diff options
12 files changed, 180 insertions, 813 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 789719527c8d..b01a89e672be 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -72,7 +72,6 @@ import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.ArrayUtils; import com.android.internal.util.Preconditions; -import com.android.internal.util.function.QuadFunction; import com.android.internal.util.function.TriFunction; import com.android.server.LocalServices; import com.android.server.pm.UserManagerInternal; @@ -94,6 +93,7 @@ import java.util.WeakHashMap; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; +import java.util.function.BiFunction; /** * Manages all permissions and handles permissions related tasks. @@ -233,11 +233,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { - return mPermissionManagerServiceImpl.checkPermission(packageName, permissionName, - deviceId, userId); + return mPermissionManagerServiceImpl.checkPermission( + packageName, permissionName, userId); } - return checkPermissionDelegate.checkPermission(packageName, permissionName, - deviceId, userId, mPermissionManagerServiceImpl::checkPermission); + return checkPermissionDelegate.checkPermission(packageName, permissionName, userId, + mPermissionManagerServiceImpl::checkPermission); } @Override @@ -254,10 +254,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (checkPermissionDelegate == null) { - return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName, deviceId); + return mPermissionManagerServiceImpl.checkUidPermission(uid, permissionName); } return checkPermissionDelegate.checkUidPermission(uid, permissionName, - deviceId, mPermissionManagerServiceImpl::checkUidPermission); + mPermissionManagerServiceImpl::checkUidPermission); } @Override @@ -511,14 +511,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { public int getPermissionFlags(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl - .getPermissionFlags(packageName, permissionName, deviceId, userId); + .getPermissionFlags(packageName, permissionName, userId); } @Override public void updatePermissionFlags(String packageName, String permissionName, int flagMask, int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { mPermissionManagerServiceImpl.updatePermissionFlags(packageName, permissionName, flagMask, - flagValues, checkAdjustPolicyFlagPermission, deviceId, userId); + flagValues, checkAdjustPolicyFlagPermission, userId); } @Override @@ -560,15 +560,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public void grantRuntimePermission(String packageName, String permissionName, int deviceId, int userId) { - mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, - deviceId, userId); + mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName, userId); } @Override public void revokeRuntimePermission(String packageName, String permissionName, int deviceId, int userId, String reason) { mPermissionManagerServiceImpl.revokeRuntimePermission(packageName, permissionName, - deviceId, userId, reason); + userId, reason); } @Override @@ -581,14 +580,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { public boolean shouldShowRequestPermissionRationale(String packageName, String permissionName, int deviceId, int userId) { return mPermissionManagerServiceImpl.shouldShowRequestPermissionRationale(packageName, - permissionName, deviceId, userId); + permissionName, userId); } @Override public boolean isPermissionRevokedByPolicy(String packageName, String permissionName, int deviceId, int userId) { - return mPermissionManagerServiceImpl.isPermissionRevokedByPolicy(packageName, - permissionName, deviceId, userId); + return mPermissionManagerServiceImpl + .isPermissionRevokedByPolicy(packageName, permissionName, userId); } @Override @@ -869,7 +868,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { * * @param packageName the name of the package to be checked * @param permissionName the name of the permission to be checked - * @param deviceId The device ID * @param userId the user ID * @param superImpl the original implementation that can be delegated to * @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has @@ -878,21 +876,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { * @see android.content.pm.PackageManager#checkPermission(String, String) */ int checkPermission(@NonNull String packageName, @NonNull String permissionName, - int deviceId, @UserIdInt int userId, - @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl); + @UserIdInt int userId, + @NonNull TriFunction<String, String, Integer, Integer> superImpl); /** * Check whether the given UID has been granted the specified permission. * * @param uid the UID to be checked * @param permissionName the name of the permission to be checked - * @param deviceId The device ID * @param superImpl the original implementation that can be delegated to * @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has * the permission, or {@link android.content.pm.PackageManager#PERMISSION_DENIED} otherwise */ - int checkUidPermission(int uid, @NonNull String permissionName, int deviceId, - TriFunction<Integer, String, Integer, Integer> superImpl); + int checkUidPermission(int uid, @NonNull String permissionName, + BiFunction<Integer, String, Integer> superImpl); /** * @return list of delegated permissions @@ -921,32 +918,31 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public int checkPermission(@NonNull String packageName, @NonNull String permissionName, - int deviceId, int userId, - @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl) { + int userId, @NonNull TriFunction<String, String, Integer, Integer> superImpl) { if (mDelegatedPackageName.equals(packageName) && isDelegatedPermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply("com.android.shell", permissionName, deviceId, userId); + return superImpl.apply("com.android.shell", permissionName, userId); } finally { Binder.restoreCallingIdentity(identity); } } - return superImpl.apply(packageName, permissionName, deviceId, userId); + return superImpl.apply(packageName, permissionName, userId); } @Override - public int checkUidPermission(int uid, @NonNull String permissionName, int deviceId, - @NonNull TriFunction<Integer, String, Integer, Integer> superImpl) { + public int checkUidPermission(int uid, @NonNull String permissionName, + @NonNull BiFunction<Integer, String, Integer> superImpl) { if (uid == mDelegatedUid && isDelegatedPermission(permissionName)) { final long identity = Binder.clearCallingIdentity(); try { - return superImpl.apply(Process.SHELL_UID, permissionName, deviceId); + return superImpl.apply(Process.SHELL_UID, permissionName); } finally { Binder.restoreCallingIdentity(identity); } } - return superImpl.apply(uid, permissionName, deviceId); + return superImpl.apply(uid, permissionName); } @Override diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java index 6764e087ff04..4353c5787d4b 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java @@ -681,7 +681,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override - public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) { + public int getPermissionFlags(String packageName, String permName, int userId) { final int callingUid = Binder.getCallingUid(); return getPermissionFlagsInternal(packageName, permName, callingUid, userId); } @@ -724,7 +724,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @Override public void updatePermissionFlags(String packageName, String permName, int flagMask, - int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { + int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { final int callingUid = Binder.getCallingUid(); boolean overridePolicy = false; @@ -908,12 +908,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } } - private int checkPermission(String pkgName, String permName, int userId) { - return checkPermission(pkgName, permName, Context.DEVICE_ID_DEFAULT, userId); - } - @Override - public int checkPermission(String pkgName, String permName, int deviceId, int userId) { + public int checkPermission(String pkgName, String permName, int userId) { if (!mUserManagerInt.exists(userId)) { return PackageManager.PERMISSION_DENIED; } @@ -979,12 +975,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt return true; } - private int checkUidPermission(int uid, String permName) { - return checkUidPermission(uid, permName, Context.DEVICE_ID_DEFAULT); - } - @Override - public int checkUidPermission(int uid, String permName, int deviceId) { + public int checkUidPermission(int uid, String permName) { final int userId = UserHandle.getUserId(uid); if (!mUserManagerInt.exists(userId)) { return PackageManager.PERMISSION_DENIED; @@ -1303,8 +1295,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override - public void grantRuntimePermission(String packageName, String permName, int deviceId, - int userId) { + public void grantRuntimePermission(String packageName, String