Call PermissionEnforcer helper on methods annotated with
@EnforcePermission
Migrates all existing java methods annotated with @EnforcePermission
such that they call the super.<methodName>_enforcePermission
method provided by PermissionEnforcer.
29 call sites in framework-minus-apex
371 call sites in services.core.unboosted
Bug: 234083358
Test: TH
Change-Id: Iecab9b73644c911aa6d2a9a83fbab7dbb79f529b
diff --git a/core/java/android/accounts/AbstractAccountAuthenticator.java b/core/java/android/accounts/AbstractAccountAuthenticator.java
index c2c065b..89601bc 100644
--- a/core/java/android/accounts/AbstractAccountAuthenticator.java
+++ b/core/java/android/accounts/AbstractAccountAuthenticator.java
@@ -154,6 +154,8 @@
public void addAccount(IAccountAuthenticatorResponse response, String accountType,
String authTokenType, String[] features, Bundle options)
throws RemoteException {
+ super.addAccount_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "addAccount: accountType " + accountType
+ ", authTokenType " + authTokenType
@@ -184,6 +186,8 @@
@Override
public void confirmCredentials(IAccountAuthenticatorResponse response,
Account account, Bundle options) throws RemoteException {
+ super.confirmCredentials_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "confirmCredentials: " + account);
}
@@ -210,6 +214,8 @@
public void getAuthTokenLabel(IAccountAuthenticatorResponse response,
String authTokenType)
throws RemoteException {
+ super.getAuthTokenLabel_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthTokenLabel: authTokenType " + authTokenType);
}
@@ -235,6 +241,8 @@
public void getAuthToken(IAccountAuthenticatorResponse response,
Account account, String authTokenType, Bundle loginOptions)
throws RemoteException {
+ super.getAuthToken_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthToken: " + account
+ ", authTokenType " + authTokenType);
@@ -262,6 +270,8 @@
@Override
public void updateCredentials(IAccountAuthenticatorResponse response, Account account,
String authTokenType, Bundle loginOptions) throws RemoteException {
+ super.updateCredentials_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "updateCredentials: " + account
+ ", authTokenType " + authTokenType);
@@ -291,6 +301,8 @@
@Override
public void editProperties(IAccountAuthenticatorResponse response,
String accountType) throws RemoteException {
+ super.editProperties_enforcePermission();
+
try {
final Bundle result = AbstractAccountAuthenticator.this.editProperties(
new AccountAuthenticatorResponse(response), accountType);
@@ -306,6 +318,8 @@
@Override
public void hasFeatures(IAccountAuthenticatorResponse response,
Account account, String[] features) throws RemoteException {
+ super.hasFeatures_enforcePermission();
+
try {
final Bundle result = AbstractAccountAuthenticator.this.hasFeatures(
new AccountAuthenticatorResponse(response), account, features);
@@ -321,6 +335,8 @@
@Override
public void getAccountRemovalAllowed(IAccountAuthenticatorResponse response,
Account account) throws RemoteException {
+ super.getAccountRemovalAllowed_enforcePermission();
+
try {
final Bundle result = AbstractAccountAuthenticator.this.getAccountRemovalAllowed(
new AccountAuthenticatorResponse(response), account);
@@ -336,6 +352,8 @@
@Override
public void getAccountCredentialsForCloning(IAccountAuthenticatorResponse response,
Account account) throws RemoteException {
+ super.getAccountCredentialsForCloning_enforcePermission();
+
try {
final Bundle result =
AbstractAccountAuthenticator.this.getAccountCredentialsForCloning(
@@ -353,6 +371,8 @@
public void addAccountFromCredentials(IAccountAuthenticatorResponse response,
Account account,
Bundle accountCredentials) throws RemoteException {
+ super.addAccountFromCredentials_enforcePermission();
+
try {
final Bundle result =
AbstractAccountAuthenticator.this.addAccountFromCredentials(
@@ -371,6 +391,8 @@
public void startAddAccountSession(IAccountAuthenticatorResponse response,
String accountType, String authTokenType, String[] features, Bundle options)
throws RemoteException {
+ super.startAddAccountSession_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG,
"startAddAccountSession: accountType " + accountType
@@ -403,6 +425,8 @@
Account account,
String authTokenType,
Bundle loginOptions) throws RemoteException {
+ super.startUpdateCredentialsSession_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "startUpdateCredentialsSession: "
+ account
@@ -441,6 +465,8 @@
IAccountAuthenticatorResponse response,
String accountType,
Bundle sessionBundle) throws RemoteException {
+ super.finishSession_enforcePermission();
+
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "finishSession: accountType " + accountType);
}
@@ -468,6 +494,8 @@
IAccountAuthenticatorResponse response,
Account account,
String statusToken) throws RemoteException {
+ super.isCredentialsUpdateSuggested_enforcePermission();
+
try {
final Bundle result = AbstractAccountAuthenticator.this
.isCredentialsUpdateSuggested(
diff --git a/core/java/android/hardware/location/ActivityRecognitionHardware.java b/core/java/android/hardware/location/ActivityRecognitionHardware.java
index 20d6338..2754096 100644
--- a/core/java/android/hardware/location/ActivityRecognitionHardware.java
+++ b/core/java/android/hardware/location/ActivityRecognitionHardware.java
@@ -91,12 +91,16 @@
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public String[] getSupportedActivities() {
+ super.getSupportedActivities_enforcePermission();
+
return mSupportedActivities;
}
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public boolean isActivitySupported(String activity) {
+ super.isActivitySupported_enforcePermission();
+
int activityType = getActivityType(activity);
return activityType != INVALID_ACTIVITY_TYPE;
}
@@ -104,12 +108,16 @@
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public boolean registerSink(IActivityRecognitionHardwareSink sink) {
+ super.registerSink_enforcePermission();
+
return mSinks.register(sink);
}
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public boolean unregisterSink(IActivityRecognitionHardwareSink sink) {
+ super.unregisterSink_enforcePermission();
+
return mSinks.unregister(sink);
}
@@ -117,6 +125,8 @@
@Override
public boolean enableActivityEvent(String activity, int eventType, long reportLatencyNs) {
+ super.enableActivityEvent_enforcePermission();
+
int activityType = getActivityType(activity);
if (activityType == INVALID_ACTIVITY_TYPE) {
return false;
@@ -134,6 +144,8 @@
@Override
public boolean disableActivityEvent(String activity, int eventType) {
+ super.disableActivityEvent_enforcePermission();
+
int activityType = getActivityType(activity);
if (activityType == INVALID_ACTIVITY_TYPE) {
return false;
@@ -150,6 +162,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public boolean flush() {
+ super.flush_enforcePermission();
+
int result = nativeFlush();
return result == NATIVE_SUCCESS_RESULT;
}
diff --git a/core/java/android/hardware/location/GeofenceHardwareService.java b/core/java/android/hardware/location/GeofenceHardwareService.java
index 106bfd5..99c1e16 100644
--- a/core/java/android/hardware/location/GeofenceHardwareService.java
+++ b/core/java/android/hardware/location/GeofenceHardwareService.java
@@ -79,6 +79,8 @@
@Override
public int[] getMonitoringTypes() {
+ super.getMonitoringTypes_enforcePermission();
+
return mGeofenceHardwareImpl.getMonitoringTypes();
}
@@ -86,6 +88,8 @@
@Override
public int getStatusOfMonitoringType(int monitoringType) {
+ super.getStatusOfMonitoringType_enforcePermission();
+
return mGeofenceHardwareImpl.getStatusOfMonitoringType(monitoringType);
}
@@ -95,6 +99,8 @@
int monitoringType,
GeofenceHardwareRequestParcelable request,
IGeofenceHardwareCallback callback) {
+ super.addCircularFence_enforcePermission();
+
checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
return mGeofenceHardwareImpl.addCircularFence(monitoringType, request, callback);
}
@@ -103,6 +109,8 @@
@Override
public boolean removeGeofence(int id, int monitoringType) {
+ super.removeGeofence_enforcePermission();
+
checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
return mGeofenceHardwareImpl.removeGeofence(id, monitoringType);
}
@@ -111,6 +119,8 @@
@Override
public boolean pauseGeofence(int id, int monitoringType) {
+ super.pauseGeofence_enforcePermission();
+
checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
return mGeofenceHardwareImpl.pauseGeofence(id, monitoringType);
}
@@ -119,6 +129,8 @@
@Override
public boolean resumeGeofence(int id, int monitoringType, int monitorTransitions) {
+ super.resumeGeofence_enforcePermission();
+
checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
return mGeofenceHardwareImpl.resumeGeofence(id, monitoringType, monitorTransitions);
}
@@ -128,6 +140,8 @@
public boolean registerForMonitorStateChangeCallback(int monitoringType,
IGeofenceHardwareMonitorCallback callback) {
+ super.registerForMonitorStateChangeCallback_enforcePermission();
+
checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
return mGeofenceHardwareImpl.registerForMonitorStateChangeCallback(monitoringType,
callback);
@@ -138,6 +152,8 @@
public boolean unregisterForMonitorStateChangeCallback(int monitoringType,
IGeofenceHardwareMonitorCallback callback) {
+ super.unregisterForMonitorStateChangeCallback_enforcePermission();
+
checkPermission(Binder.getCallingPid(), Binder.getCallingUid(), monitoringType);
return mGeofenceHardwareImpl.unregisterForMonitorStateChangeCallback(monitoringType,
callback);
diff --git a/services/core/java/com/android/server/ConsumerIrService.java b/services/core/java/com/android/server/ConsumerIrService.java
index a9bdf06..ee6d808 100644
--- a/services/core/java/com/android/server/ConsumerIrService.java
+++ b/services/core/java/com/android/server/ConsumerIrService.java
@@ -92,6 +92,8 @@
@Override
@EnforcePermission(TRANSMIT_IR)
public void transmit(String packageName, int carrierFrequency, int[] pattern) {
+ super.transmit_enforcePermission();
+
long totalXmitTime = 0;
for (int slice : pattern) {
@@ -128,6 +130,8 @@
@Override
@EnforcePermission(TRANSMIT_IR)
public int[] getCarrierFrequencies() {
+ super.getCarrierFrequencies_enforcePermission();
+
throwIfNoIrEmitter();
synchronized(mHalLock) {
diff --git a/services/core/java/com/android/server/DynamicSystemService.java b/services/core/java/com/android/server/DynamicSystemService.java
index ce0e69c..27215b2 100644
--- a/services/core/java/com/android/server/DynamicSystemService.java
+++ b/services/core/java/com/android/server/DynamicSystemService.java
@@ -77,6 +77,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean startInstallation(String dsuSlot) throws RemoteException {
+ super.startInstallation_enforcePermission();
+
IGsiService service = getGsiService();
mGsiService = service;
// priority from high to low: sysprop -> sdcard -> /data
@@ -124,6 +126,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public int createPartition(String name, long size, boolean readOnly) throws RemoteException {
+ super.createPartition_enforcePermission();
+
IGsiService service = getGsiService();
int status = service.createPartition(name, size, readOnly);
if (status != IGsiService.INSTALL_OK) {
@@ -135,6 +139,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean closePartition() throws RemoteException {
+ super.closePartition_enforcePermission();
+
IGsiService service = getGsiService();
if (service.closePartition() != 0) {
Slog.i(TAG, "Partition installation completes with error");
@@ -146,6 +152,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean finishInstallation() throws RemoteException {
+ super.finishInstallation_enforcePermission();
+
IGsiService service = getGsiService();
if (service.closeInstall() != 0) {
Slog.i(TAG, "Failed to finish installation");
@@ -157,12 +165,16 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public GsiProgress getInstallationProgress() throws RemoteException {
+ super.getInstallationProgress_enforcePermission();
