diff options
| author | 2023-10-26 21:11:52 -0700 | |
|---|---|---|
| committer | 2023-10-27 19:50:08 -0700 | |
| commit | c043473fb4f728c0de4c5451989564bf697593e8 (patch) | |
| tree | 3c368bc8b1dbf8d5cbde9643f3a700341998d2ae | |
| parent | 6a4f99ad38cd15e3a302491d3c04e2fa9af57829 (diff) | |
[Role Logic Move] Lift user from grant/revoke
This change modifies the following methods:
- RoleBehavior::grant[AsUser]
- RoleBehavior::revoke[AsUser]
- Role::grant[AsUser]
- Role::revoke[AsUser]
- Permissions::grant[AsUser]
- Permissions::revoke[AsUser]
- AppOpPermissions::grant[AsUser]
- AppOpPermissions::revoke[AsUser]
- AppOp::grant[AsUser]
- AppOp::revoke[AsUser]
...by making them multi-user aware. I.e., lift any references to
Process.myUserHandle() out of them into method arguments.
Bug: 302563690
Test: atest CtsRoleTestCases
Change-Id: Ib566ee05c9f1a0796a971c7006ecd99ea77115d1
14 files changed, 124 insertions, 119 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java index 205b185a0..f64c3bcf0 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java @@ -21,7 +21,6 @@ import android.content.Intent; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.net.Uri; -import android.os.Process; import android.os.UserHandle; import android.util.ArraySet; @@ -133,24 +132,25 @@ public class BrowserRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { // @see com.android.server.pm.permission.DefaultPermissionGrantPolicy // #grantDefaultPermissionsToDefaultBrowser(java.lang.String, int) if (SdkLevel.isAtLeastS()) { if (PackageUtils.isSystemPackageAsUser(packageName, user, context)) { - Permissions.grant(packageName, SYSTEM_BROWSER_PERMISSIONS, false, false, true, - false, false, context); + Permissions.grantAsUser(packageName, SYSTEM_BROWSER_PERMISSIONS, false, false, + true, false, false, user, context); } } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastT()) { - if (PackageUtils.isSystemPackageAsUser(packageName, Process.myUserHandle(), context)) { - Permissions.revoke(packageName, SYSTEM_BROWSER_PERMISSIONS, true, false, false, - context); + if (PackageUtils.isSystemPackageAsUser(packageName, user, context)) { + Permissions.revokeAsUser(packageName, SYSTEM_BROWSER_PERMISSIONS, true, false, + false, user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java index edd0b99f3..6ae920270 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceAppStreamingRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java index d61c30a88..ac6a432dc 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceComputerRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java index 136c64cd8..429c03de3 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceGlassesRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java index a666122b2..256020800 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceWatchRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java index 2c79c3c6b..d0ee2d5bf 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import android.telephony.TelephonyManager; @@ -56,21 +55,22 @@ public class DialerRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS()) { if (PackageUtils.isSystemPackageAsUser(packageName, user, context)) { - Permissions.grant(packageName, SYSTEM_DIALER_PERMISSIONS, false, false, - true, false, false, context); + Permissions.grantAsUser(packageName, SYSTEM_DIALER_PERMISSIONS, false, false, + true, false, false, user, context); } } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, - @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS()) { - Permissions.revoke(packageName, SYSTEM_DIALER_PERMISSIONS, true, false, false, context); + Permissions.revokeAsUser(packageName, SYSTEM_DIALER_PERMISSIONS, true, false, false, + user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java index 0e28a510a..5bdd5f682 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java @@ -140,56 +140,61 @@ public class HomeRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) { - Permissions.grant(packageName, AUTOMOTIVE_PERMISSIONS, - true, false, true, false, false, context); + Permissions.grantAsUser(packageName, AUTOMOTIVE_PERMISSIONS, + true, false, true, false, false, user, context); } // Before T, ALLOW_SLIPPERY_TOUCHES may either not exist, or may not be a role permission if (isRolePermission(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES, context)) { - Permissions.grant(packageName, + Permissions.grantAsUser(packageName, Arrays.asList(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES), - true, false, true, false, false, context); + true, false, true, false, false, user, context); } if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH)) { if (SdkLevel.isAtLeastT()) { - Permissions.grant(packageName, WEAR_PERMISSIONS_T, - true, false, true, false, false, context); + Permissions.grantAsUser(packageName, WEAR_PERMISSIONS_T, + true, false, true, false, false, user, context); for (String permission : WEAR_APP_OP_PERMISSIONS) { - AppOpPermissions.grant(packageName, permission, true, context); + AppOpPermissions.grantAsUser(packageName, permission, true, user, context); } } if (SdkLevel.isAtLeastV()) { - Permissions.grant(packageName, WEAR_PERMISSIONS_V, - true, false, true, false, false, context); + Permissions.grantAsUser(packageName, WEAR_PERMISSIONS_V, + true, false, true, false, false, user, context); } } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) { - Permissions.revoke(packageName, AUTOMOTIVE_PERMISSIONS, true, false, false, context); + Permissions.revokeAsUser(packageName, AUTOMOTIVE_PERMISSIONS, true, false, false, + user, context); } // Before T, ALLOW_SLIPPERY_TOUCHES may either not exist, or may not be a role permission if (isRolePermission(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES, context)) { - Permissions.revoke(packageName, + Permissions.revokeAsUser(packageName, Arrays.asList(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES), - true, false, false, context); + true, false, false, user, context); } if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH)) { if (SdkLevel.isAtLeastT()) { - Permissions.revoke(packageName, WEAR_PERMISSIONS_T, true, false, false, context); + Permissions.revokeAsUser(packageName, WEAR_PERMISSIONS_T, true, false, false, + user, context); for (String permission : WEAR_APP_OP_PERMISSIONS) { - AppOpPermissions.revoke(packageName, permission, context); + AppOpPermissions.revokeAsUser(packageName, permission, user, context); } } if (SdkLevel.isAtLeastV()) { - Permissions.revoke(packageName, WEAR_PERMISSIONS_V, true, false, false, context); + Permissions.revokeAsUser(packageName, WEAR_PERMISSIONS_V, true, false, false, + user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java index c6b3841c2..6e5c5c920 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java @@ -19,7 +19,6 @@ package com.android.role.controller.behavior; import android.app.admin.DevicePolicyManager; import android.app.admin.ManagedSubscriptionsPolicy; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import android.os.UserManager; import android.telephony.TelephonyManager; @@ -113,20 +112,21 @@ public class SmsRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS() && PackageUtils.isSystemPackageAsUser(packageName, user, context)) { - Permissions.grant(packageName, SYSTEM_SMS_PERMISSIONS, false, false, - true, false, false, context); + Permissions.grantAsUser(packageName, SYSTEM_SMS_PERMISSIONS, false, false, true, + false, false, user, context); } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, - @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS()) { - Permissions.revoke(packageName, SYSTEM_SMS_PERMISSIONS, true, false, false, context); + Permissions.revokeAsUser(packageName, SYSTEM_SMS_PERMISSIONS, true, false, false, + user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java b/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java index 926592db3..6647a4f94 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java @@ -18,7 +18,6 @@ package com.android.role.controller.model; import android.content.Context; import android.content.pm.ApplicationInfo; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -74,15 +73,16 @@ public class AppOp { * Grant this app op to an application. * * @param packageName the package name of the application + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app mode has changed */ - public boolean grant(@NonNull String packageName, @NonNull Context context) { - if (!checkTargetSdkVersion(packageName, context)) { + public boolean grantAsUser(@NonNull String packageName, @NonNull UserHandle user, + @NonNull Context context) { + if (!checkTargetSdkVersionAsUser(packageName, user, context)) { return false; } - UserHandle user = Process.myUserHandle(); return Permissions.setAppOpUidModeAsUser(packageName, mName, mMode, user, context); } @@ -90,25 +90,27 @@ public class AppOp { * Revoke this app op from an application. * * @param packageName the package name of the application + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app mode has changed */ - public boolean revoke(@NonNull String packageName, @NonNull Context context) { - if (!checkTargetSdkVersion(packageName, context)) { + public boolean