permName, final int userId) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY) @@ -1477,11 +1468,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override - public void revokeRuntimePermission(String packageName, String permName, int deviceId, - int userId, String reason) { + public void revokeRuntimePermission(String packageName, String permName, int userId, + String reason) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = - checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY, deviceId) + checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY) == PackageManager.PERMISSION_GRANTED; revokeRuntimePermissionInternal(packageName, permName, overridePolicy, callingUid, userId, @@ -1868,7 +1859,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permName, - int deviceId, @UserIdInt int userId) { + @UserIdInt int userId) { final int callingUid = Binder.getCallingUid(); if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( @@ -1931,8 +1922,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } @Override - public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, - int userId) { + public boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId) { if (UserHandle.getCallingUserId() != userId) { mContext.enforceCallingPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, @@ -2069,8 +2059,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt continue; } boolean isSystemOrPolicyFixed = (getPermissionFlags(newPackage.getPackageName(), - permInfo.name, Context.DEVICE_ID_DEFAULT, userId) & ( - FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0; + permInfo.name, userId) & (FLAG_PERMISSION_SYSTEM_FIXED + | FLAG_PERMISSION_POLICY_FIXED)) != 0; if (isSystemOrPolicyFixed) { continue; } @@ -2236,8 +2226,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt for (final int userId : userIds) { final int permissionState = checkPermission(packageName, permName, userId); - final int flags = getPermissionFlags(packageName, permName, - Context.DEVICE_ID_DEFAULT, userId); + final int flags = getPermissionFlags(packageName, permName, userId); final int flagMask = FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED | FLAG_PERMISSION_GRANTED_BY_DEFAULT @@ -5133,7 +5122,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt @NonNull @Override - public Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId) { + public Set<String> getGrantedPermissions(@NonNull String packageName, + @UserIdInt int userId) { Objects.requireNonNull(packageName, "packageName"); Preconditions.checkArgumentNonNegative(userId, "userId"); return getGrantedPermissionsInternal(packageName, userId); diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java index 2d824aa1ba13..128f847715ab 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java @@ -25,6 +25,7 @@ import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.content.pm.permission.SplitPermissionInfoParcelable; import android.permission.IOnPermissionsChangeListener; +import android.permission.PermissionManager; import android.permission.PermissionManagerInternal; import com.android.server.pm.pkg.AndroidPackage; @@ -136,16 +137,14 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte void removePermission(String permName); /** - * Gets the permission state flags associated with a permission. + * Gets the state flags associated with a permission. * * @param packageName the package name for which to get the flags * @param permName the permission for which to get the flags - * @param deviceId The device for which to get the flags * @param userId the user for which to get permission flags * @return the permission flags */ - int getPermissionFlags(String packageName, String permName, int deviceId, - @UserIdInt int userId); + int getPermissionFlags(String packageName, String permName, int userId); /** * Updates the flags associated with a permission by replacing the flags in the specified mask @@ -155,11 +154,10 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * @param permName The permission for which to update the flags * @param flagMask The flags which to replace * @param flagValues The flags with which to replace - * @param deviceId The device for which to update the permission flags * @param userId The user for which to update the permission flags */ - void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues, - boolean checkAdjustPolicyFlagPermission, int deviceId, @UserIdInt int userId); + void updatePermissionFlags(String packageName, String permName, int flagMask, + int flagValues, boolean checkAdjustPolicyFlagPermission, int userId); /** * Update the permission flags for all packages and runtime permissions of a user in order @@ -293,13 +291,11 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * * @param packageName the package to which to grant the permission * @param permName the permission name to grant - * @param deviceId the device for which to grant the permission * @param userId the user for which to grant the permission * - * @see #revokeRuntimePermission(String, String, int, int, String) + * @see #revokeRuntimePermission(String, String, android.os.UserHandle, String) */ - void grantRuntimePermission(String packageName, String permName, int deviceId, - @UserIdInt int userId); + void grantRuntimePermission(String packageName, String permName, int userId); /** * Revoke a runtime permission that was previously granted by @@ -314,14 +310,13 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * * @param packageName the package from which to revoke the permission * @param permName the permission name to revoke - * @param deviceId the device for which to revoke the permission * @param userId the user for which to revoke the permission * @param reason the reason for the revoke, or {@code null} for unspecified * - * @see #grantRuntimePermission(String, String, int, int) + * @see #grantRuntimePermission(String, String, android.os.UserHandle) */ - void revokeRuntimePermission(String packageName, String permName, int deviceId, - @UserIdInt int userId, String reason); + void revokeRuntimePermission(String packageName, String permName, int userId, + String reason); /** * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE @@ -338,29 +333,24 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte * does not clearly communicate to the user what would be the benefit from grating this * permission. * - * @param packageName the package name * @param permName a permission your app wants to request - * @param deviceId the device for which to check the permission - * @param userId the user for which to check the permission * @return whether you can show permission rationale UI */ boolean shouldShowRequestPermissionRationale(String packageName, String permName, - int deviceId, @UserIdInt int userId); + @UserIdInt int userId); /** - * Checks whether a particular permission has been revoked for a package by policy. Typically, + * Checks whether a particular permissions has been revoked for a package by policy. Typically * the device owner or the profile owner may apply such a policy. The user cannot grant policy * revoked permissions, hence the only way for an app to get such a permission is by a policy * change. * * @param packageName the name of the package you are checking against * @param permName the name of the permission you are checking for - * @param deviceId the device for which you are checking the permission - * @param userId the device for which you are checking the permission + * * @return whether the permission is restricted by policy */ - boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, - @UserIdInt int userId); + boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId); /** * Get set of permissions that have been split into more granular or dependent permissions. @@ -383,25 +373,14 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte List<SplitPermissionInfoParcelable> getSplitPermissions(); /** - * Check whether a permission is granted or not to a package. - * - * @param pkgName package name - * @param permName permission name - * @param deviceId device ID - * @param userId user ID - * @return permission result {@link PackageManager.PermissionResult} + * TODO:theianchen add doc describing this is the old checkPermissionImpl */ - int checkPermission(String pkgName, String permName, int deviceId, @UserIdInt int userId); + int checkPermission(String pkgName, String permName, int userId); /** - * Check whether a permission is granted or not to an UID. - * - * @param uid UID - * @param permName permission name - * @param deviceId device ID - * @return permission result {@link PackageManager.PermissionResult} + * TODO:theianchen add doc describing this is the old checkUidPermissionImpl */ - int checkUidPermission(int uid, String permName, int deviceId); + int checkUidPermission(int uid, String permName); /** * Get all the package names requesting app op permissions. @@ -421,11 +400,15 