+
return getGsiService().getInstallProgress();
}
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean abort() throws RemoteException {
+ super.abort_enforcePermission();
+
return getGsiService().cancelGsiInstall();
}
@@ -183,12 +195,16 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean isEnabled() throws RemoteException {
+ super.isEnabled_enforcePermission();
+
return getGsiService().isGsiEnabled();
}
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean remove() throws RemoteException {
+ super.remove_enforcePermission();
+
try {
GsiServiceCallback callback = new GsiServiceCallback();
synchronized (callback) {
@@ -205,6 +221,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean setEnable(boolean enable, boolean oneShot) throws RemoteException {
+ super.setEnable_enforcePermission();
+
IGsiService gsiService = getGsiService();
if (enable) {
try {
@@ -229,6 +247,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean setAshmem(ParcelFileDescriptor ashmem, long size) {
+ super.setAshmem_enforcePermission();
+
try {
return getGsiService().setGsiAshmem(ashmem, size);
} catch (RemoteException e) {
@@ -239,6 +259,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean submitFromAshmem(long size) {
+ super.submitFromAshmem_enforcePermission();
+
try {
return getGsiService().commitGsiChunkFromAshmem(size);
} catch (RemoteException e) {
@@ -249,6 +271,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public boolean getAvbPublicKey(AvbPublicKey dst) {
+ super.getAvbPublicKey_enforcePermission();
+
try {
return getGsiService().getAvbPublicKey(dst) == 0;
} catch (RemoteException e) {
@@ -259,6 +283,8 @@
@Override
@EnforcePermission(android.Manifest.permission.MANAGE_DYNAMIC_SYSTEM)
public long suggestScratchSize() throws RemoteException {
+ super.suggestScratchSize_enforcePermission();
+
return getGsiService().suggestScratchSize();
}
}
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index d29e25c..5d54b6c 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -867,6 +867,8 @@
public void shutdown() {
// TODO: remove from aidl if nobody calls externally
+ super.shutdown_enforcePermission();
+
Slog.i(TAG, "Shutting down");
}
@@ -1207,6 +1209,8 @@
@Override
public boolean setDataSaverModeEnabled(boolean enable) {
+ super.setDataSaverModeEnabled_enforcePermission();
+
if (DBG) Log.d(TAG, "setDataSaverMode: " + enable);
synchronized (mQuotaLock) {
if (mDataSaverMode == enable) {
@@ -1744,6 +1748,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.OBSERVE_NETWORK_POLICY)
@Override
public boolean isNetworkRestricted(int uid) {
+ super.isNetworkRestricted_enforcePermission();
+
return isNetworkRestrictedInternal(uid);
}
diff --git a/services/core/java/com/android/server/SerialService.java b/services/core/java/com/android/server/SerialService.java
index e915fa1..ff903a0 100644
--- a/services/core/java/com/android/server/SerialService.java
+++ b/services/core/java/com/android/server/SerialService.java
@@ -37,6 +37,8 @@
@EnforcePermission(android.Manifest.permission.SERIAL_PORT)
public String[] getSerialPorts() {
+ super.getSerialPorts_enforcePermission();
+
ArrayList<String> ports = new ArrayList<String>();
for (int i = 0; i < mSerialPorts.length; i++) {
String path = mSerialPorts[i];
@@ -51,6 +53,8 @@
@EnforcePermission(android.Manifest.permission.SERIAL_PORT)
public ParcelFileDescriptor openSerialPort(String path) {
+ super.openSerialPort_enforcePermission();
+
for (int i = 0; i < mSerialPorts.length; i++) {
if (mSerialPorts[i].equals(path)) {
return native_open(path);
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 72876f6..fcfee5b 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -1251,6 +1251,8 @@
// Binder entry point for kicking off an immediate fstrim
@Override
public void runMaintenance() {
+ super.runMaintenance_enforcePermission();
+
runIdleMaintenance(null);
}
@@ -2167,6 +2169,8 @@
@Override
public void shutdown(final IStorageShutdownObserver observer) {
+ super.shutdown_enforcePermission();
+
Slog.i(TAG, "Shutting down");
mHandler.obtainMessage(H_SHUTDOWN, observer).sendToTarget();
}
@@ -2175,6 +2179,8 @@
@Override
public void mount(String volId) {
+ super.mount_enforcePermission();
+
final VolumeInfo vol = findVolumeByIdOrThrow(volId);
if (isMountDisallowed(vol)) {
throw new SecurityException("Mounting " + volId + " restricted by policy");
@@ -2243,6 +2249,8 @@
@Override
public void unmount(String volId) {
+ super.unmount_enforcePermission();
+
final VolumeInfo vol = findVolumeByIdOrThrow(volId);
unmount(vol);
}
@@ -2267,6 +2275,8 @@
@Override
public void format(String volId) {
+ super.format_enforcePermission();
+
final VolumeInfo vol = findVolumeByIdOrThrow(volId);
final String fsUuid = vol.fsUuid;
try {
@@ -2286,6 +2296,8 @@
@Override
public void benchmark(String volId, IVoldTaskListener listener) {
+ super.benchmark_enforcePermission();
+
try {
mVold.benchmark(volId, new IVoldTaskListener.Stub() {
@Override
@@ -2325,6 +2337,8 @@
@Override
public void partitionPublic(String diskId) {
+ super.partitionPublic_enforcePermission();
+
final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
try {
mVold.partition(diskId, IVold.PARTITION_TYPE_PUBLIC, -1);
@@ -2337,6 +2351,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS)
@Override
public void partitionPrivate(String diskId) {
+ super.partitionPrivate_enforcePermission();
+
enforceAdminUser();
final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
@@ -2351,6 +2367,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS)
@Override
public void partitionMixed(String diskId, int ratio) {
+ super.partitionMixed_enforcePermission();
+
enforceAdminUser();
final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
@@ -2366,6 +2384,8 @@
@Override
public void setVolumeNickname(String fsUuid, String nickname) {
+ super.setVolumeNickname_enforcePermission();
+
Objects.requireNonNull(fsUuid);
synchronized (mLock) {
final VolumeRecord rec = mRecords.get(fsUuid);
@@ -2379,6 +2399,8 @@
@Override
public void setVolumeUserFlags(String fsUuid, int flags, int mask) {
+ super.setVolumeUserFlags_enforcePermission();
+
Objects.requireNonNull(fsUuid);
synchronized (mLock) {
final VolumeRecord rec = mRecords.get(fsUuid);
@@ -2392,6 +2414,8 @@
@Override
public void forgetVolume(String fsUuid) {
+ super.forgetVolume_enforcePermission();
+
Objects.requireNonNull(fsUuid);
synchronized (mLock) {
@@ -2416,6 +2440,8 @@
@Override
public void forgetAllVolumes() {
+ super.forgetAllVolumes_enforcePermission();
+
synchronized (mLock) {
for (int i = 0; i < mRecords.size(); i++) {
final String fsUuid = mRecords.keyAt(i);
@@ -2448,6 +2474,8 @@
@Override
public void fstrim(int flags, IVoldTaskListener listener) {
+ super.fstrim_enforcePermission();
+
try {
// Block based checkpoint process runs fstrim. So, if checkpoint is in progress
// (first boot after OTA), We skip idle maintenance and make sure the last
@@ -2742,6 +2770,8 @@
@Override
public void setDebugFlags(int flags, int mask) {
+ super.setDebugFlags_enforcePermission();
+
if ((mask & (StorageManager.DEBUG_ADOPTABLE_FORCE_ON
| StorageManager.DEBUG_ADOPTABLE_FORCE_OFF)) != 0) {
final String value;
@@ -2812,6 +2842,8 @@
@Override
public void setPrimaryStorageUuid(String volumeUuid, IPackageMoveObserver callback) {
+ super.setPrimaryStorageUuid_enforcePermission();
+
final VolumeInfo from;
final VolumeInfo to;
@@ -3020,6 +3052,8 @@
*/
@Override
public boolean needsCheckpoint() throws RemoteException {
+ super.needsCheckpoint_enforcePermission();
+
return mVold.needsCheckpoint();
}
@@ -3040,6 +3074,8 @@
@Override
public void createUserKey(int userId, int serialNumber, boolean ephemeral) {
+ super.createUserKey_enforcePermission();
+
try {
mVold.createUserKey(userId, serialNumber, ephemeral);
// New keys are always unlocked.
@@ -3055,6 +3091,8 @@
@Override
public void destroyUserKey(int userId) {
+ super.destroyUserKey_enforcePermission();
+
try {
mVold.destroyUserKey(userId);
// Destroying a key also locks it.
@@ -3070,6 +3108,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.STORAGE_INTERNAL)
@Override
public void setUserKeyProtection(@UserIdInt int userId, byte[] secret) throws RemoteException {
+ super.setUserKeyProtection_enforcePermission();
+
mVold.setUserKeyProtection(userId, HexDump.toHexString(secret));
}
@@ -3078,6 +3118,8 @@
@Override
public void unlockUserKey(@UserIdInt int userId, int serialNumber, byte[] secret)
throws RemoteException {
+ super.unlockUserKey_enforcePermission();
+
if (StorageManager.isFileEncrypted()) {
mVold.unlockUserKey(userId, serialNumber, HexDump.toHexString(secret));
}
@@ -3090,6 +3132,8 @@
@Override
public void lockUserKey(int userId) {
// Do not lock user 0 data for headless system user
+ super.lockUserKey_enforcePermission();
+
if (userId == UserHandle.USER_SYSTEM
&& UserManager.isHeadlessSystemUserMode()) {
throw new IllegalArgumentException("Headless system user data cannot be locked..");
@@ -3153,6 +3197,8 @@
@Override
public void prepareUserStorage(String volumeUuid, int userId, int serialNumber, int flags) {
+ super.prepareUserStorage_enforcePermission();
+
try {
prepareUserStorageInternal(volumeUuid, userId, serialNumber, flags);
} catch (Exception e) {
@@ -3196,6 +3242,8 @@
@Override
public void destroyUserStorage(String volumeUuid, int userId, int flags) {
+ super.destroyUserStorage_enforcePermission();
+
try {
mVold.destroyUserStorage(volumeUuid, userId, flags);
} catch (Exception e) {
@@ -4247,6 +4295,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.WRITE_MEDIA_STORAGE)
@Override
public int getExternalStorageMountMode(int uid, String packageName) {
+ super.getExternalStorageMountMode_enforcePermission();
+
return mStorageManagerInternal.getExternalStorageMountMode(uid, packageName);
}
diff --git a/services/core/java/com/android/server/app/GameServiceProviderInstanceImpl.java b/services/core/java/com/android/server/app/GameServiceProviderInstanceImpl.java
index 4aaf1ab..908cb3f 100644
--- a/services/core/java/com/android/server/app/GameServiceProviderInstanceImpl.java
+++ b/services/core/java/com/android/server/app/GameServiceProviderInstanceImpl.java
@@ -185,6 +185,8 @@
@Override
@EnforcePermission(MANAGE_GAME_ACTIVITY)
public void createGameSession(int taskId) {
+ super.createGameSession_enforcePermission();
+
mBackgroundExecutor.execute(() -> {
GameServiceProviderInstanceImpl.this.createGameSession(taskId);
});
@@ -197,6 +199,8 @@
@EnforcePermission(MANAGE_GAME_ACTIVITY)
public void takeScreenshot(int taskId,
@NonNull AndroidFuture gameScreenshotResultFuture) {
+ super.takeScreenshot_enforcePermission();
+
mBackgroundExecutor.execute(() -> {
GameServiceProviderInstanceImpl.this.takeScreenshot(taskId,
gameScreenshotResultFuture);
@@ -206,6 +210,8 @@
@Override
@EnforcePermission(MANAGE_GAME_ACTIVITY)
public void restartGame(int taskId) {
+ super.restartGame_enforcePermission();
+
mBackgroundExecutor.execute(() -> {
GameServiceProviderInstanceImpl.this.restartGame(taskId);
});
diff --git a/services/core/java/com/android/server/audio/AudioService.java b/services/core/java/com/android/server/audio/AudioService.java
index f3a9a69..81572b4 100644
--- a/services/core/java/com/android/server/audio/AudioService.java
+++ b/services/core/java/com/android/server/audio/AudioService.java
@@ -1859,6 +1859,8 @@
* @see AudioManager#setSupportedSystemUsages(int[])
*/
public void setSupportedSystemUsages(@NonNull @AttributeSystemUsage int[] systemUsages) {
+ super.setSupportedSystemUsages_enforcePermission();
+
verifySystemUsages(systemUsages);
synchronized (mSupportedSystemUsagesLock) {
@@ -1872,6 +1874,8 @@
* @see AudioManager#getSupportedSystemUsages()
*/
public @NonNull @AttributeSystemUsage int[] getSupportedSystemUsages() {
+ super.getSupportedSystemUsages_enforcePermission();
+
synchronized (mSupportedSystemUsagesLock) {
return Arrays.copyOf(mSupportedSystemUsages, mSupportedSystemUsages.length);
}
@@ -1893,6 +1897,8 @@
@NonNull
public List<AudioProductStrategy> getAudioProductStrategies() {
