Reformat permission Kotlin code in frameworks/base/service
Bug: 304347474
Test: Code format change only. Exisiting tests pass.
Change-Id: Ie2964be263484d5284cda5c563060755f8e31f0b
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index bded26a..015487d 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -25,6 +25,6 @@
hidden_api_txt_exclude_hook = ${REPO_ROOT}/frameworks/base/tools/hiddenapi/exclude.sh ${PREUPLOAD_COMMIT} ${REPO_ROOT}
-ktfmt_hook = ${REPO_ROOT}/external/ktfmt/ktfmt.py --check -i ${REPO_ROOT}/frameworks/base/packages/SystemUI/ktfmt_includes.txt ${PREUPLOAD_FILES}
+ktfmt_hook = ${REPO_ROOT}/external/ktfmt/ktfmt.py --check -i ${REPO_ROOT}/frameworks/base/ktfmt_includes.txt ${PREUPLOAD_FILES}
ktlint_hook = ${REPO_ROOT}/prebuilts/ktlint/ktlint.py --no-verify-format -f ${PREUPLOAD_FILES}
diff --git a/packages/SystemUI/ktfmt_includes.txt b/ktfmt_includes.txt
similarity index 99%
rename from packages/SystemUI/ktfmt_includes.txt
rename to ktfmt_includes.txt
index d3254b7..e4bf4c2 100644
--- a/packages/SystemUI/ktfmt_includes.txt
+++ b/ktfmt_includes.txt
@@ -1,3 +1,4 @@
++services/permission
+packages/SystemUI
-packages/SystemUI/animation/src/com/android/systemui/animation/TextAnimator.kt
-packages/SystemUI/animation/src/com/android/systemui/animation/ViewHierarchyAnimator.kt
diff --git a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
index c1d137f..93530cf 100644
--- a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
@@ -43,8 +43,7 @@
@Keep
class AccessCheckingService(context: Context) : SystemService(context) {
- @Volatile
- private lateinit var state: AccessState
+ @Volatile private lateinit var state: AccessState
private val stateLock = Any()
private val policy = AccessPolicy()
@@ -86,17 +85,22 @@
val state = MutableAccessState()
policy.initialize(
- state, userIds, packageStates, disabledSystemPackageStates, knownPackages, isLeanback,
- configPermissions, privilegedPermissionAllowlistPackages, permissionAllowlist,
+ state,
+ userIds,
+ packageStates,
+ disabledSystemPackageStates,
+ knownPackages,
+ isLeanback,
+ configPermissions,
+ privilegedPermissionAllowlistPackages,
+ permissionAllowlist,
implicitToSourcePermissions
)
persistence.initialize()
persistence.read(state)
this.state = state
- mutateState {
- with(policy) { onInitialized() }
- }
+ mutateState { with(policy) { onInitialized() } }
appOpService.initialize()
permissionService.initialize()
@@ -106,40 +110,40 @@
get() = PackageManager.FEATURE_LEANBACK in availableFeatures
private val SystemConfig.privilegedPermissionAllowlistPackages: IndexedListSet<String>
- get() = MutableIndexedListSet<String>().apply {
- this += "android"
- if (PackageManager.FEATURE_AUTOMOTIVE in availableFeatures) {
- // Note that SystemProperties.get(String, String) forces returning an empty string
- // even if we pass null for the def parameter.
- val carServicePackage = SystemProperties.get("ro.android.car.carservice.package")
- if (carServicePackage.isNotEmpty()) {
- this += carServicePackage
+ get() =
+ MutableIndexedListSet<String>().apply {
+ this += "android"
+ if (PackageManager.FEATURE_AUTOMOTIVE in availableFeatures) {
+ // Note that SystemProperties.get(String, String) forces returning an empty
+ // string
+ // even if we pass null for the def parameter.