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte @UserIdInt int userId); /** - * Reset the runtime permission state changes for a package for all devices. + * Reset the runtime permission state changes for a package. * * TODO(zhanghai): Turn this into package change callback? + * + * @param pkg the package + * @param userId the user ID */ - void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); + void resetRuntimePermissions(@NonNull AndroidPackage pkg, + @UserIdInt int userId); /** * Reset the runtime permission state changes for all packages in a user. @@ -466,8 +449,8 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte /** * Get all the permissions granted to a package. * - * @param packageName package name - * @param userId user ID + * @param packageName the name of the package + * @param userId the user ID * @return the names of the granted permissions */ @NonNull diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java index dacb8c6890a0..7f98e2163178 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java @@ -120,21 +120,21 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag } @Override - public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) { + public int getPermissionFlags(String packageName, String permName, int userId) { Log.i(LOG_TAG, "getPermissionFlags(packageName = " + packageName + ", permName = " - + permName + ", deviceId = " + deviceId + ", userId = " + userId + ")"); - return mService.getPermissionFlags(packageName, permName, deviceId, userId); + + permName + ", userId = " + userId + ")"); + return mService.getPermissionFlags(packageName, permName, userId); } @Override public void updatePermissionFlags(String packageName, String permName, int flagMask, - int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { + int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { Log.i(LOG_TAG, "updatePermissionFlags(packageName = " + packageName + ", permName = " + permName + ", flagMask = " + flagMask + ", flagValues = " + flagValues + ", checkAdjustPolicyFlagPermission = " + checkAdjustPolicyFlagPermission - + ", deviceId = " + deviceId + ", userId = " + userId + ")"); + + ", userId = " + userId + ")"); mService.updatePermissionFlags(packageName, permName, flagMask, flagValues, - checkAdjustPolicyFlagPermission, deviceId, userId); + checkAdjustPolicyFlagPermission, userId); } @Override @@ -182,20 +182,18 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag } @Override - public void grantRuntimePermission(String packageName, String permName, int deviceId, - int userId) { + public void grantRuntimePermission(String packageName, String permName, int userId) { Log.i(LOG_TAG, "grantRuntimePermission(packageName = " + packageName + ", permName = " - + permName + ", deviceId = " + deviceId + ", userId = " + userId + ")"); - mService.grantRuntimePermission(packageName, permName, deviceId, userId); + + permName + ", userId = " + userId + ")"); + mService.grantRuntimePermission(packageName, permName, userId); } @Override - public void revokeRuntimePermission(String packageName, String permName, int deviceId, - int userId, String reason) { + public void revokeRuntimePermission(String packageName, String permName, int userId, + String reason) { Log.i(LOG_TAG, "revokeRuntimePermission(packageName = " + packageName + ", permName = " - + permName + ", deviceId = " + deviceId + ", userId = " + userId - + ", reason = " + reason + ")"); - mService.revokeRuntimePermission(packageName, permName, deviceId, userId, reason); + + permName + ", userId = " + userId + ", reason = " + reason + ")"); + mService.revokeRuntimePermission(packageName, permName, userId, reason); } @Override @@ -207,20 +205,17 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permName, - int deviceId, int userId) { + int userId) { Log.i(LOG_TAG, "shouldShowRequestPermissionRationale(packageName = " + packageName - + ", permName = " + permName + ", deviceId = " + deviceId - + ", userId = " + userId + ")"); - return mService.shouldShowRequestPermissionRationale(packageName, permName, deviceId, - userId); + + ", permName = " + permName + ", userId = " + userId + ")"); + return mService.shouldShowRequestPermissionRationale(packageName, permName, userId); } @Override - public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, - int userId) { + public boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId) { Log.i(LOG_TAG, "isPermissionRevokedByPolicy(packageName = " + packageName + ", permName = " - + permName + ", deviceId = " + deviceId + ", userId = " + userId + ")"); - return mService.isPermissionRevokedByPolicy(packageName, permName, deviceId, userId); + + permName + ", userId = " + userId + ")"); + return mService.isPermissionRevokedByPolicy(packageName, permName, userId); } @Override @@ -230,17 +225,16 @@ public class PermissionManagerServiceLoggingDecorator implements PermissionManag } @Override - public int checkPermission(String pkgName, String permName, int deviceId, int userId) { + public int checkPermission(String pkgName, String permName, int userId) { Log.i(LOG_TAG, "checkPermission(pkgName = " + pkgName + ", permName = " + permName - + ", deviceId = " + deviceId + ", userId = " + userId + ")"); - return mService.checkPermission(pkgName, permName, deviceId, userId); + + ", userId = " + userId + ")"); + return mService.checkPermission(pkgName, permName, userId); } @Override - public int checkUidPermission(int uid, String permName, int deviceId) { - Log.i(LOG_TAG, "checkUidPermission(uid = " + uid + ", permName = " + permName - + ", deviceId = " + deviceId + ")"); - return mService.checkUidPermission(uid, permName, deviceId); + public int checkUidPermission(int uid, String permName) { + Log.i(LOG_TAG, "checkUidPermission(uid = " + uid + ", permName = " + permName + ")"); + return mService.checkUidPermission(uid, permName); } @Override diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java index 35d165b9b54a..d4c6d42deeaa 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java @@ -153,10 +153,9 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer } @Override - public int getPermissionFlags(String packageName, String permName, int deviceId, - @UserIdInt int userId) { - int oldVal = mOldImplementation.getPermissionFlags(packageName, permName, deviceId, userId); - int newVal = mNewImplementation.getPermissionFlags(packageName, permName, deviceId, userId); + public int getPermissionFlags(String packageName, String permName, int userId) { + int oldVal = mOldImplementation.getPermissionFlags(packageName, permName, userId); + int newVal = mNewImplementation.getPermissionFlags(packageName, permName, userId); if (!Objects.equals(oldVal, newVal)) { signalImplDifference("getPermissionFlags"); @@ -166,12 +165,11 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer @Override public void updatePermissionFlags(String packageName, String permName, int flagMask, - int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, - @UserIdInt int userId) { + int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { mOldImplementation.updatePermissionFlags(packageName, permName, flagMask, flagValues, - checkAdjustPolicyFlagPermission, deviceId, userId); + checkAdjustPolicyFlagPermission, userId); mNewImplementation.updatePermissionFlags(packageName, permName, flagMask, flagValues, - checkAdjustPolicyFlagPermission, deviceId, userId); + checkAdjustPolicyFlagPermission, userId); } @Override @@ -236,17 +234,16 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer } @Override - public void grantRuntimePermission(String packageName, String permName, int deviceId, - @UserIdInt int userId) { - mOldImplementation.grantRuntimePermission(packageName, permName, deviceId, userId); - mNewImplementation.grantRuntimePermission(packageName, permName, deviceId, userId); + public void grantRuntimePermission(String packageName, String permName, int userId) { + mOldImplementation.grantRuntimePermission(packageName, permName, userId); + mNewImplementation.grantRuntimePermission(packageName, permName, userId); } @Override - public void revokeRuntimePermission(String packageName, String permName, int deviceId, - @UserIdInt int userId, String reason) { - mOldImplementation.revokeRuntimePermission(packageName, permName, deviceId, userId, reason); - mNewImplementation.revokeRuntimePermission(packageName, permName, deviceId, userId, reason); + public void revokeRuntimePermission(String packageName, String permName, int userId, + String reason) { + mOldImplementation.grantRuntimePermission(packageName, permName, userId); + mNewImplementation.grantRuntimePermission(packageName, permName, userId); } @Override @@ -258,11 +255,11 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permName, - int deviceId, @UserIdInt int userId) { - boolean oldVal = mOldImplementation.shouldShowRequestPermissionRationale(packageName, - permName, deviceId, userId); - boolean newVal = mNewImplementation.shouldShowRequestPermissionRationale(packageName, - permName, deviceId, userId); + int userId) { + boolean oldVal = mOldImplementation + .shouldShowRequestPermissionRationale(packageName, permName, userId); + boolean newVal = mNewImplementation + .shouldShowRequestPermissionRationale(packageName, permName, userId); if (!Objects.equals(oldVal, newVal)) { signalImplDifference("shouldShowRequestPermissionRationale"); @@ -271,12 +268,11 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer } @Override - public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, - @UserIdInt int userId) { - boolean oldVal = mOldImplementation.isPermissionRevokedByPolicy(packageName, permName, - deviceId, userId); + public boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId) { + boolean oldVal = mOldImplementation + .isPermissionRevokedByPolicy(packageName, permName, userId); boolean newVal = mNewImplementation.isPermissionRevokedByPolicy(packageName, permName, - deviceId, userId); + userId); if (!Objects.equals(oldVal, newVal)) { signalImplDifference("isPermissionRevokedByPolicy"); @@ -296,9 +292,9 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer } @Override - public int checkPermission(String pkgName, String permName, int deviceId, int userId) { - int oldVal = mOldImplementation.checkPermission(pkgName, permName, deviceId, userId); - int newVal = mNewImplementation.checkPermission(pkgName, permName, deviceId, userId); + public int checkPermission(String pkgName, String permName, int userId) { + int oldVal = mOldImplementation.checkPermission(pkgName, permName, userId); + int newVal = mNewImplementation.checkPermission(pkgName, permName, userId); if (!Objects.equals(oldVal, newVal)) { signalImplDifference("checkPermission"); @@ -307,9 +303,9 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer } @Override - public int checkUidPermission(int uid, String permName, int deviceId) { - int oldVal = mOldImplementation.checkUidPermission(uid, permName, deviceId); - int newVal = mNewImplementation.checkUidPermission(uid, permName, deviceId); + public int checkUidPermission(int uid, String permName) { + int oldVal = mOldImplementation.checkUidPermission(uid, permName); + int newVal = mNewImplementation.checkUidPermission(uid, permName); if (!Objects.equals(oldVal, newVal)) { signalImplDifference("checkUidPermission"); @@ -376,7 +372,7 @@ public class PermissionManagerServiceTestingShim implements PermissionManagerSer @NonNull @Override - public Set<String> getGrantedPermissions(@NonNull String packageName, @UserIdInt int userId) { + public Set<String> getGrantedPermissions(@NonNull String packageName, int userId) { Set<String> oldVal = mOldImplementation.getGrantedPermissions(packageName, userId); Set<String> newVal = mNewImplementation.getGrantedPermissions(packageName, userId); diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java index cbeede0f425c..4e72fae99c9c 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java @@ -158,10 +158,10 @@ public class PermissionManagerServiceTracingDecorator implements PermissionManag } @Override - public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) { + public int getPermissionFlags(String packageName, String permName, int userId) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#getPermissionFlags"); try { - return mService.getPermissionFlags(packageName, permName, deviceId, userId); + return mService.getPermissionFlags(packageName, permName, userId); } finally { Trace.traceEnd(TRACE_TAG); } @@ -169,12 +169,12 @@ public class PermissionManagerServiceTracingDecorator implements PermissionManag @Override public void updatePermissionFlags(String packageName, String permName, int flagMask, - int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) { + int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#updatePermissionFlags"); try { mService.updatePermissionFlags(packageName, permName, flagMask, flagValues, - checkAdjustPolicyFlagPermission, deviceId, userId); + checkAdjustPolicyFlagPermission, userId); } finally { Trace.traceEnd(TRACE_TAG); } @@ -253,24 +253,23 @@ public class PermissionManagerServiceTracingDecorator implements PermissionManag } @Override - public void grantRuntimePermission(String packageName, String permName, int deviceId, - int userId) { + public void grantRuntimePermission(String packageName, String permName, int userId) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#grantRuntimePermission"); try { - mService.grantRuntimePermission(packageName, permName, deviceId, userId); + mService.grantRuntimePermission(packageName, permName, userId); } finally { Trace.traceEnd(TRACE_TAG); } } @Override - public void revokeRuntimePermission(String packageName, String permName, int deviceId, - int userId, String reason) { + public void revokeRuntimePermission(String packageName, String permName, int userId, + String reason) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#revokeRuntimePermission"); try { - mService.revokeRuntimePermission(packageName, permName, deviceId, userId, reason); + mService.revokeRuntimePermission(packageName, permName, userId, reason); } finally { Trace.traceEnd(TRACE_TAG); } @@ -289,24 +288,22 @@ public class PermissionManagerServiceTracingDecorator implements PermissionManag @Override public boolean shouldShowRequestPermissionRationale(String packageName, String permName, - int deviceId, int userId) { + int userId) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#shouldShowRequestPermissionRationale"); try { - return mService.shouldShowRequestPermissionRationale( - packageName, permName, deviceId, userId); + return mService.shouldShowRequestPermissionRationale(packageName, permName, userId); } finally { Trace.traceEnd(TRACE_TAG); } } @Override - public boolean isPermissionRevokedByPolicy(String packageName, String permName, int deviceId, - int userId) { + public boolean isPermissionRevokedByPolicy(String packageName, String permName, int userId) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#isPermissionRevokedByPolicy"); try { - return mService.isPermissionRevokedByPolicy(packageName, permName, deviceId, userId); + return mService.isPermissionRevokedByPolicy(packageName, permName, userId); } finally { Trace.traceEnd(TRACE_TAG); } @@ -324,20 +321,20 @@ public class PermissionManagerServiceTracingDecorator implements PermissionManag } @Override - public int checkPermission(String pkgName, String permName, int deviceId, int userId) { + public int checkPermission(String pkgName, String permName, int userId) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#checkPermission"); try { - return mService.checkPermission(pkgName, permName, deviceId, userId); + return mService.checkPermission(pkgName, permName, userId); } finally { Trace.traceEnd(TRACE_TAG); } } @Override - public int checkUidPermission(int uid, String permName, int deviceId) { + public int checkUidPermission(int uid, String permName) { Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#checkUidPermission"); try { - return mService.checkUidPermission(uid, permName, deviceId); + return mService.checkUidPermission(uid, permName); } finally { Trace.traceEnd(TRACE_TAG); } diff --git a/services/permission/java/com/android/server/permission/access/AccessPolicy.kt b/services/permission/java/com/android/server/permission/access/AccessPolicy.kt index 6a349e237ffe..17474fbe1de4 100644 --- a/services/permission/java/com/android/server/permission/access/AccessPolicy.kt +++ b/services/permission/java/com/android/server/permission/access/AccessPolicy.kt @@ -26,7 +26,6 @@ import com.android.server.permission.access.collection.* // ktlint-disable no-wi import com.android.server.permission.access.immutable.