// verify permissions
+ super.getAudioProductStrategies_enforcePermission();
+
return AudioProductStrategy.getAudioProductStrategies();
}
@@ -1904,6 +1910,8 @@
@NonNull
public List<AudioVolumeGroup> getAudioVolumeGroups() {
// verify permissions
+ super.getAudioVolumeGroups_enforcePermission();
+
return AudioVolumeGroup.getAudioVolumeGroups();
}
@@ -2782,6 +2790,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioManager#removePreferredDeviceForStrategy(AudioProductStrategy) */
public int removePreferredDevicesForStrategy(int strategy) {
+ super.removePreferredDevicesForStrategy_enforcePermission();
+
final String logString =
String.format("removePreferredDeviceForStrategy strat:%d", strategy);
sDeviceLogger.log(new EventLogger.StringEvent(logString).printLog(TAG));
@@ -2799,6 +2809,8 @@
* @see AudioManager#getPreferredDevicesForStrategy(AudioProductStrategy)
*/
public List<AudioDeviceAttributes> getPreferredDevicesForStrategy(int strategy) {
+ super.getPreferredDevicesForStrategy_enforcePermission();
+
List<AudioDeviceAttributes> devices = new ArrayList<>();
final long identity = Binder.clearCallingIdentity();
final int status = AudioSystem.getDevicesForRoleAndStrategy(
@@ -2869,6 +2881,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioManager#clearPreferredDevicesForCapturePreset(int) */
public int clearPreferredDevicesForCapturePreset(int capturePreset) {
+ super.clearPreferredDevicesForCapturePreset_enforcePermission();
+
final String logString = String.format(
"removePreferredDeviceForCapturePreset source:%d", capturePreset);
sDeviceLogger.log(new EventLogger.StringEvent(logString).printLog(TAG));
@@ -2885,6 +2899,8 @@
* @see AudioManager#getPreferredDevicesForCapturePreset(int)
*/
public List<AudioDeviceAttributes> getPreferredDevicesForCapturePreset(int capturePreset) {
+ super.getPreferredDevicesForCapturePreset_enforcePermission();
+
List<AudioDeviceAttributes> devices = new ArrayList<>();
final long identity = Binder.clearCallingIdentity();
final int status = AudioSystem.getDevicesForRoleAndCapturePreset(
@@ -3617,6 +3633,8 @@
/** @see AudioManager#setVolumeIndexForAttributes(attr, int, int) */
public void setVolumeIndexForAttributes(@NonNull AudioAttributes attr, int index, int flags,
String callingPackage, String attributionTag) {
+ super.setVolumeIndexForAttributes_enforcePermission();
+
Objects.requireNonNull(attr, "attr must not be null");
final int volumeGroup = getVolumeGroupIdForAttributes(attr);
if (sVolumeGroupStates.indexOfKey(volumeGroup) < 0) {
@@ -3660,6 +3678,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioManager#getVolumeIndexForAttributes(attr) */
public int getVolumeIndexForAttributes(@NonNull AudioAttributes attr) {
+ super.getVolumeIndexForAttributes_enforcePermission();
+
Objects.requireNonNull(attr, "attr must not be null");
final int volumeGroup = getVolumeGroupIdForAttributes(attr);
if (sVolumeGroupStates.indexOfKey(volumeGroup) < 0) {
@@ -3672,6 +3692,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioManager#getMaxVolumeIndexForAttributes(attr) */
public int getMaxVolumeIndexForAttributes(@NonNull AudioAttributes attr) {
+ super.getMaxVolumeIndexForAttributes_enforcePermission();
+
Objects.requireNonNull(attr, "attr must not be null");
return AudioSystem.getMaxVolumeIndexForAttributes(attr);
}
@@ -3679,6 +3701,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioManager#getMinVolumeIndexForAttributes(attr) */
public int getMinVolumeIndexForAttributes(@NonNull AudioAttributes attr) {
+ super.getMinVolumeIndexForAttributes_enforcePermission();
+
Objects.requireNonNull(attr, "attr must not be null");
return AudioSystem.getMinVolumeIndexForAttributes(attr);
}
@@ -3785,6 +3809,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_ULTRASOUND)
/** @see AudioManager#isUltrasoundSupported() */
public boolean isUltrasoundSupported() {
+ super.isUltrasoundSupported_enforcePermission();
+
return AudioSystem.isUltrasoundSupported();
}
@@ -4602,6 +4628,8 @@
/** @see AudioManager#setMasterMute(boolean, int) */
public void setMasterMute(boolean mute, int flags, String callingPackage, int userId,
String attributionTag) {
+ super.setMasterMute_enforcePermission();
+
setMasterMuteInternal(mute, flags, callingPackage,
Binder.getCallingUid(), userId, Binder.getCallingPid(), attributionTag);
}
@@ -4646,6 +4674,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.QUERY_AUDIO_STATE)
/** Get last audible volume before stream was muted. */
public int getLastAudibleStreamVolume(int streamType) {
+ super.getLastAudibleStreamVolume_enforcePermission();
+
ensureValidStreamType(streamType);
int device = getDeviceForStream(streamType);
return (mStreamStates[streamType].getIndex(device) + 5) / 10;
@@ -5499,6 +5529,8 @@
/** @see AudioManager#isPstnCallAudioInterceptable() */
public boolean isPstnCallAudioInterceptable() {
+ super.isPstnCallAudioInterceptable_enforcePermission();
+
boolean uplinkDeviceFound = false;
boolean downlinkDeviceFound = false;
AudioDeviceInfo[] devices = AudioManager.getDevicesStatic(AudioManager.GET_DEVICES_ALL);
@@ -6890,6 +6922,8 @@
@AudioManager.DeviceVolumeBehavior int deviceVolumeBehavior, @Nullable String pkgName) {
// verify permissions
// verify arguments
+ super.setDeviceVolumeBehavior_enforcePermission();
+
Objects.requireNonNull(device);
AudioManager.enforceValidVolumeBehavior(deviceVolumeBehavior);
sVolumeLogger.log(new EventLogger.StringEvent("setDeviceVolumeBehavior: dev:"
@@ -7045,6 +7079,8 @@
*/
public void setWiredDeviceConnectionState(AudioDeviceAttributes attributes,
@ConnectionState int state, String caller) {
+ super.setWiredDeviceConnectionState_enforcePermission();
+
if (state != CONNECTION_STATE_CONNECTED
&& state != CONNECTION_STATE_DISCONNECTED) {
throw new IllegalArgumentException("Invalid state " + state);
@@ -9169,24 +9205,32 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#isAvailableForDevice(AudioDeviceAttributes) */
public boolean isSpatializerAvailableForDevice(@NonNull AudioDeviceAttributes device) {
+ super.isSpatializerAvailableForDevice_enforcePermission();
+
return mSpatializerHelper.isAvailableForDevice(Objects.requireNonNull(device));
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#hasHeadTracker(AudioDeviceAttributes) */
public boolean hasHeadTracker(@NonNull AudioDeviceAttributes device) {
+ super.hasHeadTracker_enforcePermission();
+
return mSpatializerHelper.hasHeadTracker(Objects.requireNonNull(device));
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#setHeadTrackerEnabled(boolean, AudioDeviceAttributes) */
public void setHeadTrackerEnabled(boolean enabled, @NonNull AudioDeviceAttributes device) {
+ super.setHeadTrackerEnabled_enforcePermission();
+
mSpatializerHelper.setHeadTrackerEnabled(enabled, Objects.requireNonNull(device));
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#isHeadTrackerEnabled(AudioDeviceAttributes) */
public boolean isHeadTrackerEnabled(@NonNull AudioDeviceAttributes device) {
+ super.isHeadTrackerEnabled_enforcePermission();
+
return mSpatializerHelper.isHeadTrackerEnabled(Objects.requireNonNull(device));
}
@@ -9198,6 +9242,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#setSpatializerEnabled(boolean) */
public void setSpatializerEnabled(boolean enabled) {
+ super.setSpatializerEnabled_enforcePermission();
+
mSpatializerHelper.setFeatureEnabled(enabled);
}
@@ -9227,6 +9273,8 @@
/** @see Spatializer#SpatializerHeadTrackingDispatcherStub */
public void registerSpatializerHeadTrackingCallback(
@NonNull ISpatializerHeadTrackingModeCallback cb) {
+ super.registerSpatializerHeadTrackingCallback_enforcePermission();
+
Objects.requireNonNull(cb);
mSpatializerHelper.registerHeadTrackingModeCallback(cb);
}
@@ -9235,6 +9283,8 @@
/** @see Spatializer#SpatializerHeadTrackingDispatcherStub */
public void unregisterSpatializerHeadTrackingCallback(
@NonNull ISpatializerHeadTrackingModeCallback cb) {
+ super.unregisterSpatializerHeadTrackingCallback_enforcePermission();
+
Objects.requireNonNull(cb);
mSpatializerHelper.unregisterHeadTrackingModeCallback(cb);
}
@@ -9250,6 +9300,8 @@
/** @see Spatializer#setOnHeadToSoundstagePoseUpdatedListener */
public void registerHeadToSoundstagePoseCallback(
@NonNull ISpatializerHeadToSoundStagePoseCallback cb) {
+ super.registerHeadToSoundstagePoseCallback_enforcePermission();
+
Objects.requireNonNull(cb);
mSpatializerHelper.registerHeadToSoundstagePoseCallback(cb);
}
@@ -9258,6 +9310,8 @@
/** @see Spatializer#clearOnHeadToSoundstagePoseUpdatedListener */
public void unregisterHeadToSoundstagePoseCallback(
@NonNull ISpatializerHeadToSoundStagePoseCallback cb) {
+ super.unregisterHeadToSoundstagePoseCallback_enforcePermission();
+
Objects.requireNonNull(cb);
mSpatializerHelper.unregisterHeadToSoundstagePoseCallback(cb);
}
@@ -9265,12 +9319,16 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#getSpatializerCompatibleAudioDevices() */
public @NonNull List<AudioDeviceAttributes> getSpatializerCompatibleAudioDevices() {
+ super.getSpatializerCompatibleAudioDevices_enforcePermission();
+
return mSpatializerHelper.getCompatibleAudioDevices();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#addSpatializerCompatibleAudioDevice(AudioDeviceAttributes) */
public void addSpatializerCompatibleAudioDevice(@NonNull AudioDeviceAttributes ada) {
+ super.addSpatializerCompatibleAudioDevice_enforcePermission();
+
Objects.requireNonNull(ada);
mSpatializerHelper.addCompatibleAudioDevice(ada);
}
@@ -9278,6 +9336,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#removeSpatializerCompatibleAudioDevice(AudioDeviceAttributes) */
public void removeSpatializerCompatibleAudioDevice(@NonNull AudioDeviceAttributes ada) {
+ super.removeSpatializerCompatibleAudioDevice_enforcePermission();
+
Objects.requireNonNull(ada);
mSpatializerHelper.removeCompatibleAudioDevice(ada);
}
@@ -9285,24 +9345,32 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#getSupportedHeadTrackingModes() */
public int[] getSupportedHeadTrackingModes() {
+ super.getSupportedHeadTrackingModes_enforcePermission();
+
return mSpatializerHelper.getSupportedHeadTrackingModes();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#getHeadTrackingMode() */
public int getActualHeadTrackingMode() {
+ super.getActualHeadTrackingMode_enforcePermission();
+
return mSpatializerHelper.getActualHeadTrackingMode();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#getDesiredHeadTrackingMode() */
public int getDesiredHeadTrackingMode() {
+ super.getDesiredHeadTrackingMode_enforcePermission();
+
return mSpatializerHelper.getDesiredHeadTrackingMode();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#setGlobalTransform */
public void setSpatializerGlobalTransform(@NonNull float[] transform) {
+ super.setSpatializerGlobalTransform_enforcePermission();
+
Objects.requireNonNull(transform);
mSpatializerHelper.setGlobalTransform(transform);
}
@@ -9310,12 +9378,16 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#recenterHeadTracker() */
public void recenterHeadTracker() {
+ super.recenterHeadTracker_enforcePermission();
+
mSpatializerHelper.recenterHeadTracker();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#setDesiredHeadTrackingMode */
public void setDesiredHeadTrackingMode(@Spatializer.HeadTrackingModeSet int mode) {
+ super.setDesiredHeadTrackingMode_enforcePermission();
+
switch(mode) {
case Spatializer.HEAD_TRACKING_MODE_DISABLED:
case Spatializer.HEAD_TRACKING_MODE_RELATIVE_WORLD:
@@ -9330,6 +9402,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#setEffectParameter */
public void setSpatializerParameter(int key, @NonNull byte[] value) {
+ super.setSpatializerParameter_enforcePermission();
+
Objects.requireNonNull(value);
mSpatializerHelper.setEffectParameter(key, value);
}
@@ -9337,6 +9411,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#getEffectParameter */
public void getSpatializerParameter(int key, @NonNull byte[] value) {
+ super.getSpatializerParameter_enforcePermission();
+
Objects.requireNonNull(value);