+ val carServicePackage =
+ SystemProperties.get("ro.android.car.carservice.package")
+ if (carServicePackage.isNotEmpty()) {
+ this += carServicePackage
+ }
}
}
- }
private val SystemConfig.implicitToSourcePermissions: IndexedMap<String, IndexedListSet<String>>
@Suppress("UNCHECKED_CAST")
- get() = MutableIndexedMap<String, MutableIndexedListSet<String>>().apply {
- splitPermissions.forEach { splitPermissionInfo ->
- val sourcePermissionName = splitPermissionInfo.splitPermission
- splitPermissionInfo.newPermissions.forEach { implicitPermissionName ->
- getOrPut(implicitPermissionName) { MutableIndexedListSet() } +=
- sourcePermissionName
+ get() =
+ MutableIndexedMap<String, MutableIndexedListSet<String>>().apply {
+ splitPermissions.forEach { splitPermissionInfo ->
+ val sourcePermissionName = splitPermissionInfo.splitPermission
+ splitPermissionInfo.newPermissions.forEach { implicitPermissionName ->
+ getOrPut(implicitPermissionName) { MutableIndexedListSet() } +=
+ sourcePermissionName
+ }
}
- }
- } as IndexedMap<String, IndexedListSet<String>>
+ } as IndexedMap<String, IndexedListSet<String>>
internal fun onUserAdded(userId: Int) {
- mutateState {
- with(policy) { onUserAdded(userId) }
- }
+ mutateState { with(policy) { onUserAdded(userId) } }
}
internal fun onUserRemoved(userId: Int) {
- mutateState {
- with(policy) { onUserRemoved(userId) }
- }
+ mutateState { with(policy) { onUserRemoved(userId) } }
}
internal fun onStorageVolumeMounted(
@@ -152,8 +156,12 @@
mutateState {
with(policy) {
onStorageVolumeMounted(
- packageStates, disabledSystemPackageStates, knownPackages, volumeUuid,
- packageNames, isSystemUpdated
+ packageStates,
+ disabledSystemPackageStates,
+ knownPackages,
+ volumeUuid,
+ packageNames,
+ isSystemUpdated
)
}
}
@@ -165,7 +173,10 @@
mutateState {
with(policy) {
onPackageAdded(
- packageStates, disabledSystemPackageStates, knownPackages, packageName
+ packageStates,
+ disabledSystemPackageStates,
+ knownPackages,
+ packageName
)
}
}
@@ -177,7 +188,11 @@
mutateState {
with(policy) {
onPackageRemoved(
- packageStates, disabledSystemPackageStates, knownPackages, packageName, appId
+ packageStates,
+ disabledSystemPackageStates,
+ knownPackages,
+ packageName,
+ appId
)
}
}
@@ -189,7 +204,11 @@
mutateState {
with(policy) {
onPackageInstalled(
- packageStates, disabledSystemPackageStates, knownPackages, packageName, userId
+ packageStates,
+ disabledSystemPackageStates,
+ knownPackages,
+ packageName,
+ userId
)
}
}
@@ -201,7 +220,11 @@
mutateState {
with(policy) {
onPackageUninstalled(
- packageStates, disabledSystemPackageStates, knownPackages, packageName, appId,
+ packageStates,
+ disabledSystemPackageStates,
+ knownPackages,
+ packageName,
+ appId,
userId
)
}
@@ -224,34 +247,42 @@
private fun PackageManagerInternal.getKnownPackages(
packageStates: Map<String, PackageState>
- ): IntMap<Array<String>> = MutableIntMap<Array<String>>().apply {
- this[KnownPackages.PACKAGE_INSTALLER] =
- getKnownPackageNames(KnownPackages.PACKAGE_INSTALLER, UserHandle.USER_SYSTEM)
- this[KnownPackages.PACKAGE_PERMISSION_CONTROLLER] = getKnownPackageNames(
- KnownPackages.PACKAGE_PERMISSION_CONTROLLER, UserHandle.USER_SYSTEM
- )
- this[KnownPackages.PACKAGE_VERIFIER] =
- getKnownPackageNames(KnownPackages.PACKAGE_VERIFIER, UserHandle.USER_SYSTEM)
- this[KnownPackages.PACKAGE_SETUP_WIZARD] =
- getKnownPackageNames(KnownPackages.PACKAGE_SETUP_WIZARD, UserHandle.USER_SYSTEM)
- this[KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER] = getKnownPackageNames(
- KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER, UserHandle.USER_SYSTEM
- )
- this[KnownPackages.PACKAGE_CONFIGURATOR] =
- getKnownPackageNames(KnownPackages.PACKAGE_CONFIGURATOR, UserHandle.USER_SYSTEM)
- this[KnownPackages.PACKAGE_INCIDENT_REPORT_APPROVER] = getKnownPackageNames(
- KnownPackages.PACKAGE_INCIDENT_REPORT_APPROVER, UserHandle.USER_SYSTEM