revokeAsUser(@NonNull String packageName, @NonNull UserHandle user, + @NonNull Context context) { + if (!checkTargetSdkVersionAsUser(packageName, user, context)) { return false; } int defaultMode = Permissions.getDefaultAppOpMode(mName); - UserHandle user = Process.myUserHandle(); return Permissions.setAppOpUidModeAsUser(packageName, mName, defaultMode, user, context); } - private boolean checkTargetSdkVersion(@NonNull String packageName, @NonNull Context context) { + private boolean checkTargetSdkVersionAsUser(@NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (mMaxTargetSdkVersion == null) { return true; } - ApplicationInfo applicationInfo = PackageUtils.getApplicationInfoAsUser(packageName, - Process.myUserHandle(), context); + ApplicationInfo applicationInfo = PackageUtils.getApplicationInfoAsUser(packageName, user, + context); if (applicationInfo == null) { return false; } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java b/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java index 2e8cbed7e..edd74e31e 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java @@ -21,7 +21,6 @@ import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.os.Build; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -44,13 +43,13 @@ public class AppOpPermissions { * @param appOpPermission the name of the app op permission * @param overrideNonDefaultMode whether to override the app opp mode if it isn't in the default * mode + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app op mode has changed */ - public static boolean grant(@NonNull String packageName, @NonNull String appOpPermission, - boolean overrideNonDefaultMode, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean grantAsUser(@NonNull String packageName, @NonNull String appOpPermission, + boolean overrideNonDefaultMode, @NonNull UserHandle user, @NonNull Context context) { PackageInfo packageInfo = PackageUtils.getPackageInfoAsUser(packageName, PackageManager.GET_PERMISSIONS, user, context); if (packageInfo == null) { @@ -80,13 +79,13 @@ public class AppOpPermissions { * * @param packageName the package name of the application * @param appOpPermission the name of the app op permission + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app op mode has changed */ - public static boolean revoke(@NonNull String packageName, @NonNull String appOpPermission, - @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean revokeAsUser(@NonNull String packageName, @NonNull String appOpPermission, + @NonNull UserHandle user, @NonNull Context context) { if (!Permissions.isPermissionGrantedByRoleAsUser(packageName, appOpPermission, user, context)) { return false; diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java index 8167953c8..8a15612b9 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java @@ -24,7 +24,6 @@ import android.content.pm.PackageManager; import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.os.Build; -import android.os.Process; import android.os.UserHandle; import android.permission.PermissionManager; import android.util.ArrayMap; @@ -90,6 +89,7 @@ public class Permissions { * @param setGrantedByRole whether the permissions will be granted as granted-by-role * @param setGrantedByDefault whether the permissions will be granted as granted-by-default * @param setSystemFixed whether the permissions will be granted as system-fixed + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any permission or app op changed @@ -97,11 +97,10 @@ public class Permissions { * @see com.android.server.pm.permission.DefaultPermissionGrantPolicy#grantRuntimePermissions( * PackageInfo, java.util.Set, boolean, boolean, int) */ - public static boolean grant(@NonNull String packageName, @NonNull List<String> permissions, - boolean overrideDisabledSystemPackage, boolean overrideUserSetAndFixed, - boolean setGrantedByRole, boolean setGrantedByDefault, boolean setSystemFixed, - @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean grantAsUser(@NonNull String packageName, + @NonNull List<String> permissions, boolean overrideDisabledSystemPackage, + boolean overrideUserSetAndFixed, boolean setGrantedByRole, boolean setGrantedByDefault, + boolean setSystemFixed, @NonNull UserHandle user, @NonNull Context context) { if (setGrantedByRole == setGrantedByDefault) { throw new IllegalArgumentException("Permission must be either granted by role, or" + " granted by default, but not both"); @@ -144,8 +143,8 @@ public class Permissions { // apps, (default grants on first boot and user creation) we don't grant default // permissions if the version on the system image