mSpatializerHelper.getEffectParameter(key, value);
}
@@ -9344,12 +9420,16 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#getOutput */
public int getSpatializerOutput() {
+ super.getSpatializerOutput_enforcePermission();
+
return mSpatializerHelper.getOutput();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#setOnSpatializerOutputChangedListener */
public void registerSpatializerOutputCallback(ISpatializerOutputCallback cb) {
+ super.registerSpatializerOutputCallback_enforcePermission();
+
Objects.requireNonNull(cb);
mSpatializerHelper.registerSpatializerOutputCallback(cb);
}
@@ -9357,6 +9437,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_DEFAULT_AUDIO_EFFECTS)
/** @see Spatializer#clearOnSpatializerOutputChangedListener */
public void unregisterSpatializerOutputCallback(ISpatializerOutputCallback cb) {
+ super.unregisterSpatializerOutputCallback_enforcePermission();
+
Objects.requireNonNull(cb);
mSpatializerHelper.unregisterSpatializerOutputCallback(cb);
}
@@ -9474,6 +9556,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioManager#getMutingExpectedDevice */
public @Nullable AudioDeviceAttributes getMutingExpectedDevice() {
+ super.getMutingExpectedDevice_enforcePermission();
+
synchronized (mMuteAwaitConnectionLock) {
return mMutingExpectedDevice;
}
@@ -9515,6 +9599,8 @@
/** @see AudioManager#registerMuteAwaitConnectionCallback */
public void registerMuteAwaitConnectionDispatcher(@NonNull IMuteAwaitConnectionCallback cb,
boolean register) {
+ super.registerMuteAwaitConnectionDispatcher_enforcePermission();
+
if (register) {
mMuteAwaitConnectionDispatchers.register(cb);
} else {
@@ -11040,6 +11126,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_AUDIO_ROUTING)
/** @see AudioPolicy#getFocusStack() */
public List<AudioFocusInfo> getFocusStack() {
+ super.getFocusStack_enforcePermission();
+
return mMediaFocusControl.getFocusStack();
}
@@ -11817,6 +11905,8 @@
// Multi Audio Focus
//======================
public void setMultiAudioFocusEnabled(boolean enabled) {
+ super.setMultiAudioFocusEnabled_enforcePermission();
+
if (mMediaFocusControl != null) {
boolean mafEnabled = mMediaFocusControl.getMultiAudioFocusEnabled();
if (mafEnabled != enabled) {
@@ -11919,6 +12009,8 @@
/** @see AudioManager#addAssistantServicesUids(int []) */
@Override
public void addAssistantServicesUids(int [] assistantUids) {
+ super.addAssistantServicesUids_enforcePermission();
+
Objects.requireNonNull(assistantUids);
synchronized (mSettingsLock) {
@@ -11930,6 +12022,8 @@
/** @see AudioManager#removeAssistantServicesUids(int []) */
@Override
public void removeAssistantServicesUids(int [] assistantUids) {
+ super.removeAssistantServicesUids_enforcePermission();
+
Objects.requireNonNull(assistantUids);
synchronized (mSettingsLock) {
removeAssistantServiceUidsLocked(assistantUids);
@@ -11940,6 +12034,8 @@
/** @see AudioManager#getAssistantServicesUids() */
@Override
public int[] getAssistantServicesUids() {
+ super.getAssistantServicesUids_enforcePermission();
+
int [] assistantUids;
synchronized (mSettingsLock) {
assistantUids = mAssistantUids.stream().mapToInt(Integer::intValue).toArray();
@@ -11951,6 +12047,8 @@
/** @see AudioManager#setActiveAssistantServiceUids(int []) */
@Override
public void setActiveAssistantServiceUids(int [] activeAssistantUids) {
+ super.setActiveAssistantServiceUids_enforcePermission();
+
Objects.requireNonNull(activeAssistantUids);
synchronized (mSettingsLock) {
mActiveAssistantServiceUids = activeAssistantUids;
@@ -11962,6 +12060,8 @@
/** @see AudioManager#getActiveAssistantServiceUids() */
@Override
public int[] getActiveAssistantServiceUids() {
+ super.getActiveAssistantServiceUids_enforcePermission();
+
int [] activeAssistantUids;
synchronized (mSettingsLock) {
activeAssistantUids = mActiveAssistantServiceUids.clone();
diff --git a/services/core/java/com/android/server/biometrics/AuthService.java b/services/core/java/com/android/server/biometrics/AuthService.java
index d2016c47..4358ee2 100644
--- a/services/core/java/com/android/server/biometrics/AuthService.java
+++ b/services/core/java/com/android/server/biometrics/AuthService.java
@@ -178,6 +178,8 @@
public ITestSession createTestSession(int sensorId, @NonNull ITestSessionCallback callback,
@NonNull String opPackageName) throws RemoteException {
+ super.createTestSession_enforcePermission();
+
final long identity = Binder.clearCallingIdentity();
try {
return mInjector.getBiometricService()
@@ -192,6 +194,8 @@
public List<SensorPropertiesInternal> getSensorProperties(String opPackageName)
throws RemoteException {
+ super.getSensorProperties_enforcePermission();
+
final long identity = Binder.clearCallingIdentity();
try {
// Get the result from BiometricService, since it is the source of truth for all
@@ -206,6 +210,8 @@
@Override
public String getUiPackage() {
+ super.getUiPackage_enforcePermission();
+
return getContext().getResources()
.getString(R.string.config_biometric_prompt_ui_package);
}
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index c29755a..cd30d26 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -495,6 +495,8 @@
public ITestSession createTestSession(int sensorId, @NonNull ITestSessionCallback callback,
@NonNull String opPackageName) throws RemoteException {
+ super.createTestSession_enforcePermission();
+
for (BiometricSensor sensor : mSensors) {
if (sensor.id == sensorId) {
return sensor.impl.createTestSession(callback, opPackageName);
@@ -510,6 +512,8 @@
public List<SensorPropertiesInternal> getSensorProperties(String opPackageName)
throws RemoteException {
+ super.getSensorProperties_enforcePermission();
+
final List<SensorPropertiesInternal> sensors = new ArrayList<>();
for (BiometricSensor sensor : mSensors) {
// Explicitly re-create as the super class, since AIDL doesn't play nicely with
@@ -526,6 +530,8 @@
@Override // Binder call
public void onReadyForAuthentication(long requestId, int cookie) {
+ super.onReadyForAuthentication_enforcePermission();
+
mHandler.post(() -> handleOnReadyForAuthentication(requestId, cookie));
}
@@ -534,6 +540,8 @@
public long authenticate(IBinder token, long operationId, int userId,
IBiometricServiceReceiver receiver, String opPackageName, PromptInfo promptInfo) {
+ super.authenticate_enforcePermission();
+
if (token == null || receiver == null || opPackageName == null || promptInfo == null) {
Slog.e(TAG, "Unable to authenticate, one or more null arguments");
return -1;
@@ -564,6 +572,8 @@
@Override // Binder call
public void cancelAuthentication(IBinder token, String opPackageName, long requestId) {
+ super.cancelAuthentication_enforcePermission();
+
SomeArgs args = SomeArgs.obtain();
args.arg1 = token;
args.arg2 = opPackageName;
@@ -577,6 +587,8 @@
public int canAuthenticate(String opPackageName, int userId, int callingUserId,
@Authenticators.Types int authenticators) {
+ super.canAuthenticate_enforcePermission();
+
Slog.d(TAG, "canAuthenticate: User=" + userId
+ ", Caller=" + callingUserId
+ ", Authenticators=" + authenticators);
@@ -599,6 +611,8 @@
@Override
public boolean hasEnrolledBiometrics(int userId, String opPackageName) {
+ super.hasEnrolledBiometrics_enforcePermission();
+
try {
for (BiometricSensor sensor : mSensors) {
if (sensor.impl.hasEnrolledTemplates(userId, opPackageName)) {
@@ -618,6 +632,8 @@
@Authenticators.Types int strength,
@NonNull IBiometricAuthenticator authenticator) {
+ super.registerAuthenticator_enforcePermission();
+
Slog.d(TAG, "Registering ID: " + id
+ " Modality: " + modality
+ " Strength: " + strength);
@@ -664,6 +680,8 @@
public void registerEnabledOnKeyguardCallback(
IBiometricEnabledOnKeyguardCallback callback, int callingUserId) {
+ super.registerEnabledOnKeyguardCallback_enforcePermission();
+
mEnabledOnKeyguardCallbacks.add(new EnabledOnKeyguardCallback(callback));
try {
callback.onChanged(mSettingObserver.getEnabledOnKeyguard(callingUserId),
@@ -678,6 +696,8 @@
public void invalidateAuthenticatorIds(int userId, int fromSensorId,
IInvalidationCallback callback) {
+ super.invalidateAuthenticatorIds_enforcePermission();
+
InvalidationTracker.start(getContext(), mSensors, userId, fromSensorId, callback);
}
@@ -685,6 +705,8 @@
@Override // Binder call
public long[] getAuthenticatorIds(int callingUserId) {
+ super.getAuthenticatorIds_enforcePermission();
+
final List<Long> authenticatorIds = new ArrayList<>();
for (BiometricSensor sensor : mSensors) {
try {
@@ -717,6 +739,8 @@
int userId, byte[] hardwareAuthToken) {
// Check originating strength
+ super.resetLockoutTimeBound_enforcePermission();
+
if (!Utils.isAtLeastStrength(getSensorForId(fromSensorId).getCurrentStrength(),
Authenticators.BIOMETRIC_STRONG)) {
Slog.w(TAG, "Sensor: " + fromSensorId + " is does not meet the required strength to"
@@ -754,6 +778,8 @@
@Override // Binder call
public int getCurrentStrength(int sensorId) {
+ super.getCurrentStrength_enforcePermission();
+
for (BiometricSensor sensor : mSensors) {
if (sensor.id == sensorId) {
return sensor.getCurrentStrength();
@@ -772,6 +798,8 @@
@Authenticators.Types int authenticators) {
+ super.getCurrentModality_enforcePermission();
+
Slog.d(TAG, "getCurrentModality: User=" + userId
+ ", Caller=" + callingUserId
+ ", Authenticators=" + authenticators);
@@ -794,6 +822,8 @@
@Override // Binder call
public int getSupportedModalities(@Authenticators.Types int authenticators) {
+ super.getSupportedModalities_enforcePermission();
+
Slog.d(TAG, "getSupportedModalities: Authenticators=" + authenticators);
if (!Utils.isValidAuthenticatorConfig(authenticators)) {
diff --git a/services/core/java/com/android/server/biometrics/sensors/face/FaceService.java b/services/core/java/com/android/server/biometrics/sensors/face/FaceService.java
index 7a5b584..33d3b64 100644
--- a/services/core/java/com/android/server/biometrics/sensors/face/FaceService.java
+++ b/services/core/java/com/android/server/biometrics/sensors/face/FaceService.java
@@ -99,6 +99,8 @@
@Override
public ITestSession createTestSession(int sensorId, @NonNull ITestSessionCallback callback,
@NonNull String opPackageName) {
+ super.createTestSession_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
@@ -112,6 +114,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer) {
+ super.dumpSensorServiceStateProto_enforcePermission();
+
final ProtoOutputStream proto = new ProtoOutputStream();
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider != null) {
@@ -125,6 +129,8 @@
@Override // Binder call
public List<FaceSensorPropertiesInternal> getSensorPropertiesInternal(
String opPackageName) {
+ super.getSensorPropertiesInternal_enforcePermission();
+
return mRegistry.getAllProperties();
}
@@ -132,6 +138,8 @@
@Override // Binder call
public FaceSensorPropertiesInternal getSensorProperties(int sensorId,
@NonNull String opPackageName) {
+ super.getSensorProperties_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching sensor for getSensorProperties, sensorId: " + sensorId
@@ -146,6 +154,8 @@
@Override // Binder call
public void generateChallenge(IBinder token, int sensorId, int userId,
IFaceServiceReceiver receiver, String opPackageName) {
+ super.generateChallenge_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching sensor for generateChallenge, sensorId: " + sensorId);
@@ -159,6 +169,8 @@
@Override // Binder call
public void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName,
long challenge) {
+ super.revokeChallenge_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching sensor for revokeChallenge, sensorId: " + sensorId);
@@ -173,6 +185,8 @@
public long enroll(int userId, final IBinder token, final byte[] hardwareAuthToken,
final IFaceServiceReceiver receiver, final String opPackageName,
final int[] disabledFeatures, Surface previewSurface, boolean debugConsent) {
+ super.enroll_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for enroll");
@@ -201,12 +215,16 @@
final IFaceServiceReceiver receiver, final String opPackageName,
final int[] disabledFeatures) {
// TODO(b/145027036): Implement this.
