, -1, MODE_ALLOWED); assertContainsOp(loggedOps, OP_WRITE_SMS, -1, mTestStartMillis, MODE_ERRORED); @@ -239,20 +243,24 @@ public class AppOpsServiceTest { * ACCESS_COARSE_LOCATION op is used to check whether WIFI_SCAN is allowed. */ @Test - public void testNoteOperationAndGetOpsForPackage_controlledByDifferentOp() { + public void testNoteOpAndGetOpsForPackage_controlledByDifferentOp() { // This op controls WIFI_SCAN mAppOpsService.setMode(OP_COARSE_LOCATION, mMyUid, sMyPackageName, MODE_ALLOWED); - assertThat(mAppOpsService.noteOperation(OP_WIFI_SCAN, mMyUid, sMyPackageName, null, false, - null, false).getOpMode()).isEqualTo(MODE_ALLOWED); + assertThat(mAppOpsService.noteOperationWithState(OP_WIFI_SCAN, + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName) + .build().asState(), false, null, false).getOpMode()) + .isEqualTo(MODE_ALLOWED); assertContainsOp(getLoggedOps(), OP_WIFI_SCAN, mTestStartMillis, -1, MODE_ALLOWED /* default for WIFI_SCAN; this is not changed or used in this test */); // Now set COARSE_LOCATION to ERRORED -> this will make WIFI_SCAN disabled as well. mAppOpsService.setMode(OP_COARSE_LOCATION, mMyUid, sMyPackageName, MODE_ERRORED); - assertThat(mAppOpsService.noteOperation(OP_WIFI_SCAN, mMyUid, sMyPackageName, null, false, - null, false).getOpMode()).isEqualTo(MODE_ERRORED); + assertThat(mAppOpsService.noteOperationWithState(OP_WIFI_SCAN, + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName) + .build().asState(), false, null, false) + .getOpMode()).isEqualTo(MODE_ERRORED); assertContainsOp(getLoggedOps(), OP_WIFI_SCAN, mTestStartMillis, mTestStartMillis, MODE_ALLOWED /* default for WIFI_SCAN; this is not changed or used in this test */); @@ -263,9 +271,12 @@ public class AppOpsServiceTest { public void testStatePersistence() { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); mAppOpsService.setMode(OP_WRITE_SMS, mMyUid, sMyPackageName, MODE_ERRORED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); - mAppOpsService.noteOperation(OP_WRITE_SMS, mMyUid, sMyPackageName, null, false, null, - false); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), false, + null, false); + mAppOpsService.noteOperationWithState(OP_WRITE_SMS, attributionSource.asState(), false, + null, false); mAppOpsService.shutdown(); @@ -283,7 +294,10 @@ public class AppOpsServiceTest { @Test public void testShutdown() { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), false, + null, false); mAppOpsService.shutdown(); // Create a new app ops service which will initialize its state from XML. @@ -297,7 +311,10 @@ public class AppOpsServiceTest { @Test public void testGetOpsForPackage() { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), false, + null, false); // Query all ops List<PackageOps> loggedOps = mAppOpsService.getOpsForPackage( @@ -326,7 +343,10 @@ public class AppOpsServiceTest { @Test public void testPackageRemoved() { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), false, + null, false); List<PackageOps> loggedOps = getLoggedOps(); assertContainsOp(loggedOps, OP_READ_SMS, mTestStartMillis, -1, MODE_ALLOWED); @@ -341,7 +361,8 @@ public class AppOpsServiceTest { @Test public void testPackageRemovedHistoricalOps() throws InterruptedException { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + mAppOpsService.noteOperationWithState(OP_READ_SMS, mMyUid, sMyPackageName, null, false, + null, false); AppOpsManager.HistoricalOps historicalOps = new AppOpsManager.HistoricalOps(0, 15000); historicalOps.increaseAccessCount(OP_READ_SMS, mMyUid, sMyPackageName, null, @@ -381,7 +402,10 @@ public class AppOpsServiceTest { @Test public void testUidRemoved() { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), + false, null, false); List<PackageOps> loggedOps = getLoggedOps(); assertContainsOp(loggedOps, OP_READ_SMS, mTestStartMillis, -1, MODE_ALLOWED); @@ -393,7 +417,10 @@ public class AppOpsServiceTest { @Test public void testUidStateInitializationDoesntClearState() throws InterruptedException { mAppOpsService.setMode(OP_READ_SMS, mMyUid, sMyPackageName, MODE_ALLOWED); - mAppOpsService.noteOperation(OP_READ_SMS, mMyUid, sMyPackageName, null, false, null, false); + AttributionSource attributionSource = + new AttributionSource.Builder(mMyUid).setPackageName(sMyPackageName).build(); + mAppOpsService.noteOperationWithState(OP_READ_SMS, attributionSource.asState(), false, + null, false); mAppOpsService.initializeUidStates(); List<PackageOps> ops = mAppOpsService.getOpsForPackage(mMyUid, sMyPackageName, new int[]{OP_READ_SMS}); diff --git a/services/tests/servicestests/src/com/android/server/pm/SuspendPackagesTest.java b/services/tests/servicestests/src/com/android/server/pm/SuspendPackagesTest.java index 398148ff4d3b..01a91c1db1e6 100644 --- a/services/tests/servicestests/src/com/android/server/pm/SuspendPackagesTest.java +++ b/services/tests/servicestests/src/com/android/server/pm/SuspendPackagesTest.java @@ -30,6 +30,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import android.app.AppGlobals; +import android.content.AttributionSource; import android.content.Context; import android.content.pm.IPackageManager; import android.content.pm.LauncherApps; @@ -281,12 +282,16 @@ public class SuspendPackagesTest { }; iAppOps.startWatchingMode(code, TEST_APP_PACKAGE_NAME, watcher); final int testPackageUid = mPackageManager.getPackageUid(TEST_APP_PACKAGE_NAME, 0); - int opMode = iAppOps.checkOperation(code, testPackageUid, TEST_APP_PACKAGE_NAME); + AttributionSource attributionSource = + new AttributionSource.Builder(testPackageUid) + .setPackageName(TEST_APP_PACKAGE_NAME) + .build(); + int opMode = iAppOps.checkOperationWithState(code, attributionSource.asState()); assertEquals("Op " + opToName(code) + " disallowed for unsuspended package", MODE_ALLOWED, opMode); suspendTestPackage(null, null, null); assertTrue("AppOpsWatcher did not callback", latch.await(5, TimeUnit.SECONDS)); - opMode = iAppOps.checkOperation(code, testPackageUid, TEST_APP_PACKAGE_NAME); + opMode = iAppOps.checkOperationWithState(code, attributionSource.asState()); assertEquals("Op " + opToName(code) + " allowed for suspended package", MODE_IGNORED, opMode); iAppOps.stopWatchingMode(watcher); |