* // ktlint-disable no-wildcard-imports import com.android.server.permission.access.immutable.IndexedMap import com.android.server.permission.access.permission.AppIdPermissionPolicy -import com.android.server.permission.access.permission.DevicePermissionPolicy import com.android.server.permission.access.util.attributeInt import com.android.server.permission.access.util.attributeInterned import com.android.server.permission.access.util.forEachTag @@ -47,7 +46,6 @@ class AccessPolicy private constructor( getOrPut(policy.subjectScheme) { MutableIndexedMap() }[policy.objectScheme] = policy } addPolicy(AppIdPermissionPolicy()) - addPolicy(DevicePermissionPolicy()) addPolicy(AppIdAppOpPolicy()) addPolicy(PackageAppOpPolicy()) } as IndexedMap<String, IndexedMap<String, SchemePolicy>> diff --git a/services/permission/java/com/android/server/permission/access/AccessState.kt b/services/permission/java/com/android/server/permission/access/AccessState.kt index 94c878a453c9..4ec32ea53f28 100644 --- a/services/permission/java/com/android/server/permission/access/AccessState.kt +++ b/services/permission/java/com/android/server/permission/access/AccessState.kt @@ -329,18 +329,6 @@ typealias MutableAppIdPermissionFlags = private typealias AppIdPermissionFlagsReference = MutableReference<AppIdPermissionFlags, MutableAppIdPermissionFlags> - -typealias DevicePermissionFlags = - IndexedReferenceMap<String, IndexedMap<String, Int>, MutableIndexedMap<String, Int>> -typealias MutableDevicePermissionFlags = - MutableIndexedReferenceMap<String, IndexedMap<String, Int>, MutableIndexedMap<String, Int>> -typealias AppIdDevicePermissionFlags = - IntReferenceMap<DevicePermissionFlags, MutableDevicePermissionFlags> -typealias MutableAppIdDevicePermissionFlags = - MutableIntReferenceMap<DevicePermissionFlags, MutableDevicePermissionFlags> -private typealias AppIdDevicePermissionFlagsReference = - MutableReference<AppIdDevicePermissionFlags, MutableAppIdDevicePermissionFlags> - typealias AppIdAppOpModes = IntReferenceMap<IndexedMap<String, Int>, MutableIndexedMap<String, Int>> typealias MutableAppIdAppOpModes = @@ -358,7 +346,6 @@ private typealias PackageAppOpModesReference = sealed class UserState( internal val packageVersionsReference: PackageVersionsReference, internal val appIdPermissionFlagsReference: AppIdPermissionFlagsReference, - internal val appIdDevicePermissionFlagsReference: AppIdDevicePermissionFlagsReference, internal val appIdAppOpModesReference: AppIdAppOpModesReference, internal val packageAppOpModesReference: PackageAppOpModesReference, defaultPermissionGrantFingerprint: String?, @@ -370,9 +357,6 @@ sealed class UserState( val appIdPermissionFlags: AppIdPermissionFlags get() = appIdPermissionFlagsReference.get() - val appIdDevicePermissionFlags: AppIdDevicePermissionFlags - get() = appIdDevicePermissionFlagsReference.get() - val appIdAppOpModes: AppIdAppOpModes get() = appIdAppOpModesReference.get() @@ -391,7 +375,6 @@ sealed class UserState( class MutableUserState private constructor( packageVersionsReference: PackageVersionsReference, appIdPermissionFlagsReference: AppIdPermissionFlagsReference, - appIdDevicePermissionFlagsReference: AppIdDevicePermissionFlagsReference, appIdAppOpModesReference: AppIdAppOpModesReference, packageAppOpModesReference: PackageAppOpModesReference, defaultPermissionGrantFingerprint: String?, @@ -399,7 +382,6 @@ class MutableUserState private constructor( ) : UserState( packageVersionsReference, appIdPermissionFlagsReference, - appIdDevicePermissionFlagsReference, appIdAppOpModesReference, packageAppOpModesReference, defaultPermissionGrantFingerprint, @@ -408,7 +390,6 @@ class MutableUserState private constructor( constructor() : this( PackageVersionsReference(MutableIndexedMap<String, Int>()), AppIdPermissionFlagsReference(MutableAppIdPermissionFlags()), - AppIdDevicePermissionFlagsReference(MutableAppIdDevicePermissionFlags()), AppIdAppOpModesReference(MutableAppIdAppOpModes()), PackageAppOpModesReference(MutablePackageAppOpModes()), null, @@ -418,7 +399,6 @@ class MutableUserState private constructor( internal constructor(userState: UserState) : this( userState.packageVersionsReference.toImmutable(), userState.appIdPermissionFlagsReference.toImmutable(), - userState.appIdDevicePermissionFlagsReference.toImmutable(), userState.appIdAppOpModesReference.toImmutable(), userState.packageAppOpModesReference.toImmutable(), userState.defaultPermissionGrantFingerprint, @@ -430,9 +410,6 @@ class MutableUserState private constructor( fun mutateAppIdPermissionFlags(): MutableAppIdPermissionFlags = appIdPermissionFlagsReference.mutate() - fun mutateAppIdDevicePermissionFlags(): MutableAppIdDevicePermissionFlags = - appIdDevicePermissionFlagsReference.mutate() - fun mutateAppIdAppOpModes(): MutableAppIdAppOpModes = appIdAppOpModesReference.mutate() fun mutatePackageAppOpModes(): MutablePackageAppOpModes = packageAppOpModesReference.mutate() diff --git a/services/permission/java/com/android/server/permission/access/AccessUri.kt b/services/permission/java/com/android/server/permission/access/AccessUri.kt index 1d46ca71fe0f..d1abc0455245 100644 --- a/services/permission/java/com/android/server/permission/access/AccessUri.kt +++ b/services/permission/java/com/android/server/permission/access/AccessUri.kt @@ -65,17 +65,6 @@ data class PermissionUri( } } -data class DevicePermissionUri( - val permissionName: String, - val deviceId: Int -) : AccessUri(SCHEME) { - override fun toString(): String = "$scheme:///$permissionName/$deviceId" - - companion object { - const val SCHEME = "device-permission" - } -} - data class UidUri( val uid: Int ) : AccessUri(SCHEME) { diff --git a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt deleted file mode 100644 index 37a4a90f8f80..000000000000 --- a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (C) 2023 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.server.permission.access.permission - -import android.util.Slog -import com.android.modules.utils.BinaryXmlPullParser -import com.android.modules.utils.BinaryXmlSerializer -import com.android.server.permission.access.AccessState -import com.android.server.permission.access.DevicePermissionFlags -import com.android.server.permission.access.MutableAccessState -import com.android.server.permission.access.MutableAppIdDevicePermissionFlags -import com.android.server.permission.access.MutableDevicePermissionFlags -import com.android.server.permission.access.WriteMode -import com.android.server.permission.access.immutable.IndexedMap -import com.android.server.permission.access.immutable.MutableIndexedMap -import com.android.server.permission.access.immutable.forEachIndexed -import com.android.server.permission.access.immutable.forEachReversedIndexed -import com.android.server.permission.access.immutable.set -import com.android.server.permission.access.util.andInv -import com.android.server.permission.access.util.attributeInt -import com.android.server.permission.access.util.attributeInterned -import com.android.server.permission.access.util.forEachTag -import com.android.server.permission.access.util.getAttributeIntOrThrow -import com.android.server.permission.access.util.getAttributeValueOrThrow -import com.android.server.permission.access.util.hasBits -import com.android.server.permission.access.util.tag -import com.android.server.permission.access.util.tagName - -class DevicePermissionPersistence { - fun BinaryXmlPullParser.parseUserState(state: MutableAccessState, userId: Int) { - when (tagName) { - TAG_APP_ID_DEVICE_PERMISSIONS -> parseAppIdDevicePermissions(state, userId) - else -> {} - } - } - - private fun BinaryXmlPullParser.parseAppIdDevicePermissions( - state: MutableAccessState, - userId: Int - ) { - val userState = state.mutateUserState(userId, WriteMode.NONE)!! - val appIdDevicePermissionFlags = userState.mutateAppIdDevicePermissionFlags() - forEachTag { - when (tagName) { - TAG_APP_ID -> parseAppId(appIdDevicePermissionFlags) - else -> Slog.w(LOG_TAG, "Ignoring unknown tag $name when parsing permission state") - } - } - - appIdDevicePermissionFlags.forEachReversedIndexed { appIdIndex, appId, _ -> - if (appId !in state.externalState.appIdPackageNames) { - Slog.w(LOG_TAG, "Dropping unknown app ID $appId when parsing permission state") - appIdDevicePermissionFlags.removeAt(appIdIndex) - userState.requestWriteMode(WriteMode.ASYNCHRONOUS) - } - } - } - - private fun BinaryXmlPullParser.parseAppId( - appIdPermissionFlags: MutableAppIdDevicePermissionFlags - ) { - val appId = getAttributeIntOrThrow(ATTR_ID) - val devicePermissionFlags = MutableDevicePermissionFlags() - appIdPermissionFlags[appId] = devicePermissionFlags - forEachTag { - when (tagName) { - TAG_DEVICE -> parseDevice(devicePermissionFlags) - else -> { - Slog.w(LOG_TAG, "Ignoring unknown tag $name when parsing permission state") - } - } - } - } - - private fun BinaryXmlPullParser.parseDevice( - deviceIdPermissionFlags: MutableDevicePermissionFlags - ) { - val deviceId = getAttributeValueOrThrow(ATTR_ID) - val permissionFlags = MutableIndexedMap<String, Int>() - deviceIdPermissionFlags.put(deviceId, permissionFlags) - forEachTag { - when (tagName) { - TAG_PERMISSION -> parsePermission(permissionFlags) - else -> Slog.w(LOG_TAG, "Ignoring unknown tag $name when parsing permission state") - } - } - } - - private fun BinaryXmlPullParser.parsePermission( - permissionFlags: MutableIndexedMap<String, Int> - ) { - val name = getAttributeValueOrThrow(ATTR_NAME).intern() - val flags = getAttributeIntOrThrow(ATTR_FLAGS) - permissionFlags[name] = flags - } - - fun BinaryXmlSerializer.serializeUserState(state: AccessState, userId: Int) { - val appIdDevicePermissionFlags = state.userStates[userId]!!.appIdDevicePermissionFlags - tag(TAG_APP_ID_DEVICE_PERMISSIONS) { - appIdDevicePermissionFlags.forEachIndexed { _, appId, devicePermissionFlags -> - serializeAppId(appId, devicePermissionFlags) - } - } - } - - private fun BinaryXmlSerializer.serializeAppId( - appId: Int, - devicePermissionFlags: DevicePermissionFlags - ) { - tag(TAG_APP_ID) { - attributeInt(ATTR_ID, appId) - devicePermissionFlags.forEachIndexed { _, deviceId, permissionFlags -> - serializeDevice(deviceId, permissionFlags) - } - } - } - - private fun BinaryXmlSerializer.serializeDevice( - deviceId: String, - permissionFlags: IndexedMap<String, Int> - ) { - tag(TAG_DEVICE) { - attributeInterned(ATTR_ID, deviceId) - permissionFlags.forEachIndexed { _, name, flags -> - serializePermission(name, flags) - } - } - } - - private fun BinaryXmlSerializer.serializePermission(name: String, flags: Int) { - tag(TAG_PERMISSION) { - attributeInterned(ATTR_NAME, name) - // Never serialize one-time permissions as granted. - val serializedFlags = if (flags.hasBits(PermissionFlags.ONE_TIME)) { - flags andInv PermissionFlags.RUNTIME_GRANTED - } else { - flags - } - attributeInt(ATTR_FLAGS, serializedFlags) - } - } - - companion object { - private val LOG_TAG = DevicePermissionPersistence::class.java.simpleName - - private const val TAG_APP_ID_DEVICE_PERMISSIONS = "app-id-device-permissions" - private const val TAG_APP_ID = "app-id" - private const val TAG_DEVICE = "device" - private const val TAG_PERMISSION = "permission" - - private const val ATTR_ID = "id" - private const val ATTR_NAME = "name" - private const val ATTR_FLAGS = "flags" - } -}