+ super.enrollRemotely_enforcePermission();
+
return -1;
}
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_BIOMETRIC)
@Override // Binder call
public void cancelEnrollment(final IBinder token, long requestId) {
+ super.cancelEnrollment_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for cancelEnrollment");
@@ -224,6 +242,8 @@
// TODO(b/152413782): If the sensor supports face detect and the device is encrypted or
// lockdown, something wrong happened. See similar path in FingerprintService.
+ super.authenticate_enforcePermission();
+
final boolean restricted = false; // Face APIs are private
final int statsClient = Utils.isKeyguard(getContext(), opPackageName)
? BiometricsProtoEnums.CLIENT_KEYGUARD
@@ -249,6 +269,8 @@
@Override // Binder call
public long detectFace(final IBinder token, final int userId,
final IFaceServiceReceiver receiver, final String opPackageName) {
+ super.detectFace_enforcePermission();
+
if (!Utils.isKeyguard(getContext(), opPackageName)) {
Slog.w(TAG, "detectFace called from non-sysui package: " + opPackageName);
return -1;
@@ -278,6 +300,8 @@
IBinder token, long operationId, int userId,
IBiometricSensorReceiver sensorReceiver, String opPackageName, long requestId,
int cookie, boolean allowBackgroundAuthentication) {
+ super.prepareForAuthentication_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for prepareForAuthentication");
@@ -295,6 +319,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public void startPreparedClient(int sensorId, int cookie) {
+ super.startPreparedClient_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for startPreparedClient");
@@ -308,6 +334,8 @@
@Override // Binder call
public void cancelAuthentication(final IBinder token, final String opPackageName,
final long requestId) {
+ super.cancelAuthentication_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for cancelAuthentication");
@@ -321,6 +349,8 @@
@Override // Binder call
public void cancelFaceDetect(final IBinder token, final String opPackageName,
final long requestId) {
+ super.cancelFaceDetect_enforcePermission();
+
if (!Utils.isKeyguard(getContext(), opPackageName)) {
Slog.w(TAG, "cancelFaceDetect called from non-sysui package: "
+ opPackageName);
@@ -340,6 +370,8 @@
@Override // Binder call
public void cancelAuthenticationFromService(int sensorId, final IBinder token,
final String opPackageName, final long requestId) {
+ super.cancelAuthenticationFromService_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for cancelAuthenticationFromService");
@@ -353,6 +385,8 @@
@Override // Binder call
public void remove(final IBinder token, final int faceId, final int userId,
final IFaceServiceReceiver receiver, final String opPackageName) {
+ super.remove_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for remove");
@@ -367,6 +401,8 @@
@Override // Binder call
public void removeAll(final IBinder token, final int userId,
final IFaceServiceReceiver receiver, final String opPackageName) {
+ super.removeAll_enforcePermission();
+
final FaceServiceReceiver internalReceiver = new FaceServiceReceiver() {
int sensorsFinishedRemoving = 0;
final int numSensors = getSensorPropertiesInternal(
@@ -399,6 +435,8 @@
@Override // Binder call
public void addLockoutResetCallback(final IBiometricServiceLockoutResetCallback callback,
final String opPackageName) {
+ super.addLockoutResetCallback_enforcePermission();
+
mLockoutResetDispatcher.addCallback(callback, opPackageName);
}
@@ -458,6 +496,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public boolean isHardwareDetected(int sensorId, String opPackageName) {
+ super.isHardwareDetected_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
@@ -474,6 +514,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public List<Face> getEnrolledFaces(int sensorId, int userId, String opPackageName) {
+ super.getEnrolledFaces_enforcePermission();
+
if (userId != UserHandle.getCallingUserId()) {
Utils.checkPermission(getContext(), INTERACT_ACROSS_USERS);
}
@@ -490,6 +532,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public boolean hasEnrolledFaces(int sensorId, int userId, String opPackageName) {
+ super.hasEnrolledFaces_enforcePermission();
+
if (userId != UserHandle.getCallingUserId()) {
Utils.checkPermission(getContext(), INTERACT_ACROSS_USERS);
}
@@ -506,6 +550,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public @LockoutTracker.LockoutMode int getLockoutModeForUser(int sensorId, int userId) {
+ super.getLockoutModeForUser_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for getLockoutModeForUser");
@@ -519,6 +565,8 @@
@Override
public void invalidateAuthenticatorId(int sensorId, int userId,
IInvalidationCallback callback) {
+ super.invalidateAuthenticatorId_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for invalidateAuthenticatorId");
@@ -531,6 +579,8 @@
@Override // Binder call
public long getAuthenticatorId(int sensorId, int userId) {
+ super.getAuthenticatorId_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for getAuthenticatorId");
@@ -544,6 +594,8 @@
@Override // Binder call
public void resetLockout(IBinder token, int sensorId, int userId, byte[] hardwareAuthToken,
String opPackageName) {
+ super.resetLockout_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for resetLockout, caller: " + opPackageName);
@@ -558,6 +610,8 @@
public void setFeature(final IBinder token, int userId, int feature, boolean enabled,
final byte[] hardwareAuthToken, IFaceServiceReceiver receiver,
final String opPackageName) {
+ super.setFeature_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for setFeature");
@@ -572,6 +626,8 @@
@Override
public void getFeature(final IBinder token, int userId, int feature,
IFaceServiceReceiver receiver, final String opPackageName) {
+ super.getFeature_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for getFeature");
@@ -615,6 +671,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
public void registerAuthenticators(
@NonNull List<FaceSensorPropertiesInternal> hidlSensors) {
+ super.registerAuthenticators_enforcePermission();
+
mRegistry.registerAll(() -> {
final List<ServiceProvider> providers = new ArrayList<>();
for (FaceSensorPropertiesInternal hidlSensor : hidlSensors) {
diff --git a/services/core/java/com/android/server/biometrics/sensors/face/aidl/BiometricTestSessionImpl.java b/services/core/java/com/android/server/biometrics/sensors/face/aidl/BiometricTestSessionImpl.java
index cfbb5dc..7a13c91 100644
--- a/services/core/java/com/android/server/biometrics/sensors/face/aidl/BiometricTestSessionImpl.java
+++ b/services/core/java/com/android/server/biometrics/sensors/face/aidl/BiometricTestSessionImpl.java
@@ -139,6 +139,8 @@
@Override
public void setTestHalEnabled(boolean enabled) {
+ super.setTestHalEnabled_enforcePermission();
+
mProvider.setTestHalEnabled(enabled);
mSensor.setTestHalEnabled(enabled);
}
@@ -147,6 +149,8 @@
@Override
public void startEnroll(int userId) {
+ super.startEnroll_enforcePermission();
+
mProvider.scheduleEnroll(mSensorId, new Binder(), new byte[69], userId, mReceiver,
mContext.getOpPackageName(), new int[0] /* disabledFeatures */,
null /* previewSurface */, false /* debugConsent */);
@@ -156,6 +160,8 @@
@Override
public void finishEnroll(int userId) {
+ super.finishEnroll_enforcePermission();
+
int nextRandomId = mRandom.nextInt();
while (mEnrollmentIds.contains(nextRandomId)) {
nextRandomId = mRandom.nextInt();
@@ -171,6 +177,8 @@
public void acceptAuthentication(int userId) {
// Fake authentication with any of the existing faces
+ super.acceptAuthentication_enforcePermission();
+
List<Face> faces = FaceUtils.getInstance(mSensorId)
.getBiometricsForUser(mContext, userId);
if (faces.isEmpty()) {
@@ -186,6 +194,8 @@
@Override
public void rejectAuthentication(int userId) {
+ super.rejectAuthentication_enforcePermission();
+
mSensor.getSessionForUser(userId).getHalSessionCallback().onAuthenticationFailed();
}
@@ -194,6 +204,8 @@
@Override
public void notifyAcquired(int userId, int acquireInfo) {
+ super.notifyAcquired_enforcePermission();
+
BaseFrame data = new BaseFrame();
data.acquiredInfo = (byte) acquireInfo;
@@ -210,6 +222,8 @@
@Override
public void notifyError(int userId, int errorCode) {
+ super.notifyError_enforcePermission();
+
mSensor.getSessionForUser(userId).getHalSessionCallback().onError((byte) errorCode,
0 /* vendorCode */);
}
@@ -218,6 +232,8 @@
@Override
public void cleanupInternalState(int userId) {
+ super.cleanupInternalState_enforcePermission();
+
Slog.d(TAG, "cleanupInternalState: " + userId);
mProvider.scheduleInternalCleanup(mSensorId, userId, new ClientMonitorCallback() {
@Override
diff --git a/services/core/java/com/android/server/biometrics/sensors/face/hidl/BiometricTestSessionImpl.java b/services/core/java/com/android/server/biometrics/sensors/face/hidl/BiometricTestSessionImpl.java
index 7a6a274f..151ffaa 100644
--- a/services/core/java/com/android/server/biometrics/sensors/face/hidl/BiometricTestSessionImpl.java
+++ b/services/core/java/com/android/server/biometrics/sensors/face/hidl/BiometricTestSessionImpl.java
@@ -130,6 +130,8 @@
@Override
public void setTestHalEnabled(boolean enabled) {
+ super.setTestHalEnabled_enforcePermission();
+
mFace10.setTestHalEnabled(enabled);
}
@@ -137,6 +139,8 @@
@Override
public void startEnroll(int userId) {
+ super.startEnroll_enforcePermission();
+
mFace10.scheduleEnroll(mSensorId, new Binder(), new byte[69], userId, mReceiver,
mContext.getOpPackageName(), new int[0] /* disabledFeatures */,
null /* previewSurface */, false /* debugConsent */);
@@ -146,6 +150,8 @@
@Override
public void finishEnroll(int userId) {
+ super.finishEnroll_enforcePermission();
+
int nextRandomId = mRandom.nextInt();
while (mEnrollmentIds.contains(nextRandomId)) {
nextRandomId = mRandom.nextInt();
@@ -161,6 +167,8 @@
public void acceptAuthentication(int userId) {
// Fake authentication with any of the existing fingers
+ super.acceptAuthentication_enforcePermission();
+
List<Face> faces = FaceUtils.getLegacyInstance(mSensorId)
.getBiometricsForUser(mContext, userId);
if (faces.isEmpty()) {
@@ -176,6 +184,8 @@
@Override
public void rejectAuthentication(int userId) {
+ super.rejectAuthentication_enforcePermission();
+
mHalResultController.onAuthenticated(0 /* deviceId */, 0 /* faceId */, userId, null);
}
@@ -183,6 +193,8 @@
@Override
public void notifyAcquired(int userId, int acquireInfo) {
+ super.notifyAcquired_enforcePermission();
+
mHalResultController.onAcquired(0 /* deviceId */, userId, acquireInfo, 0 /* vendorCode */);
}
@@ -190,6 +202,8 @@
@Override
public void notifyError(int userId, int errorCode) {
+ super.notifyError_enforcePermission();
+
mHalResultController.onError(0 /* deviceId */, userId, errorCode, 0 /* vendorCode */);
}
@@ -197,6 +211,8 @@
@Override
public void cleanupInternalState(int userId) {
+ super.cleanupInternalState_enforcePermission();
+
mFace10.scheduleInternalCleanup(mSensorId, userId, new ClientMonitorCallback() {
@Override
public void onClientStarted(@NonNull BaseClientMonitor clientMonitor) {
diff --git a/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java b/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
index b0dc28d..4d3173e 100644
--- a/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
@@ -132,6 +132,8 @@
@Override
public ITestSession createTestSession(int sensorId, @NonNull ITestSessionCallback callback,
@NonNull String opPackageName) {
+ super.createTestSession_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
@@ -145,6 +147,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer) {
+ super.dumpSensorServiceStateProto_enforcePermission();
+
final ProtoOutputStream proto = new ProtoOutputStream();
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider != null) {
@@ -168,6 +172,8 @@
@Override
public FingerprintSensorPropertiesInternal getSensorProperties(int sensorId,
@NonNull String opPackageName) {
+ super.getSensorProperties_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching sensor for getSensorProperties, sensorId: " + sensorId
@@ -181,6 +187,8 @@
@Override // Binder call
public void generateChallenge(IBinder token, int sensorId, int userId,
IFingerprintServiceReceiver receiver, String opPackageName) {
+ super.generateChallenge_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching sensor for generateChallenge, sensorId: " + sensorId);
@@ -194,6 +202,8 @@
@Override // Binder call
public void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName,
long challenge) {
+ super.revokeChallenge_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching sensor for revokeChallenge, sensorId: " + sensorId);
@@ -209,6 +219,8 @@
public long enroll(final IBinder token, @NonNull final byte[] hardwareAuthToken,
final int userId, final IFingerprintServiceReceiver receiver,
final String opPackageName, @FingerprintManager.EnrollReason int enrollReason) {
+ super.enroll_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for enroll");
@@ -222,6 +234,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT)
@Override // Binder call
public void cancelEnrollment(final IBinder token, long requestId) {
+ super.cancelEnrollment_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for cancelEnrollment");
@@ -398,6 +412,8 @@
@Override
public long detectFingerprint(final IBinder token, final int userId,
