From 30d34d06fac9ae18754719a4d032f496c89112e7 Mon Sep 17 00:00:00 2001
From: Atneya Nair <atneya@google.com>
Date: Wed, 19 Mar 2025 22:55:13 -0700
Subject: [appops] Preflight skip datasource validation

The forDataDelivery logic always skips checking the first attribution in
the chain from datasources, either via singleReceiverFromDataSource, or
internal in startProxyOp, since skipProxy=true is passed for non-trivial
chains.

Make the preflight check consistent with this behavior, by also skipping
a checkOp on the first entry in this case. This avoids cases where
the preflight fails when the delivery would succeed, which should never
happen. This is implicitly relied on by audioserver, as it happens to
fail checkOp due to not having a valid Uid/PackageState.

Test: manual: start and stop recording with toggle restriction
Test: atest CtsMediaAudioPermissionTestCases
Test: atest RuntimePermissionsAppOpTrackingTest
Test: atest SensorPrivacyMicrophoneTest
Bug: 399138369
Bug: 293603271
Bug: 401105309
Flag: EXEMPT bugfix
Change-Id: I509e7f8da501f5e32d336adb412662e078eab500
---
 .../server/pm/permission/PermissionManagerService.java    | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index ac19ea12c6a4..fbf81b9accad 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1541,8 +1541,19 @@ public class PermissionManagerService extends IPermissionManager.Stub {
                 }
                 final AttributionSource resolvedAttributionSource =
                         accessorSource.withPackageName(resolvedAccessorPackageName);
-                final int opMode = appOpsManager.unsafeCheckOpRawNoThrow(op,
-                        resolvedAttributionSource);
+                // Avoid checking the first attr in the chain in some cases for consistency with
+                // checks for data delivery.
+                // In particular, for chains of 2 or more, when skipProxyOperation is true, the
+                // for data delivery implementation does not actually check the first link in the
+                // chain. If the attribution is just a singleReceiverFromDatasource, this
+                // exemption does not apply, since it does not go through proxyOp flow, and the top
+                // of the chain is actually removed above.
+                // Skipping the check avoids situations where preflight checks fail since the data
+                // source itself does not have the op (e.g. audioserver).
+                final int opMode = (skipProxyOperation && !singleReceiverFromDatasource) ?
+                        AppOpsManager.MODE_ALLOWED :
+                        appOpsManager.unsafeCheckOpRawNoThrow(op, resolvedAttributionSource);
+
                 final AttributionSource next = accessorSource.getNext();
                 if (!selfAccess && opMode == AppOpsManager.MODE_ALLOWED && next != null) {
                     final String resolvedNextPackageName = resolvePackageName(context, next);
-- 
cgit v1.2.3-59-g8ed1b