\ No newline at end of file diff --git a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt deleted file mode 100644 index c0d7546180bf..000000000000 --- a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright (C) 2023 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.server.permission.access.permission - -import android.util.Slog -import com.android.modules.utils.BinaryXmlPullParser -import com.android.modules.utils.BinaryXmlSerializer -import com.android.server.permission.access.AccessState -import com.android.server.permission.access.DevicePermissionUri -import com.android.server.permission.access.GetStateScope -import com.android.server.permission.access.MutableAccessState -import com.android.server.permission.access.MutateStateScope -import com.android.server.permission.access.SchemePolicy -import com.android.server.permission.access.UidUri -import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports -import com.android.server.permission.access.immutable.* // ktlint-disable no-wildcard-imports -import com.android.server.permission.access.util.andInv -import com.android.server.pm.pkg.PackageState - -class DevicePermissionPolicy : SchemePolicy() { - private val persistence = DevicePermissionPersistence() - - @Volatile - private var listeners: IndexedListSet<OnDevicePermissionFlagsChangedListener> = - MutableIndexedListSet() - private val listenersLock = Any() - - override val subjectScheme: String - get() = UidUri.SCHEME - - override val objectScheme: String - get() = DevicePermissionUri.SCHEME - - override fun GetStateScope.onStateMutated() { - listeners.forEachIndexed { _, it -> it.onStateMutated() } - } - - override fun MutateStateScope.onAppIdRemoved(appId: Int) { - newState.userStates.forEachIndexed { userStateIndex, _, userState -> - if (appId in userState.appIdDevicePermissionFlags) { - newState.mutateUserStateAt(userStateIndex) - .mutateAppIdDevicePermissionFlags() -= appId - } - } - } - - override fun MutateStateScope.onStorageVolumeMounted( - volumeUuid: String?, - packageNames: List<String>, - isSystemUpdated: Boolean - ) { - packageNames.forEachIndexed { _, packageName -> - val packageState = newState.externalState.packageStates[packageName]!! - trimPermissionStates(packageState.appId) - } - } - - override fun MutateStateScope.onPackageAdded(packageState: PackageState) { - trimPermissionStates(packageState.appId) - } - - override fun MutateStateScope.onPackageRemoved(packageName: String, appId: Int) { - if (appId in newState.externalState.appIdPackageNames) { - trimPermissionStates(appId) - } - } - - override fun MutateStateScope.onPackageUninstalled( - packageName: String, - appId: Int, - userId: Int - ) { - resetPermissionStates(packageName, userId) - } - - private fun MutateStateScope.resetPermissionStates(packageName: String, userId: Int) { - // It's okay to skip resetting permissions for packages that are removed, - // because their states will be trimmed in onPackageRemoved()/onAppIdRemoved() - val packageState = newState.externalState.packageStates[packageName] ?: return - val androidPackage = packageState.androidPackage ?: return - val appId = packageState.appId - val appIdPermissionFlags = newState.userStates[userId]!!.appIdDevicePermissionFlags - androidPackage.requestedPermissions.forEach { permissionName -> - val isRequestedByOtherPackages = anyPackageInAppId(appId) { - it.packageName != packageName && - permissionName in it.androidPackage!!.requestedPermissions - } - if (isRequestedByOtherPackages) { - return@forEach - } - appIdPermissionFlags[appId]?.forEachIndexed { _, deviceId, _ -> - setPermissionFlags(appId, deviceId, userId, permissionName, 0) - } - } - } - - private fun MutateStateScope.trimPermissionStates(appId: Int) { - val requestedPermissions = MutableIndexedSet<String>() - forEachPackageInAppId(appId) { - requestedPermissions += it.androidPackage!!.requestedPermissions - } - newState.userStates.forEachIndexed { _, userId, userState -> - userState.appIdDevicePermissionFlags[appId]?.forEachReversedIndexed { - _, deviceId, permissionFlags -> - permissionFlags.forEachReversedIndexed { _, permissionName, _ -> - if (permissionName !in requestedPermissions) { - setPermissionFlags(appId, deviceId, userId, permissionName, 0) - } - } - } - } - } - - private inline fun MutateStateScope.anyPackageInAppId( - appId: Int, - state: AccessState = newState, - predicate: (PackageState) -> Boolean - ): Boolean { - val packageNames = state.externalState.appIdPackageNames[appId]!! - return packageNames.anyIndexed { _, packageName -> - val packageState = state.externalState.packageStates[packageName]!! - packageState.androidPackage != null && predicate(packageState) - } - } - - private inline fun MutateStateScope.forEachPackageInAppId( - appId: Int, - state: AccessState = newState, - action: (PackageState) -> Unit - ) { - val packageNames = state.externalState.appIdPackageNames[appId]!! - packageNames.forEachIndexed { _, packageName -> - val packageState = state.externalState.packageStates[packageName]!! - if (packageState.androidPackage != null) { - action(packageState) - } - } - } - - override fun BinaryXmlPullParser.parseUserState(state: MutableAccessState, userId: Int) { - with(persistence) { this@parseUserState.parseUserState(state, userId) } - } - - override fun BinaryXmlSerializer.serializeUserState(state: AccessState, userId: Int) { - with(persistence) { this@serializeUserState.serializeUserState(state, userId) } - } - - fun GetStateScope.getPermissionFlags( - appId: Int, - deviceId: String, - userId: Int, - permissionName: String - ): Int = - state.userStates[userId]?.appIdDevicePermissionFlags?.get(appId)?.get(deviceId) - ?.getWithDefault(permissionName, 0) ?: 0 - - fun MutateStateScope.setPermissionFlags( - appId: Int, - deviceId: String, - userId: Int, - permissionName: String, - flags: Int - ): Boolean = - updatePermissionFlags( - appId, deviceId, userId, permissionName, PermissionFlags.MASK_ALL, flags - ) - - private fun MutateStateScope.updatePermissionFlags( - appId: Int, - deviceId: String, - userId: Int, - permissionName: String, - flagMask: Int, - flagValues: Int - ): Boolean { - if (!isDeviceAwarePermission(permissionName)) { - Slog.w(LOG_TAG, "$permissionName is not a device aware permission.") - return false - } - val oldFlags = newState.userStates[userId]!!.appIdDevicePermissionFlags[appId] - ?.get(deviceId).getWithDefault(permissionName, 0) - val newFlags = (oldFlags andInv flagMask) or (flagValues and flagMask) - if (oldFlags == newFlags) { - return false - } - val appIdDevicePermissionFlags = - newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags() - val devicePermissionFlags = appIdDevicePermissionFlags.mutateOrPut(appId) { - MutableIndexedReferenceMap() - } - val permissionFlags = devicePermissionFlags.mutateOrPut(deviceId) { MutableIndexedMap() } - permissionFlags.putWithDefault(permissionName, newFlags, 0) - if (permissionFlags.isEmpty()) { - devicePermissionFlags -= deviceId - if (devicePermissionFlags.isEmpty()) { - appIdDevicePermissionFlags -= appId - } - } - listeners.forEachIndexed { _, it -> - it.onDevicePermissionFlagsChanged( - appId, userId, deviceId, permissionName, oldFlags, newFlags - ) - } - return true - } - - fun addOnPermissionFlagsChangedListener(listener: OnDevicePermissionFlagsChangedListener) { - synchronized(listenersLock) { - listeners = listeners + listener - } - } - - fun removeOnPermissionFlagsChangedListener(listener: OnDevicePermissionFlagsChangedListener) { - synchronized(listenersLock) { - listeners = listeners - listener - } - } - - private fun isDeviceAwarePermission(permissionName: String): Boolean = - DEVICE_SUPPORTED_PERMISSIONS.contains(permissionName) - - companion object { - private val LOG_TAG = DevicePermissionPolicy::class.java.simpleName - - /** - * These permissions are supported for virtual devices. - */ - private val DEVICE_SUPPORTED_PERMISSIONS = indexedSetOf( - android.Manifest.permission.CAMERA, - android.Manifest.permission.RECORD_AUDIO - ) - } - - /** - * TODO: b/289355341 - implement listener for permission changes - * Listener for permission flags changes. - */ - abstract class OnDevicePermissionFlagsChangedListener { - /** - * Called when a permission flags change has been made to the upcoming new state. - * - * Implementations should keep this method fast to avoid stalling the locked state mutation, - * and only call external code after [onStateMutated] when the new state has actually become - * the current state visible to external code. - */ - abstract fun onDevicePermissionFlagsChanged( - appId: Int, - userId: Int, - deviceId: String, - permissionName: String, - oldFlags: Int, - newFlags: Int - ) - - /** - * Called when the upcoming new state has become the current state. - * - * Implementations should keep this method fast to avoid stalling the locked state mutation. - */ - abstract fun onStateMutated() - } -}