final IFingerprintServiceReceiver receiver, final String opPackageName) {
+ super.detectFingerprint_enforcePermission();
+
if (!Utils.isKeyguard(getContext(), opPackageName)) {
Slog.w(TAG, "detectFingerprint called from non-sysui package: " + opPackageName);
return -1;
@@ -426,6 +442,8 @@
public void prepareForAuthentication(int sensorId, IBinder token, long operationId,
int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName,
long requestId, int cookie, boolean allowBackgroundAuthentication) {
+ super.prepareForAuthentication_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for prepareForAuthentication");
@@ -442,6 +460,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_BIOMETRIC)
@Override // Binder call
public void startPreparedClient(int sensorId, int cookie) {
+ super.startPreparedClient_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for startPreparedClient");
@@ -485,6 +505,8 @@
@Override // Binder call
public void cancelFingerprintDetect(final IBinder token, final String opPackageName,
final long requestId) {
+ super.cancelFingerprintDetect_enforcePermission();
+
if (!Utils.isKeyguard(getContext(), opPackageName)) {
Slog.w(TAG, "cancelFingerprintDetect called from non-sysui package: "
+ opPackageName);
@@ -506,6 +528,8 @@
@Override // Binder call
public void cancelAuthenticationFromService(final int sensorId, final IBinder token,
final String opPackageName, final long requestId) {
+ super.cancelAuthenticationFromService_enforcePermission();
+
Slog.d(TAG, "cancelAuthenticationFromService, sensorId: " + sensorId);
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
@@ -521,6 +545,8 @@
@Override // Binder call
public void remove(final IBinder token, final int fingerId, final int userId,
final IFingerprintServiceReceiver receiver, final String opPackageName) {
+ super.remove_enforcePermission();
+
final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider();
if (provider == null) {
Slog.w(TAG, "Null provider for remove");
@@ -535,6 +561,8 @@
public void removeAll(final IBinder token, final int userId,
final IFingerprintServiceReceiver receiver, final String opPackageName) {
+ super.removeAll_enforcePermission();
+
final FingerprintServiceReceiver internalReceiver = new FingerprintServiceReceiver() {
int sensorsFinishedRemoving = 0;
final int numSensors = getSensorPropertiesInternal(
@@ -567,6 +595,8 @@
@Override // Binder call
public void addLockoutResetCallback(final IBiometricServiceLockoutResetCallback callback,
final String opPackageName) {
+ super.addLockoutResetCallback_enforcePermission();
+
mLockoutResetDispatcher.addCallback(callback, opPackageName);
}
@@ -650,6 +680,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public boolean isHardwareDetected(int sensorId, String opPackageName) {
+ super.isHardwareDetected_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for isHardwareDetected, caller: " + opPackageName);
@@ -662,6 +694,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT)
@Override // Binder call
public void rename(final int fingerId, final int userId, final String name) {
+ super.rename_enforcePermission();
+
if (!Utils.isCurrentUserOrProfile(getContext(), userId)) {
return;
}
@@ -717,6 +751,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
public boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName) {
+ super.hasEnrolledFingerprints_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for hasEnrolledFingerprints, caller: " + opPackageName);
@@ -729,6 +765,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public @LockoutTracker.LockoutMode int getLockoutModeForUser(int sensorId, int userId) {
+ super.getLockoutModeForUser_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for getLockoutModeForUser");
@@ -741,6 +779,8 @@
@Override
public void invalidateAuthenticatorId(int sensorId, int userId,
IInvalidationCallback callback) {
+ super.invalidateAuthenticatorId_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for invalidateAuthenticatorId");
@@ -752,6 +792,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override // Binder call
public long getAuthenticatorId(int sensorId, int userId) {
+ super.getAuthenticatorId_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for getAuthenticatorId");
@@ -764,6 +806,8 @@
@Override // Binder call
public void resetLockout(IBinder token, int sensorId, int userId,
@Nullable byte[] hardwareAuthToken, String opPackageName) {
+ super.resetLockout_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "Null provider for resetLockout, caller: " + opPackageName);
@@ -776,18 +820,24 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT)
@Override
public boolean isClientActive() {
+ super.isClientActive_enforcePermission();
+
return mGestureAvailabilityDispatcher.isAnySensorActive();
}
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT)
@Override
public void addClientActiveCallback(IFingerprintClientActiveCallback callback) {
+ super.addClientActiveCallback_enforcePermission();
+
mGestureAvailabilityDispatcher.registerCallback(callback);
}
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT)
@Override
public void removeClientActiveCallback(IFingerprintClientActiveCallback callback) {
+ super.removeClientActiveCallback_enforcePermission();
+
mGestureAvailabilityDispatcher.removeCallback(callback);
}
@@ -795,6 +845,8 @@
@Override // Binder call
public void registerAuthenticators(
@NonNull List<FingerprintSensorPropertiesInternal> hidlSensors) {
+ super.registerAuthenticators_enforcePermission();
+
mRegistry.registerAll(() -> {
final List<ServiceProvider> providers = new ArrayList<>();
providers.addAll(getHidlProviders(hidlSensors));
@@ -813,12 +865,16 @@
@Override
public void addAuthenticatorsRegisteredCallback(
IFingerprintAuthenticatorsRegisteredCallback callback) {
+ super.addAuthenticatorsRegisteredCallback_enforcePermission();
+
mRegistry.addAllRegisteredCallback(callback);
}
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public void registerBiometricStateListener(@NonNull IBiometricStateListener listener) {
+ super.registerBiometricStateListener_enforcePermission();
+
mBiometricStateCallback.registerBiometricStateListener(listener);
}
@@ -826,6 +882,8 @@
@Override
public void onPointerDown(long requestId, int sensorId, int x, int y,
float minor, float major) {
+ super.onPointerDown_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching provider for onFingerDown, sensorId: " + sensorId);
@@ -837,6 +895,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public void onPointerUp(long requestId, int sensorId) {
+ super.onPointerUp_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching provider for onFingerUp, sensorId: " + sensorId);
@@ -848,6 +908,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public void onUiReady(long requestId, int sensorId) {
+ super.onUiReady_enforcePermission();
+
final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId);
if (provider == null) {
Slog.w(TAG, "No matching provider for onUiReady, sensorId: " + sensorId);
@@ -859,6 +921,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public void setUdfpsOverlayController(@NonNull IUdfpsOverlayController controller) {
+ super.setUdfpsOverlayController_enforcePermission();
+
for (ServiceProvider provider : mRegistry.getProviders()) {
provider.setUdfpsOverlayController(controller);
}
@@ -867,6 +931,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public void setSidefpsController(@NonNull ISidefpsController controller) {
+ super.setSidefpsController_enforcePermission();
+
for (ServiceProvider provider : mRegistry.getProviders()) {
provider.setSidefpsController(controller);
}
@@ -875,6 +941,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL)
@Override
public void onPowerPressed() {
+ super.onPowerPressed_enforcePermission();
+
for (ServiceProvider provider : mRegistry.getProviders()) {
provider.onPowerPressed();
}
diff --git a/services/core/java/com/android/server/biometrics/sensors/fingerprint/aidl/BiometricTestSessionImpl.java b/services/core/java/com/android/server/biometrics/sensors/fingerprint/aidl/BiometricTestSessionImpl.java
index 4181b99..135eccf 100644
--- a/services/core/java/com/android/server/biometrics/sensors/fingerprint/aidl/BiometricTestSessionImpl.java
+++ b/services/core/java/com/android/server/biometrics/sensors/fingerprint/aidl/BiometricTestSessionImpl.java
@@ -135,6 +135,8 @@
@Override
public void setTestHalEnabled(boolean enabled) {
+ super.setTestHalEnabled_enforcePermission();
+
mProvider.setTestHalEnabled(enabled);
mSensor.setTestHalEnabled(enabled);
}
@@ -143,6 +145,8 @@
@Override
public void startEnroll(int userId) {
+ super.startEnroll_enforcePermission();
+
mProvider.scheduleEnroll(mSensorId, new Binder(), new byte[69], userId, mReceiver,
mContext.getOpPackageName(), FingerprintManager.ENROLL_ENROLL);
}
@@ -151,6 +155,8 @@
@Override
public void finishEnroll(int userId) {
+ super.finishEnroll_enforcePermission();
+
int nextRandomId = mRandom.nextInt();
while (mEnrollmentIds.contains(nextRandomId)) {
nextRandomId = mRandom.nextInt();
@@ -166,6 +172,8 @@
public void acceptAuthentication(int userId) {
// Fake authentication with any of the existing fingers
+ super.acceptAuthentication_enforcePermission();
+
List<Fingerprint> fingerprints = FingerprintUtils.getInstance(mSensorId)
.getBiometricsForUser(mContext, userId);
if (fingerprints.isEmpty()) {
@@ -181,6 +189,8 @@
@Override
public void rejectAuthentication(int userId) {
+ super.rejectAuthentication_enforcePermission();
+
mSensor.getSessionForUser(userId).getHalSessionCallback().onAuthenticationFailed();
}
@@ -188,6 +198,8 @@
@Override
public void notifyAcquired(int userId, int acquireInfo) {
+ super.notifyAcquired_enforcePermission();
+
mSensor.getSessionForUser(userId).getHalSessionCallback()
.onAcquired((byte) acquireInfo, 0 /* vendorCode */);
}
@@ -196,6 +208,8 @@
@Override
public void notifyError(int userId, int errorCode) {
+ super.notifyError_enforcePermission();
+
mSensor.getSessionForUser(userId).getHalSessionCallback().onError((byte) errorCode,
0 /* vendorCode */);
}
@@ -204,6 +218,8 @@
@Override
public void cleanupInternalState(int userId) {
+ super.cleanupInternalState_enforcePermission();
+
Slog.d(TAG, "cleanupInternalState: " + userId);
mProvider.scheduleInternalCleanup(mSensorId, userId, new ClientMonitorCallback() {
@Override
diff --git a/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/BiometricTestSessionImpl.java b/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/BiometricTestSessionImpl.java
index 682c005..86a9f79 100644
--- a/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/BiometricTestSessionImpl.java
+++ b/services/core/java/com/android/server/biometrics/sensors/fingerprint/hidl/BiometricTestSessionImpl.java
@@ -136,6 +136,8 @@
@Override
public void setTestHalEnabled(boolean enabled) {
+ super.setTestHalEnabled_enforcePermission();
+
mFingerprint21.setTestHalEnabled(enabled);
}
@@ -143,6 +145,8 @@
@Override
public void startEnroll(int userId) {
+ super.startEnroll_enforcePermission();
+
mFingerprint21.scheduleEnroll(mSensorId, new Binder(), new byte[69], userId, mReceiver,
mContext.getOpPackageName(), FingerprintManager.ENROLL_ENROLL);
}
@@ -151,6 +155,8 @@
@Override
public void finishEnroll(int userId) {
+ super.finishEnroll_enforcePermission();
+
int nextRandomId = mRandom.nextInt();
while (mEnrollmentIds.contains(nextRandomId)) {
nextRandomId = mRandom.nextInt();
@@ -166,6 +172,8 @@
public void acceptAuthentication(int userId) {
// Fake authentication with any of the existing fingers
+ super.acceptAuthentication_enforcePermission();
+
List<Fingerprint> fingerprints = FingerprintUtils.getLegacyInstance(mSensorId)
.getBiometricsForUser(mContext, userId);
if (fingerprints.isEmpty()) {
@@ -181,6 +189,8 @@
@Override
public void rejectAuthentication(int userId) {
+ super.rejectAuthentication_enforcePermission();
+
mHalResultController.onAuthenticated(0 /* deviceId */, 0 /* fingerId */, userId, null);
}
@@ -188,6 +198,8 @@
@Override
public void notifyAcquired(int userId, int acquireInfo) {
+ super.notifyAcquired_enforcePermission();
+
mHalResultController.onAcquired(0 /* deviceId */, acquireInfo, 0 /* vendorCode */);
}
@@ -195,6 +207,8 @@
@Override
public void notifyError(int userId, int errorCode) {
+ super.notifyError_enforcePermission();
+
mHalResultController.onError(0 /* deviceId */, errorCode, 0 /* vendorCode */);
}
@@ -202,6 +216,8 @@
@Override
public void cleanupInternalState(int userId) {
+ super.cleanupInternalState_enforcePermission();
+
mFingerprint21.scheduleInternalCleanup(mSensorId, userId, new ClientMonitorCallback() {
@Override
public void onClientStarted(@NonNull BaseClientMonitor clientMonitor) {
diff --git a/services/core/java/com/android/server/biometrics/sensors/iris/IrisService.java b/services/core/java/com/android/server/biometrics/sensors/iris/IrisService.java
index ff1e762..35ea36c 100644
--- a/services/core/java/com/android/server/biometrics/sensors/iris/IrisService.java
+++ b/services/core/java/com/android/server/biometrics/sensors/iris/IrisService.java
@@ -63,6 +63,8 @@
// to wait, and some of the operations below might take a significant amount of time to
// complete (calls to the HALs). To avoid blocking the rest of system server we put
// this on a background thread.