does not declare them. if (!overrideDisabledSystemPackage && isUpdatedSystemApp(packageInfo)) { - PackageInfo disabledSystemPackageInfo = getFactoryPackageInfoAsUser(packageName, - user, context); + PackageInfo disabledSystemPackageInfo = getFactoryPackageInfoAsUser(packageName, user, + context); if (disabledSystemPackageInfo != null) { if (ArrayUtils.isEmpty(disabledSystemPackageInfo.requestedPermissions)) { return false; @@ -394,16 +393,17 @@ public class Permissions { * @param onlyIfGrantedByDefault revoke the permission only if it is granted by default * @param overrideSystemFixed whether system-fixed permissions can be revoked * @param context the {@code Context} to retrieve system services + * @param user the user of the application * * @return whether any permission or app op changed * * @see com.android.server.pm.permission.DefaultPermissionGrantPolicy#revokeRuntimePermissions( * String, java.util.Set, boolean, int) */ - public static boolean revoke(@NonNull String packageName, @NonNull List<String> permissions, - boolean onlyIfGrantedByRole, boolean onlyIfGrantedByDefault, - boolean overrideSystemFixed, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean revokeAsUser(@NonNull String packageName, + @NonNull List<String> permissions, boolean onlyIfGrantedByRole, + boolean onlyIfGrantedByDefault, boolean overrideSystemFixed, @NonNull UserHandle user, + @NonNull Context context) { PackageInfo packageInfo = getPackageInfoAsUser(packageName, user, context); if (packageInfo == null) { return false; diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index 1d5e2d65a..536bcc912 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -26,7 +26,6 @@ import android.content.pm.SharedLibraryInfo; import android.content.pm.Signature; import android.content.res.Resources; import android.os.Build; -import android.os.Process; import android.os.UserHandle; import android.text.TextUtils; import android.util.ArrayMap; @@ -776,42 +775,42 @@ public class Role { * @param packageName the package name of the application to be granted this role to * @param dontKillApp whether this application should not be killed despite changes * @param overrideUser whether to override user when granting privileges + * @param user the user of the application * @param context the {@code Context} to retrieve system services */ - public void grant(@NonNull String packageName, boolean dontKillApp, - boolean overrideUser, @NonNull Context context) { - boolean permissionOrAppOpChanged = Permissions.grant(packageName, + public void grantAsUser(@NonNull String packageName, boolean dontKillApp, + boolean overrideUser, @NonNull UserHandle user, @NonNull Context context) { + boolean permissionOrAppOpChanged = Permissions.grantAsUser(packageName, Permissions.filterBySdkVersion(mPermissions), SdkLevel.isAtLeastS() ? !mSystemOnly : true, overrideUser, true, false, false, - context); + user, context); List<String> appOpPermissionsToGrant = Permissions.filterBySdkVersion(mAppOpPermissions); int appOpPermissionsSize = appOpPermissionsToGrant.size(); for (int i = 0; i < appOpPermissionsSize; i++) { String appOpPermission = appOpPermissionsToGrant.get(i); - AppOpPermissions.grant(packageName, appOpPermission, overrideUser, context); + AppOpPermissions.grantAsUser(packageName, appOpPermission, overrideUser, user, context); } int appOpsSize = mAppOps.size(); for (int i = 0; i < appOpsSize; i++) { AppOp appOp = mAppOps.get(i); - appOp.grant(packageName, context); + appOp.grantAsUser(packageName, user, context); } int preferredActivitiesSize = mPreferredActivities.size(); for (int i = 0; i < preferredActivitiesSize; i++) { PreferredActivity preferredActivity = mPreferredActivities.get(i); - preferredActivity.configureAsUser(packageName, Process.myUserHandle(), context); + preferredActivity.configureAsUser(packageName, user, context); } if (mBehavior != null) { - mBehavior.grant(this, packageName, context); + mBehavior.grantAsUser(this, packageName, user, context); } if (!dontKillApp && permissionOrAppOpChanged - && !Permissions.isRuntimePermissionsSupportedAsUser(packageName, - Process.myUserHandle(), context)) { - killAppAsUser(packageName, Process.myUserHandle(), context); + && !Permissions.isRuntimePermissionsSupportedAsUser(packageName, user, context)) { + killAppAsUser(packageName, user, context); } } @@ -821,11 +820,13 @@ public class Role { * @param packageName the package name of the application to be granted this role to * @param dontKillApp whether this application should not be killed despite changes * @param overrideSystemFixedPermissions whether