\ No newline at end of file diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt index 9a19c2df8791..edacf188b333 100644 --- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt +++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt @@ -64,11 +64,9 @@ import com.android.server.LocalServices import com.android.server.PermissionThread import com.android.server.ServiceThread import com.android.server.SystemConfig -import com.android.server.companion.virtual.VirtualDeviceManagerInternal import com.android.server.permission.access.AccessCheckingService import com.android.server.permission.access.AccessState import com.android.server.permission.access.AppOpUri -import com.android.server.permission.access.DevicePermissionUri import com.android.server.permission.access.GetStateScope import com.android.server.permission.access.MutateStateScope import com.android.server.permission.access.PermissionUri @@ -112,9 +110,6 @@ class PermissionService( private val policy = service.getSchemePolicy(UidUri.SCHEME, PermissionUri.SCHEME) as AppIdPermissionPolicy - private val devicePolicy = - service.getSchemePolicy(UidUri.SCHEME, DevicePermissionUri.SCHEME) as DevicePermissionPolicy - private val context = service.context private lateinit var metricsLogger: MetricsLogger private lateinit var packageManagerInternal: PackageManagerInternal @@ -135,8 +130,6 @@ class PermissionService( @GuardedBy("storageVolumeLock") private val storageVolumePackageNames = ArrayMap<String?, MutableList<String>>() - private var virtualDeviceManagerInternal: VirtualDeviceManagerInternal? = null - private lateinit var permissionControllerManager: PermissionControllerManager /** @@ -159,6 +152,7 @@ class PermissionService( systemConfig = SystemConfig.getInstance() userManagerInternal = LocalServices.getService(UserManagerInternal::class.java) userManagerService = UserManagerService.getInstance() + // The package info cache is the cache for package and permission information. // Disable the package info and package permission caches locally but leave the // checkPermission cache active. @@ -466,7 +460,7 @@ class PermissionService( return size } - override fun checkUidPermission(uid: Int, permissionName: String, deviceId: Int): Int { + override fun checkUidPermission(uid: Int, permissionName: String): Int { val userId = UserHandle.getUserId(uid) if (!userManagerInternal.exists(userId)) { return PackageManager.PERMISSION_DENIED @@ -488,7 +482,7 @@ class PermissionService( return PackageManager.PERMISSION_DENIED } val isPermissionGranted = service.getState { - isPermissionGranted(packageState, userId, permissionName, deviceId) + isPermissionGranted(packageState, userId, permissionName) } return if (isPermissionGranted) { PackageManager.PERMISSION_GRANTED @@ -521,12 +515,7 @@ class PermissionService( return false } - override fun checkPermission( - packageName: String, - permissionName: String, - deviceId: Int, - userId: Int - ): Int { + override fun checkPermission(packageName: String, permissionName: String, userId: Int): Int { if (!userManagerInternal.exists(userId)) { return PackageManager.PERMISSION_DENIED } @@ -535,7 +524,7 @@ class PermissionService( .use { it.getPackageState(packageName) } ?: return PackageManager.PERMISSION_DENIED val isPermissionGranted = service.getState { - isPermissionGranted(packageState, userId, permissionName, deviceId) + isPermissionGranted(packageState, userId, permissionName) } return if (isPermissionGranted) { PackageManager.PERMISSION_GRANTED @@ -553,21 +542,19 @@ class PermissionService( private fun GetStateScope.isPermissionGranted( packageState: PackageState, userId: Int, - permissionName: String, - deviceId: Int + permissionName: String ): Boolean { val appId = packageState.appId // Note that instant apps can't have shared UIDs, so we only need to check the current // package state. val isInstantApp = packageState.getUserStateOrDefault(userId).isInstantApp - if (isSinglePermissionGranted(appId, userId, isInstantApp, permissionName, deviceId)) { + if (isSinglePermissionGranted(appId, userId, isInstantApp, permissionName)) { return true } val fullerPermissionName = FULLER_PERMISSIONS[permissionName] if (fullerPermissionName != null && - isSinglePermissionGranted(appId, userId, isInstantApp, fullerPermissionName, deviceId) - ) { + isSinglePermissionGranted(appId, userId, isInstantApp, fullerPermissionName)) { return true } @@ -581,10 +568,9 @@ class PermissionService( appId: Int, userId: Int, isInstantApp: Boolean, - permissionName: String, - deviceId: Int, + permissionName: String ): Boolean { - val flags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId) + val flags = with(policy) { getPermissionFlags(appId, userId, permissionName) } if (!PermissionFlags.isPermissionGranted(flags)) { return false } @@ -615,8 +601,7 @@ class PermissionService( ?: return emptySet() return permissionFlags.mapNotNullIndexedTo(ArraySet()) { _, permissionName, _ -> - if (isPermissionGranted( - packageState, userId, permissionName, Context.DEVICE_ID_DEFAULT)) { + if (isPermissionGranted(packageState, userId, permissionName)) { permissionName } else { null @@ -655,26 +640,18 @@ class PermissionService( } } - override fun grantRuntimePermission( - packageName: String, - permissionName: String, - deviceId: Int, - userId: Int - ) { - setRuntimePermissionGranted( - packageName, userId, permissionName, deviceId, isGranted = true - ) + override fun grantRuntimePermission(packageName: String, permissionName: String, userId: Int) { + setRuntimePermissionGranted(packageName, userId, permissionName, isGranted = true) } override fun revokeRuntimePermission( packageName: String, permissionName: String, - deviceId: Int, userId: Int, reason: String? ) { setRuntimePermissionGranted( - packageName, userId, permissionName, deviceId, isGranted = false, revokeReason = reason + packageName, userId, permissionName, isGranted = false, revokeReason = reason ) } @@ -683,8 +660,8 @@ class PermissionService( userId: Int ) { setRuntimePermissionGranted( - packageName, userId, Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, - isGranted = false, skipKillUid = true + packageName, userId, Manifest.permission.POST_NOTIFICATIONS, isGranted = false, + skipKillUid = true ) } @@ -696,7 +673,6 @@ class PermissionService( packageName: String, userId: Int, permissionName: String, - deviceId: Int, isGranted: Boolean, skipKillUid: Boolean = false, revokeReason: String? = null @@ -772,7 +748,7 @@ class PermissionService( } setRuntimePermissionGranted( - packageState, userId, permissionName, deviceId, isGranted, canManageRolePermission, + packageState, userId, permissionName, isGranted, canManageRolePermission, overridePolicyFixed, reportError = true, methodName ) } @@ -806,16 +782,14 @@ class PermissionService( if (permissionState == PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED) { setRuntimePermissionGranted( - packageState, userId, permissionName, Context.DEVICE_ID_DEFAULT, - isGranted = true, canManageRolePermission = false, - overridePolicyFixed = false, reportError = false, - "setRequestedPermissionStates" + packageState, userId, permissionName, isGranted = true, + canManageRolePermission = false, overridePolicyFixed = false, + reportError = false, "setRequestedPermissionStates" ) updatePermissionFlags( packageState.appId, userId, permissionName, - Context.DEVICE_ID_DEFAULT, PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED or - PackageManager.FLAG_PERMISSION_REVOKED_COMPAT, 0, + PackageManager.FLAG_PERMISSION_REVOKED_COMPAT, 0, canUpdateSystemFlags = false, reportErrorForUnknownPermission = false, isPermissionRequested = true, "setRequestedPermissionStates", @@ -842,7 +816,6 @@ class