+ super.registerAuthenticators_enforcePermission();
+
final ServiceThread thread = new ServiceThread(TAG, Process.THREAD_PRIORITY_BACKGROUND,
true /* allowIo */);
thread.start();
diff --git a/services/core/java/com/android/server/compat/PlatformCompat.java b/services/core/java/com/android/server/compat/PlatformCompat.java
index 387e00f..2c83c6f 100644
--- a/services/core/java/com/android/server/compat/PlatformCompat.java
+++ b/services/core/java/com/android/server/compat/PlatformCompat.java
@@ -95,6 +95,8 @@
@Override
@EnforcePermission(LOG_COMPAT_CHANGE)
public void reportChange(long changeId, ApplicationInfo appInfo) {
+ super.reportChange_enforcePermission();
+
reportChangeInternal(changeId, appInfo.uid, ChangeReporter.STATE_LOGGED);
}
@@ -102,6 +104,8 @@
@EnforcePermission(LOG_COMPAT_CHANGE)
public void reportChangeByPackageName(long changeId, String packageName,
@UserIdInt int userId) {
+ super.reportChangeByPackageName_enforcePermission();
+
ApplicationInfo appInfo = getApplicationInfo(packageName, userId);
if (appInfo != null) {
reportChangeInternal(changeId, appInfo.uid, ChangeReporter.STATE_LOGGED);
@@ -111,6 +115,8 @@
@Override
@EnforcePermission(LOG_COMPAT_CHANGE)
public void reportChangeByUid(long changeId, int uid) {
+ super.reportChangeByUid_enforcePermission();
+
reportChangeInternal(changeId, uid, ChangeReporter.STATE_LOGGED);
}
@@ -121,6 +127,8 @@
@Override
@EnforcePermission(allOf = {LOG_COMPAT_CHANGE, READ_COMPAT_CHANGE_CONFIG})
public boolean isChangeEnabled(long changeId, ApplicationInfo appInfo) {
+ super.isChangeEnabled_enforcePermission();
+
return isChangeEnabledInternal(changeId, appInfo);
}
@@ -128,6 +136,8 @@
@EnforcePermission(allOf = {LOG_COMPAT_CHANGE, READ_COMPAT_CHANGE_CONFIG})
public boolean isChangeEnabledByPackageName(long changeId, String packageName,
@UserIdInt int userId) {
+ super.isChangeEnabledByPackageName_enforcePermission();
+
ApplicationInfo appInfo = getApplicationInfo(packageName, userId);
if (appInfo == null) {
return mCompatConfig.willChangeBeEnabled(changeId, packageName);
@@ -138,6 +148,8 @@
@Override
@EnforcePermission(allOf = {LOG_COMPAT_CHANGE, READ_COMPAT_CHANGE_CONFIG})
public boolean isChangeEnabledByUid(long changeId, int uid) {
+ super.isChangeEnabledByUid_enforcePermission();
+
String[] packages = mContext.getPackageManager().getPackagesForUid(uid);
if (packages == null || packages.length == 0) {
return mCompatConfig.defaultChangeIdValue(changeId);
@@ -199,6 +211,8 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public void setOverrides(CompatibilityChangeConfig overrides, String packageName) {
+ super.setOverrides_enforcePermission();
+
Map<Long, PackageOverride> overridesMap = new HashMap<>();
for (long change : overrides.enabledChanges()) {
overridesMap.put(change, new PackageOverride.Builder().setEnabled(true).build());
@@ -215,6 +229,8 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public void setOverridesForTest(CompatibilityChangeConfig overrides, String packageName) {
+ super.setOverridesForTest_enforcePermission();
+
Map<Long, PackageOverride> overridesMap = new HashMap<>();
for (long change : overrides.enabledChanges()) {
overridesMap.put(change, new PackageOverride.Builder().setEnabled(true).build());
@@ -231,6 +247,8 @@
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG_ON_RELEASE_BUILD)
public void putAllOverridesOnReleaseBuilds(
CompatibilityOverridesByPackageConfig overridesByPackage) {
+ super.putAllOverridesOnReleaseBuilds_enforcePermission();
+
for (CompatibilityOverrideConfig overrides :
overridesByPackage.packageNameToOverrides.values()) {
checkAllCompatOverridesAreOverridable(overrides.overrides.keySet());
@@ -242,6 +260,8 @@
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG_ON_RELEASE_BUILD)
public void putOverridesOnReleaseBuilds(CompatibilityOverrideConfig overrides,
String packageName) {
+ super.putOverridesOnReleaseBuilds_enforcePermission();
+
checkAllCompatOverridesAreOverridable(overrides.overrides.keySet());
mCompatConfig.addPackageOverrides(overrides, packageName, /* skipUnknownChangeIds= */ true);
}
@@ -249,6 +269,8 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public int enableTargetSdkChanges(String packageName, int targetSdkVersion) {
+ super.enableTargetSdkChanges_enforcePermission();
+
int numChanges =
mCompatConfig.enableTargetSdkChangesForPackage(packageName, targetSdkVersion);
killPackage(packageName);
@@ -258,6 +280,8 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public int disableTargetSdkChanges(String packageName, int targetSdkVersion) {
+ super.disableTargetSdkChanges_enforcePermission();
+
int numChanges =
mCompatConfig.disableTargetSdkChangesForPackage(packageName, targetSdkVersion);
killPackage(packageName);
@@ -267,6 +291,8 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public void clearOverrides(String packageName) {
+ super.clearOverrides_enforcePermission();
+
mCompatConfig.removePackageOverrides(packageName);
killPackage(packageName);
}
@@ -274,12 +300,16 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public void clearOverridesForTest(String packageName) {
+ super.clearOverridesForTest_enforcePermission();
+
mCompatConfig.removePackageOverrides(packageName);
}
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public boolean clearOverride(long changeId, String packageName) {
+ super.clearOverride_enforcePermission();
+
boolean existed = mCompatConfig.removeOverride(changeId, packageName);
killPackage(packageName);
return existed;
@@ -288,6 +318,8 @@
@Override
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG)
public boolean clearOverrideForTest(long changeId, String packageName) {
+ super.clearOverrideForTest_enforcePermission();
+
return mCompatConfig.removeOverride(changeId, packageName);
}
@@ -295,6 +327,8 @@
@EnforcePermission(OVERRIDE_COMPAT_CHANGE_CONFIG_ON_RELEASE_BUILD)
public void removeAllOverridesOnReleaseBuilds(
CompatibilityOverridesToRemoveByPackageConfig overridesToRemoveByPackage) {
+ super.removeAllOverridesOnReleaseBuilds_enforcePermission();
+
for (CompatibilityOverridesToRemoveConfig overridesToRemove :
overridesToRemoveByPackage.packageNameToOverridesToRemove.values()) {
checkAllCompatOverridesAreOverridable(overridesToRemove.changeIds);
@@ -307,6 +341,8 @@
public void removeOverridesOnReleaseBuilds(
CompatibilityOverridesToRemoveConfig overridesToRemove,
String packageName) {
+ super.removeOverridesOnReleaseBuilds_enforcePermission();
+
checkAllCompatOverridesAreOverridable(overridesToRemove.changeIds);
mCompatConfig.removePackageOverrides(overridesToRemove, packageName);
}
@@ -314,12 +350,16 @@
@Override
@EnforcePermission(allOf = {LOG_COMPAT_CHANGE, READ_COMPAT_CHANGE_CONFIG})
public CompatibilityChangeConfig getAppConfig(ApplicationInfo appInfo) {
+ super.getAppConfig_enforcePermission();
+
return mCompatConfig.getAppConfig(appInfo);
}
@Override
@EnforcePermission(READ_COMPAT_CHANGE_CONFIG)
public CompatibilityChangeInfo[] listAllChanges() {
+ super.listAllChanges_enforcePermission();
+
return mCompatConfig.dumpChanges();
}
diff --git a/services/core/java/com/android/server/display/color/ColorDisplayService.java b/services/core/java/com/android/server/display/color/ColorDisplayService.java
index 21a8518..5824887 100644
--- a/services/core/java/com/android/server/display/color/ColorDisplayService.java
+++ b/services/core/java/com/android/server/display/color/ColorDisplayService.java
@@ -1682,6 +1682,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean isSaturationActivated() {
+ super.isSaturationActivated_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
return !mGlobalSaturationTintController.isActivatedStateNotSet()
@@ -1694,6 +1696,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setAppSaturationLevel(String packageName, int level) {
+ super.setAppSaturationLevel_enforcePermission();
+
final String callingPackageName = LocalServices.getService(PackageManagerInternal.class)
.getNameForUid(Binder.getCallingUid());
final long token = Binder.clearCallingIdentity();
@@ -1706,6 +1710,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
public int getTransformCapabilities() {
+ super.getTransformCapabilities_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
return getTransformCapabilitiesInternal();
diff --git a/services/core/java/com/android/server/graphics/fonts/FontManagerService.java b/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
index 326d720..2817d1b 100644
--- a/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
+++ b/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
@@ -68,6 +68,8 @@
@RequiresPermission(Manifest.permission.UPDATE_FONTS)
@Override
public FontConfig getFontConfig() {
+ super.getFontConfig_enforcePermission();
+
return getSystemFontConfig();
}
diff --git a/services/core/java/com/android/server/inputmethod/InputMethodManagerService.java b/services/core/java/com/android/server/inputmethod/InputMethodManagerService.java
index 76495b1..b48b7b7 100644
--- a/services/core/java/com/android/server/inputmethod/InputMethodManagerService.java
+++ b/services/core/java/com/android/server/inputmethod/InputMethodManagerService.java
@@ -3898,6 +3898,8 @@
int displayId) {
// Always call subtype picker, because subtype picker is a superset of input method
// picker.
