Merge "Handle privileged permission allowlist and isModule"
diff --git a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
index f549797..e416718 100644
--- a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
@@ -211,6 +211,12 @@
}
}
+ internal fun onSystemReady() {
+ mutateState {
+ with(policy) { onSystemReady() }
+ }
+ }
+
private val PackageManagerLocal.allPackageStates:
Pair<Map<String, PackageState>, Map<String, PackageState>>
get() = withUnfilteredSnapshot().use { it.packageStates to it.disabledSystemPackageStates }
diff --git a/services/permission/java/com/android/server/permission/access/AccessPolicy.kt b/services/permission/java/com/android/server/permission/access/AccessPolicy.kt
index e0f94c7..07a5e72 100644
--- a/services/permission/java/com/android/server/permission/access/AccessPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessPolicy.kt
@@ -255,6 +255,13 @@
}
}
+ fun MutateStateScope.onSystemReady() {
+ newState.systemState.isSystemReady = true
+ forEachSchemePolicy {
+ with(it) { onSystemReady() }
+ }
+ }
+
fun BinaryXmlPullParser.parseSystemState(state: AccessState) {
forEachTag {
when (tagName) {
@@ -362,6 +369,8 @@
open fun MutateStateScope.onPackageUninstalled(packageName: String, appId: Int, userId: Int) {}
+ open fun MutateStateScope.onSystemReady() {}
+
open fun BinaryXmlPullParser.parseSystemState(state: AccessState) {}
open fun BinaryXmlSerializer.serializeSystemState(state: AccessState) {}
diff --git a/services/permission/java/com/android/server/permission/access/AccessState.kt b/services/permission/java/com/android/server/permission/access/AccessState.kt
index 9616193..5532311 100644
--- a/services/permission/java/com/android/server/permission/access/AccessState.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessState.kt
@@ -50,6 +50,8 @@
var privilegedPermissionAllowlistPackages: IndexedListSet<String>,
var permissionAllowlist: PermissionAllowlist,
var implicitToSourcePermissions: IndexedMap<String, IndexedListSet<String>>,
+ var isSystemReady: Boolean,
+ // TODO: Get and watch the state for deviceAndProfileOwners
// Mapping from user ID to package name.
var deviceAndProfileOwners: IntMap<String>,
val permissionGroups: IndexedMap<String, PermissionGroupInfo>,
@@ -67,6 +69,7 @@
IndexedListSet(),
PermissionAllowlist(),
IndexedMap(),
+ false,
IntMap(),
IndexedMap(),
IndexedMap(),
@@ -85,6 +88,7 @@
privilegedPermissionAllowlistPackages,
permissionAllowlist,
implicitToSourcePermissions,
+ isSystemReady,
deviceAndProfileOwners,
permissionGroups.copy { it },
permissionTrees.copy { it },
diff --git a/services/permission/java/com/android/server/permission/access/permission/Permission.kt b/services/permission/java/com/android/server/permission/access/permission/Permission.kt
index 7bfca12..714480c 100644
--- a/services/permission/java/com/android/server/permission/access/permission/Permission.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/Permission.kt
@@ -91,6 +91,9 @@
inline val isKnownSigner: Boolean
get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_KNOWN_SIGNER)
+ inline val isModule: Boolean
+ get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_MODULE)
+
inline val isOem: Boolean
get() = protectionFlags.hasBits(PermissionInfo.PROTECTION_FLAG_OEM)
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 903fad3..c7e9371 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -1747,7 +1747,7 @@
override fun writeLegacyPermissionStateTEMP() {}
override fun onSystemReady() {
- // TODO STOPSHIP privappPermissionsViolationsfix check
+ service.onSystemReady()
permissionControllerManager = PermissionControllerManager(
context, PermissionThread.getHandler()
)
diff --git a/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt
index d0833bd..694efbb 100644
--- a/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt
@@ -54,6 +54,8 @@
IndexedListSet<OnPermissionFlagsChangedListener>()
private val onPermissionFlagsChangedListenersLock = Any()
+ private val privilegedPermissionAllowlistViolations = IndexedSet<String>()
+
override val subjectScheme: String
get() = UidUri.SCHEME
@@ -734,7 +736,7 @@
} else {
newFlags = newFlags andInv PermissionFlags.LEGACY_GRANTED
val wasGrantedByImplicit = newFlags.hasBits(PermissionFlags.IMPLICIT_GRANTED)
- val isLeanBackNotificationsPermission = newState.systemState.isLeanback &&
+ val isLeanbackNotificationsPermission = newState.systemState.isLeanback &&
permissionName in NOTIFICATIONS_PERMISSIONS
val isImplicitPermission = anyPackageInAppId(appId) {
permissionName in it.androidPackage!!.implicitPermissions
@@ -748,7 +750,7 @@
}
!sourcePermission.isRuntime
} ?: false
- val shouldGrantByImplicit = isLeanBackNotificationsPermission ||
+ val shouldGrantByImplicit = isLeanbackNotificationsPermission ||
(isImplicitPermission && isAnySourcePermissionNonRuntime)
if (shouldGrantByImplicit) {
newFlags = newFlags or PermissionFlags.IMPLICIT_GRANTED
@@ -917,7 +919,21 @@
if (packageState.isUpdatedSystemApp) {
return true
}
- // TODO: Enforce the allowlist on boot
+ // Only enforce the privileged permission allowlist on boot
+ if (!newState.systemState.isSystemReady) {
+ // Apps that are in updated apex's do not need to be allowlisted
+ if (!packageState.isApkInUpdatedApex) {
+ Log.w(
+ LOG_TAG, "Privileged permission ${permission.name} for package" +
+ " ${packageState.packageName} (${packageState.path}) not in" +
+ " privileged permission allowlist"
+ )
+ if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
+ privilegedPermissionAllowlistViolations += "${packageState.packageName}" +
+ " (${packageState.path}): ${permission.name}"
+ }
+ }
+ }
return !RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE
}
@@ -1106,6 +1122,12 @@
// Special permission for the recents app.
return true
}
+ // TODO(b/261913353): STOPSHIP: Add AndroidPackage.apexModuleName.
+ // This should be androidPackage.apexModuleName instead
+ if (permission.isModule && androidPackage.packageName != null) {
+ // Special permission granted for APKs inside APEX modules.
+ return true
+ }
return false
}
@@ -1155,6 +1177,13 @@
return uid == ownerUid
}
+ override fun MutateStateScope.onSystemReady() {
+ if (!privilegedPermissionAllowlistViolations.isEmpty()) {
+ throw IllegalStateException("Signature|privileged permissions not in privileged" +
+ " permission allowlist: $privilegedPermissionAllowlistViolations")
+ }
+ }
+
override fun BinaryXmlPullParser.parseSystemState(state: AccessState) {
with(persistence) { this@parseSystemState.parseSystemState(state) }
}