PermissionService( packageState: PackageState, userId: Int, permissionName: String, - deviceId: Int, isGranted: Boolean, canManageRolePermission: Boolean, overridePolicyFixed: Boolean, @@ -898,7 +871,7 @@ class PermissionService( } val appId = packageState.appId - val oldFlags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId) + val oldFlags = with(policy) { getPermissionFlags(appId, userId, permissionName) } if (permissionName !in androidPackage.requestedPermissions && oldFlags == 0) { if (reportError) { @@ -961,7 +934,7 @@ class PermissionService( return } - setPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId, newFlags) + with(policy) { setPermissionFlags(appId, userId, permissionName, newFlags) } if (permission.isRuntime) { val action = if (isGranted) { @@ -990,12 +963,7 @@ class PermissionService( with(appOpPolicy) { setAppOpMode(packageState.appId, userId, appOpName, mode) } } - override fun getPermissionFlags( - packageName: String, - permissionName: String, - deviceId: Int, - userId: Int, - ): Int { + override fun getPermissionFlags(packageName: String, permissionName: String, userId: Int): Int { if (!userManagerInternal.exists(userId)) { Slog.w(LOG_TAG, "getPermissionFlags: Unknown user $userId") return 0 @@ -1026,8 +994,7 @@ class PermissionService( } val flags = - getPermissionFlagsWithPolicy(packageState.appId, userId, permissionName, deviceId) - + with(policy) { getPermissionFlags(packageState.appId, userId, permissionName) } return PermissionFlags.toApiFlags(flags) } } @@ -1035,7 +1002,6 @@ class PermissionService( override fun isPermissionRevokedByPolicy( packageName: String, permissionName: String, - deviceId: Int, userId: Int ): Boolean { if (!userManagerInternal.exists(userId)) { @@ -1052,13 +1018,13 @@ class PermissionService( .use { it.getPackageState(packageName) } ?: return false service.getState { - if (isPermissionGranted(packageState, userId, permissionName, deviceId)) { + if (isPermissionGranted(packageState, userId, permissionName)) { return false } - val flags = - getPermissionFlagsWithPolicy(packageState.appId, userId, permissionName, deviceId) - + val flags = with(policy) { + getPermissionFlags(packageState.appId, userId, permissionName) + } return flags.hasBits(PermissionFlags.POLICY_FIXED) } } @@ -1080,8 +1046,7 @@ class PermissionService( override fun shouldShowRequestPermissionRationale( packageName: String, permissionName: String, - deviceId: Int, - userId: Int, + userId: Int ): Boolean { if (!userManagerInternal.exists(userId)) { Slog.w(LOG_TAG, "shouldShowRequestPermissionRationale: Unknown user $userId") @@ -1103,11 +1068,11 @@ class PermissionService( val flags: Int service.getState { - if (isPermissionGranted(packageState, userId, permissionName, deviceId)) { + if (isPermissionGranted(packageState, userId, permissionName)) { return false } - flags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId) + flags = with(policy) { getPermissionFlags(appId, userId, permissionName) } } if (flags.hasAnyBit(UNREQUESTABLE_MASK)) { return false @@ -1139,7 +1104,6 @@ class PermissionService( flagMask: Int, flagValues: Int, enforceAdjustPolicyPermission: Boolean, - deviceId: Int, userId: Int ) { val callingUid = Binder.getCallingUid() @@ -1235,7 +1199,7 @@ class PermissionService( val appId = packageState.appId service.mutateState { updatePermissionFlags( - appId, userId, permissionName, deviceId, flagMask, flagValues, canUpdateSystemFlags, + appId, userId, permissionName, flagMask, flagValues, canUpdateSystemFlags, reportErrorForUnknownPermission = true, isPermissionRequested, "updatePermissionFlags", packageName ) @@ -1284,9 +1248,8 @@ class PermissionService( val androidPackage = packageState.androidPackage ?: return@forEach androidPackage.requestedPermissions.forEach { permissionName -> updatePermissionFlags( - packageState.appId, userId, permissionName, Context.DEVICE_ID_DEFAULT, - flagMask, flagValues, canUpdateSystemFlags, - reportErrorForUnknownPermission = false, + packageState.appId, userId, permissionName, flagMask, flagValues, + canUpdateSystemFlags, reportErrorForUnknownPermission = false, isPermissionRequested = true, "updatePermissionFlagsForAllApps", packageName ) } @@ -1301,7 +1264,6 @@ class PermissionService( appId: Int, userId: Int, permissionName: String, - deviceId: Int, flagMask: Int, flagValues: Int, canUpdateSystemFlags: Boolean, @@ -1336,7 +1298,7 @@ class PermissionService( return } - val oldFlags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId) + val oldFlags = with(policy) { getPermissionFlags(appId, userId, permissionName) } if (!isPermissionRequested && oldFlags == 0) { Slog.w( LOG_TAG, "$methodName: Permission $permissionName isn't requested by package" + @@ -1346,7 +1308,7 @@ class PermissionService( } val newFlags = PermissionFlags.updateFlags(permission, oldFlags, flagMask, flagValues) - setPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId, newFlags) + with(policy) { setPermissionFlags(appId, userId, permissionName, newFlags) } } override fun getAllowlistedRestrictedPermissions( @@ -1403,63 +1365,6 @@ class PermissionService( ) } - private fun GetStateScope.getPermissionFlagsWithPolicy( - appId: Int, - userId: Int, - permissionName: String, - deviceId: Int, - ): Int { - return if (deviceId == Context.DEVICE_ID_DEFAULT) { - with(policy) { getPermissionFlags(appId, userId, permissionName) } - } else { - val virtualDeviceManagerInternal = virtualDeviceManagerInternal - if (virtualDeviceManagerInternal == null) { - Slog.e(LOG_TAG, "Virtual device manager service is not available.") - return 0 - } - val persistentDeviceId = - virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId) - if (persistentDeviceId != null) { - with(devicePolicy) { - getPermissionFlags(appId, persistentDeviceId, userId, permissionName) - } - } else { - Slog.e(LOG_TAG, "Invalid device ID $deviceId.") - 0 - } - } - } - - private fun MutateStateScope.setPermissionFlagsWithPolicy( - appId: Int, - userId: Int, - permissionName: String, - deviceId: Int, - flags: Int - ): Boolean { - return if (deviceId == Context.DEVICE_ID_DEFAULT) { - with(policy) { - setPermissionFlags(appId, userId, permissionName, flags) - } - } else { - val virtualDeviceManagerInternal = virtualDeviceManagerInternal - if (virtualDeviceManagerInternal == null) { - Slog.e(LOG_TAG, "Virtual device manager service is not available.") - return false - } - val persistentDeviceId = - virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId) - if (persistentDeviceId != null) { - with(devicePolicy) { - setPermissionFlags(appId, persistentDeviceId, userId, permissionName, flags) - } - } else { - Slog.e(LOG_TAG, "Invalid device ID $deviceId.") - false - } - } - } - /** * This method does not enforce checks on the caller, should only be called after * required checks. @@ -1634,7 +1539,8 @@ class PermissionService( ) { service.mutateState { with(policy) { - val permissionsFlags = getUidPermissionFlags(appId, userId) ?: return@mutateState + val permissionsFlags = + getUidPermissionFlags(appId, userId) ?: return@mutateState val permissions = getPermissions() androidPackage.requestedPermissions.forEachIndexed { _, requestedPermission -> @@ -1755,6 +1661,8 @@ class PermissionService( ) } + + override fun getAppOpPermissionPackages(permissionName: String): Array<String> { requireNotNull(permissionName) { "permissionName cannot be null" } val packageNames = ArraySet<String>() @@ -1971,7 +1879,7 @@ class PermissionService( println("Permissions:") withIndent { userState.appIdPermissionFlags[appId]?.forEachIndexed { - _, permissionName, flags -> + _, permissionName, flags -> val isGranted = PermissionFlags.isPermissionGranted(flags) println( "$permissionName: granted=$isGranted, flags=" + @@ -1980,20 +1888,6 @@ class PermissionService( } } - userState.appIdDevicePermissionFlags[appId]?.forEachIndexed { - _, deviceId, devicePermissionFlags -> - println("Permissions (Device $deviceId):") - withIndent { - devicePermissionFlags.forEachIndexed { _, permissionName, flags -> - val isGranted = PermissionFlags.isPermissionGranted(flags) - println( - "$permissionName: granted=$isGranted, flags=" + - PermissionFlags.toString(flags) - ) - } - } - } - println("App ops:") withIndent { userState.appIdAppOpModes[appId]?.forEachIndexed {_, appOpName, appOpMode -> @@ -2109,8 +2003,6 @@ class PermissionService( override fun onSystemReady() { service.onSystemReady() - virtualDeviceManagerInternal = - LocalServices.getService(VirtualDeviceManagerInternal::class.java) permissionControllerManager = PermissionControllerManager( context, PermissionThread.getHandler() ) @@ -2520,7 +2412,7 @@ class PermissionService( } private fun isAppBackupAndRestoreRunning(uid: Int): Boolean { - if (checkUidPermission(uid, Manifest.permission.BACKUP, Context.DEVICE_ID_DEFAULT) != + if (checkUidPermission(uid, Manifest.permission.BACKUP) != PackageManager.PERMISSION_GRANTED) { return false } |