+ super.showInputMethodPickerFromSystem_enforcePermission();
+
mHandler.obtainMessage(MSG_SHOW_IM_SUBTYPE_PICKER, auxiliarySubtypeMode, displayId)
.sendToTarget();
}
@@ -3907,6 +3909,8 @@
*/
@EnforcePermission(Manifest.permission.TEST_INPUT_METHOD)
public boolean isInputMethodPickerShownForTest() {
+ super.isInputMethodPickerShownForTest_enforcePermission();
+
synchronized (ImfLock.class) {
return mMenuController.isisInputMethodPickerShownForTestLocked();
}
@@ -4186,6 +4190,8 @@
@EnforcePermission(Manifest.permission.INTERNAL_SYSTEM_WINDOW)
@Override
public void removeImeSurface() {
+ super.removeImeSurface_enforcePermission();
+
mHandler.obtainMessage(MSG_REMOVE_IME_SURFACE).sendToTarget();
}
@@ -4385,6 +4391,8 @@
@EnforcePermission(Manifest.permission.INJECT_EVENTS)
@Override
public void addVirtualStylusIdForTestSession(IInputMethodClient client) {
+ super.addVirtualStylusIdForTestSession_enforcePermission();
+
int uid = Binder.getCallingUid();
synchronized (ImfLock.class) {
if (!canInteractWithImeLocked(uid, client, "addVirtualStylusIdForTestSession")) {
@@ -4410,6 +4418,8 @@
@Override
public void setStylusWindowIdleTimeoutForTest(
IInputMethodClient client, @DurationMillisLong long timeout) {
+ super.setStylusWindowIdleTimeoutForTest_enforcePermission();
+
int uid = Binder.getCallingUid();
synchronized (ImfLock.class) {
if (!canInteractWithImeLocked(uid, client, "setStylusWindowIdleTimeoutForTest")) {
@@ -4507,6 +4517,8 @@
@EnforcePermission(Manifest.permission.CONTROL_UI_TRACING)
@Override
public void startImeTrace() {
+ super.startImeTrace_enforcePermission();
+
ImeTracing.getInstance().startTrace(null /* printwriter */);
ArrayMap<IBinder, ClientState> clients;
synchronized (ImfLock.class) {
@@ -4523,6 +4535,8 @@
@EnforcePermission(Manifest.permission.CONTROL_UI_TRACING)
@Override
public void stopImeTrace() {
+ super.stopImeTrace_enforcePermission();
+
ImeTracing.getInstance().stopTrace(null /* printwriter */);
ArrayMap<IBinder, ClientState> clients;
synchronized (ImfLock.class) {
diff --git a/services/core/java/com/android/server/location/LocationManagerService.java b/services/core/java/com/android/server/location/LocationManagerService.java
index 9bd48f2..dcec0aa 100644
--- a/services/core/java/com/android/server/location/LocationManagerService.java
+++ b/services/core/java/com/android/server/location/LocationManagerService.java
@@ -950,6 +950,8 @@
@Override
public void injectLocation(Location location) {
+ super.injectLocation_enforcePermission();
+
Preconditions.checkArgument(location.isComplete());
int userId = UserHandle.getCallingUserId();
@@ -1160,6 +1162,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public void setExtraLocationControllerPackage(String packageName) {
+ super.setExtraLocationControllerPackage_enforcePermission();
+
synchronized (mLock) {
mExtraLocationControllerPackage = packageName;
}
@@ -1175,6 +1179,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public void setExtraLocationControllerPackageEnabled(boolean enabled) {
+ super.setExtraLocationControllerPackageEnabled_enforcePermission();
+
synchronized (mLock) {
mExtraLocationControllerPackageEnabled = enabled;
}
@@ -1234,6 +1240,8 @@
@RequiresPermission(android.Manifest.permission.CONTROL_AUTOMOTIVE_GNSS)
public void setAutomotiveGnssSuspended(boolean suspended) {
+ super.setAutomotiveGnssSuspended_enforcePermission();
+
if (!mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) {
throw new IllegalStateException(
"setAutomotiveGnssSuspended only allowed on automotive devices");
@@ -1247,6 +1255,8 @@
@RequiresPermission(android.Manifest.permission.CONTROL_AUTOMOTIVE_GNSS)
public boolean isAutomotiveGnssSuspended() {
+ super.isAutomotiveGnssSuspended_enforcePermission();
+
if (!mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) {
throw new IllegalStateException(
"isAutomotiveGnssSuspended only allowed on automotive devices");
diff --git a/services/core/java/com/android/server/location/contexthub/ContextHubService.java b/services/core/java/com/android/server/location/contexthub/ContextHubService.java
index 51851be..4f63ebc 100644
--- a/services/core/java/com/android/server/location/contexthub/ContextHubService.java
+++ b/services/core/java/com/android/server/location/contexthub/ContextHubService.java
@@ -504,6 +504,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_CONTEXT_HUB)
@Override
public int registerCallback(IContextHubCallback callback) throws RemoteException {
+ super.registerCallback_enforcePermission();
+
mCallbacksList.register(callback);
Log.d(TAG, "Added callback, total callbacks " +
@@ -514,12 +516,16 @@
@android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_CONTEXT_HUB)
@Override
public int[] getContextHubHandles() throws RemoteException {
+ super.getContextHubHandles_enforcePermission();
+
return ContextHubServiceUtil.createPrimitiveIntArray(mContextHubIdToInfoMap.keySet());
}
@android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_CONTEXT_HUB)
@Override
public ContextHubInfo getContextHubInfo(int contextHubHandle) throws RemoteException {
+ super.getContextHubInfo_enforcePermission();
+
if (!mContextHubIdToInfoMap.containsKey(contextHubHandle)) {
Log.e(TAG, "Invalid Context Hub handle " + contextHubHandle + " in getContextHubInfo");
return null;
@@ -536,6 +542,8 @@
*/
@Override
public List<ContextHubInfo> getContextHubs() throws RemoteException {
+ super.getContextHubs_enforcePermission();
+
return mContextHubInfoList;
}
@@ -602,6 +610,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_CONTEXT_HUB)
@Override
public int loadNanoApp(int contextHubHandle, NanoApp nanoApp) throws RemoteException {
+ super.loadNanoApp_enforcePermission();
+
if (mContextHubWrapper == null) {
return -1;
}
@@ -629,6 +639,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_CONTEXT_HUB)
@Override
public int unloadNanoApp(int nanoAppHandle) throws RemoteException {
+ super.unloadNanoApp_enforcePermission();
+
if (mContextHubWrapper == null) {
return -1;
}
@@ -655,6 +667,8 @@
@Override
public NanoAppInstanceInfo getNanoAppInstanceInfo(int nanoAppHandle) throws RemoteException {
+ super.getNanoAppInstanceInfo_enforcePermission();
+
return mNanoAppStateManager.getNanoAppInstanceInfo(nanoAppHandle);
}
@@ -663,6 +677,8 @@
public int[] findNanoAppOnHub(
int contextHubHandle, NanoAppFilter filter) throws RemoteException {
+ super.findNanoAppOnHub_enforcePermission();
+
ArrayList<Integer> foundInstances = new ArrayList<>();
if (filter != null) {
mNanoAppStateManager.foreachNanoAppInstanceInfo((info) -> {
@@ -707,6 +723,8 @@
@Override
public int sendMessage(int contextHubHandle, int nanoAppHandle, ContextHubMessage msg)
throws RemoteException {
+ super.sendMessage_enforcePermission();
+
if (mContextHubWrapper == null) {
return -1;
}
@@ -928,6 +946,8 @@
public IContextHubClient createClient(
int contextHubId, IContextHubClientCallback clientCallback,
@Nullable String attributionTag, String packageName) throws RemoteException {
+ super.createClient_enforcePermission();
+
if (!isValidContextHubId(contextHubId)) {
throw new IllegalArgumentException("Invalid context hub ID " + contextHubId);
}
@@ -956,6 +976,8 @@
public IContextHubClient createPendingIntentClient(
int contextHubId, PendingIntent pendingIntent, long nanoAppId,
@Nullable String attributionTag) throws RemoteException {
+ super.createPendingIntentClient_enforcePermission();
+
if (!isValidContextHubId(contextHubId)) {
throw new IllegalArgumentException("Invalid context hub ID " + contextHubId);
}
@@ -978,6 +1000,8 @@
public void loadNanoAppOnHub(
int contextHubId, IContextHubTransactionCallback transactionCallback,
NanoAppBinary nanoAppBinary) throws RemoteException {
+ super.loadNanoAppOnHub_enforcePermission();
+
if (!checkHalProxyAndContextHubId(
contextHubId, transactionCallback, ContextHubTransaction.TYPE_LOAD_NANOAPP)) {
return;
@@ -1007,6 +1031,8 @@
public void unloadNanoAppFromHub(
int contextHubId, IContextHubTransactionCallback transactionCallback, long nanoAppId)
throws RemoteException {
+ super.unloadNanoAppFromHub_enforcePermission();
+
if (!checkHalProxyAndContextHubId(
contextHubId, transactionCallback, ContextHubTransaction.TYPE_UNLOAD_NANOAPP)) {
return;
@@ -1030,6 +1056,8 @@
public void enableNanoApp(
int contextHubId, IContextHubTransactionCallback transactionCallback, long nanoAppId)
throws RemoteException {
+ super.enableNanoApp_enforcePermission();
+
if (!checkHalProxyAndContextHubId(
contextHubId, transactionCallback, ContextHubTransaction.TYPE_ENABLE_NANOAPP)) {
return;
@@ -1053,6 +1081,8 @@
public void disableNanoApp(
int contextHubId, IContextHubTransactionCallback transactionCallback, long nanoAppId)
throws RemoteException {
+ super.disableNanoApp_enforcePermission();
+
if (!checkHalProxyAndContextHubId(
contextHubId, transactionCallback, ContextHubTransaction.TYPE_DISABLE_NANOAPP)) {
return;
@@ -1074,6 +1104,8 @@
@Override
public void queryNanoApps(int contextHubId, IContextHubTransactionCallback transactionCallback)
throws RemoteException {
+ super.queryNanoApps_enforcePermission();
+
if (!checkHalProxyAndContextHubId(
contextHubId, transactionCallback, ContextHubTransaction.TYPE_QUERY_NANOAPPS)) {
return;
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index eb37ceb..5dcbb16 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -3422,6 +3422,8 @@
@Override
public void setToastRateLimitingEnabled(boolean enable) {
+ super.setToastRateLimitingEnabled_enforcePermission();
+
synchronized (mToastQueue) {
int uid = Binder.getCallingUid();
int userId = UserHandle.getUserId(uid);
diff --git a/services/core/java/com/android/server/oemlock/OemLockService.java b/services/core/java/com/android/server/oemlock/OemLockService.java
index 6735d55..bac8916 100644
--- a/services/core/java/com/android/server/oemlock/OemLockService.java
+++ b/services/core/java/com/android/server/oemlock/OemLockService.java
@@ -120,6 +120,8 @@
@Nullable
@EnforcePermission(MANAGE_CARRIER_OEM_UNLOCK_STATE)
public String getLockName() {
+ super.getLockName_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
return mOemLock.getLockName();
@@ -131,6 +133,8 @@
@Override
@EnforcePermission(MANAGE_CARRIER_OEM_UNLOCK_STATE)
public void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) {
+ super.setOemUnlockAllowedByCarrier_enforcePermission();
+
enforceUserIsAdmin();
final long token = Binder.clearCallingIdentity();
@@ -144,6 +148,8 @@
@Override
@EnforcePermission(MANAGE_CARRIER_OEM_UNLOCK_STATE)
public boolean isOemUnlockAllowedByCarrier() {
+ super.isOemUnlockAllowedByCarrier_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
return mOemLock.isOemUnlockAllowedByCarrier();
@@ -157,6 +163,8 @@
@Override
@EnforcePermission(MANAGE_USER_OEM_UNLOCK_STATE)
public void setOemUnlockAllowedByUser(boolean allowedByUser) {
+ super.setOemUnlockAllowedByUser_enforcePermission();
+
if (ActivityManager.isUserAMonkey()) {
// Prevent a monkey from changing this
return;
@@ -183,6 +191,8 @@
@Override
@EnforcePermission(MANAGE_USER_OEM_UNLOCK_STATE)
public boolean isOemUnlockAllowedByUser() {
+ super.isOemUnlockAllowedByUser_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
return mOemLock.isOemUnlockAllowedByDevice();
@@ -199,6 +209,8 @@
@Override
@EnforcePermission(anyOf = {READ_OEM_UNLOCK_STATE, OEM_UNLOCK_STATE})
public boolean isOemUnlockAllowed() {
+ super.isOemUnlockAllowed_enforcePermission();
+
final long token = Binder.clearCallingIdentity();
try {
boolean allowed = mOemLock.isOemUnlockAllowedByCarrier()
@@ -213,6 +225,8 @@
@Override
@EnforcePermission(anyOf = {READ_OEM_UNLOCK_STATE, OEM_UNLOCK_STATE})
public boolean isDeviceOemUnlocked() {
+ super.isDeviceOemUnlocked_enforcePermission();
+
String locked = SystemProperties.get(FLASH_LOCK_PROP);
switch (locked) {
case FLASH_LOCK_UNLOCKED:
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 3b9f0ba..1fa3b3b 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -406,6 +406,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS)
@Override
public void stopOneTimePermissionSession(String packageName, @UserIdInt int userId) {
+ super.stopOneTimePermissionSession_enforcePermission();
+
Objects.requireNonNull(packageName);
final long token = Binder.clearCallingIdentity();
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index cd0096b..c192057 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -1752,6 +1752,8 @@
@android.annotation.EnforcePermission(android.Manifest.permission.TRUST_LISTENER)
@Override
public boolean isTrustUsuallyManaged(int userId) {
+ super.isTrustUsuallyManaged_enforcePermission();
+
return isTrustUsuallyManagedInternal(userId);
}