system-fixed permissions can be revoked + * @param user the user of the role * @param context the {@code Context} to retrieve system services */ - public void revoke(@NonNull String packageName, boolean dontKillApp, - boolean overrideSystemFixedPermissions, @NonNull Context context) { - Context userContext = UserUtils.getUserContext(context, Process.myUserHandle()); + public void revokeAsUser(@NonNull String packageName, boolean dontKillApp, + boolean overrideSystemFixedPermissions, @NonNull UserHandle user, + @NonNull Context context) { + Context userContext = UserUtils.getUserContext(context, user); RoleManager userRoleManager = userContext.getSystemService(RoleManager.class); List<String> otherRoleNames = userRoleManager.getHeldRolesFromController(packageName); otherRoleNames.remove(mName); @@ -839,8 +840,8 @@ public class Role { permissionsToRevoke.removeAll(Permissions.filterBySdkVersion(role.mPermissions)); } - boolean permissionOrAppOpChanged = Permissions.revoke(packageName, permissionsToRevoke, - true, false, overrideSystemFixedPermissions, context); + boolean permissionOrAppOpChanged = Permissions.revokeAsUser(packageName, + permissionsToRevoke, true, false, overrideSystemFixedPermissions, user, context); List<String> appOpPermissionsToRevoke = Permissions.filterBySdkVersion(mAppOpPermissions); for (int i = 0; i < otherRoleNamesSize; i++) { @@ -852,7 +853,7 @@ public class Role { int appOpPermissionsSize = appOpPermissionsToRevoke.size(); for (int i = 0; i < appOpPermissionsSize; i++) { String appOpPermission = appOpPermissionsToRevoke.get(i); - AppOpPermissions.revoke(packageName, appOpPermission, context); + AppOpPermissions.revokeAsUser(packageName, appOpPermission, user, context); } List<AppOp> appOpsToRevoke = new ArrayList<>(mAppOps); @@ -864,7 +865,7 @@ public class Role { int appOpsSize = appOpsToRevoke.size(); for (int i = 0; i < appOpsSize; i++) { AppOp appOp = appOpsToRevoke.get(i); - appOp.revoke(packageName, context); + appOp.revokeAsUser(packageName, user, context); } // TODO: Revoke preferred activities? But this is unnecessary for most roles using it as @@ -873,11 +874,11 @@ public class Role { // wrong thing when we are removing a exclusive role holder for adding another. if (mBehavior != null) { - mBehavior.revoke(this, packageName, context); + mBehavior.revokeAsUser(this, packageName, user, context); } if (!dontKillApp && permissionOrAppOpChanged) { - killAppAsUser(packageName, Process.myUserHandle(), context); + killAppAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java index 6f86f6858..34d2282a7 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java @@ -90,15 +90,16 @@ public interface RoleBehavior { } /** - * @see Role#grant(String, boolean, boolean, boolean, Context) + * @see Role#grantAsUser(String, boolean, boolean, UserHandle, Context) */ - default void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {} + default void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) {} /** - * @see Role#revoke(String, boolean, boolean, Context) + * @see Role#revokeAsUser(String, boolean, boolean, UserHandle, Context) */ - default void revoke(@NonNull Role role, @NonNull String packageName, - @NonNull Context context) {} + default void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) {} /** * @see Role#onHolderSelectedAsUser(String, UserHandle, Context) diff --git a/PermissionController/src/com/android/permissioncontroller/role/service/RoleControllerServiceImpl.java b/PermissionController/src/com/android/permissioncontroller/role/service/RoleControllerServiceImpl.java index 8b9e93112..2aef8cc08 100644 --- a/PermissionController/src/com/android/permissioncontroller/role/service/RoleControllerServiceImpl.java +++ b/PermissionController/src/com/android/permissioncontroller/role/service/RoleControllerServiceImpl.java @@ -324,7 +324,8 @@ public class RoleControllerServiceImpl extends RoleControllerService { @WorkerThread private boolean addRoleHolderInternal(@NonNull Role role, @NonNull String packageName, boolean dontKillApp, boolean overrideUser, boolean added) { - role.grant(packageName, dontKillApp, overrideUser, this); + UserHandle user = Process.myUserHandle(); + role.grantAsUser(packageName, dontKillApp, overrideUser, user, this); String roleName = role.getName(); if (!added) { @@ -346,7 +347,7 @@ public class RoleControllerServiceImpl extends RoleControllerService { } if (applicationInfo != null) { - role.revoke(packageName, dontKillApp, false, this); + role.revokeAsUser(packageName, dontKillApp, false, Process.myUserHandle(), this); } String roleName = role.getName(); |