- )
- this[KnownPackages.PACKAGE_APP_PREDICTOR] =
- getKnownPackageNames(KnownPackages.PACKAGE_APP_PREDICTOR, UserHandle.USER_SYSTEM)
- this[KnownPackages.PACKAGE_COMPANION] =
- getKnownPackageNames(KnownPackages.PACKAGE_COMPANION, UserHandle.USER_SYSTEM)
- this[KnownPackages.PACKAGE_RETAIL_DEMO] =
- getKnownPackageNames(KnownPackages.PACKAGE_RETAIL_DEMO, UserHandle.USER_SYSTEM)
- .filter { isProfileOwner(it, packageStates) }.toTypedArray()
- this[KnownPackages.PACKAGE_RECENTS] =
- getKnownPackageNames(KnownPackages.PACKAGE_RECENTS, UserHandle.USER_SYSTEM)
- }
+ ): IntMap<Array<String>> =
+ MutableIntMap<Array<String>>().apply {
+ this[KnownPackages.PACKAGE_INSTALLER] =
+ getKnownPackageNames(KnownPackages.PACKAGE_INSTALLER, UserHandle.USER_SYSTEM)
+ this[KnownPackages.PACKAGE_PERMISSION_CONTROLLER] =
+ getKnownPackageNames(
+ KnownPackages.PACKAGE_PERMISSION_CONTROLLER,
+ UserHandle.USER_SYSTEM
+ )
+ this[KnownPackages.PACKAGE_VERIFIER] =
+ getKnownPackageNames(KnownPackages.PACKAGE_VERIFIER, UserHandle.USER_SYSTEM)
+ this[KnownPackages.PACKAGE_SETUP_WIZARD] =
+ getKnownPackageNames(KnownPackages.PACKAGE_SETUP_WIZARD, UserHandle.USER_SYSTEM)
+ this[KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER] =
+ getKnownPackageNames(
+ KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER,
+ UserHandle.USER_SYSTEM
+ )
+ this[KnownPackages.PACKAGE_CONFIGURATOR] =
+ getKnownPackageNames(KnownPackages.PACKAGE_CONFIGURATOR, UserHandle.USER_SYSTEM)
+ this[KnownPackages.PACKAGE_INCIDENT_REPORT_APPROVER] =
+ getKnownPackageNames(
+ KnownPackages.PACKAGE_INCIDENT_REPORT_APPROVER,
+ UserHandle.USER_SYSTEM
+ )
+ this[KnownPackages.PACKAGE_APP_PREDICTOR] =
+ getKnownPackageNames(KnownPackages.PACKAGE_APP_PREDICTOR, UserHandle.USER_SYSTEM)
+ this[KnownPackages.PACKAGE_COMPANION] =
+ getKnownPackageNames(KnownPackages.PACKAGE_COMPANION, UserHandle.USER_SYSTEM)
+ this[KnownPackages.PACKAGE_RETAIL_DEMO] =
+ getKnownPackageNames(KnownPackages.PACKAGE_RETAIL_DEMO, UserHandle.USER_SYSTEM)
+ .filter { isProfileOwner(it, packageStates) }
+ .toTypedArray()
+ this[KnownPackages.PACKAGE_RECENTS] =
+ getKnownPackageNames(KnownPackages.PACKAGE_RECENTS, UserHandle.USER_SYSTEM)
+ }
private fun isProfileOwner(
packageName: String,
diff --git a/services/permission/java/com/android/server/permission/access/AccessPersistence.kt b/services/permission/java/com/android/server/permission/access/AccessPersistence.kt
index a3f65af..d0913d2 100644
--- a/services/permission/java/com/android/server/permission/access/AccessPersistence.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessPersistence.kt
@@ -38,16 +38,11 @@
import java.io.File
import java.io.FileNotFoundException
-class AccessPersistence(
- private val policy: AccessPolicy
-) {
+class AccessPersistence(private val policy: AccessPolicy) {
private val scheduleLock = Any()
- @GuardedBy("scheduleLock")
- private val pendingMutationTimesMillis = SparseLongArray()
- @GuardedBy("scheduleLock")
- private val pendingStates = MutableIntMap<AccessState>()
- @GuardedBy("scheduleLock")
- private lateinit var writeHandler: WriteHandler
+ @GuardedBy("scheduleLock") private val pendingMutationTimesMillis = SparseLongArray()
+ @GuardedBy("scheduleLock") private val pendingStates = MutableIntMap<AccessState>()
+ @GuardedBy("scheduleLock") private lateinit var writeHandler: WriteHandler
private val writeLock = Any()
@@ -60,17 +55,16 @@
*/
fun read(state: MutableAccessState) {
readSystemState(state)
- state.externalState.userIds.forEachIndexed { _, userId ->
- readUserState(state, userId)
- }
+ state.externalState.userIds.forEachIndexed { _, userId -> readUserState(state, userId) }
}
private fun readSystemState(state: MutableAccessState) {
- val fileExists = systemFile.parse {
- // This is the canonical way to call an extension function in a different class.
- // TODO(b/259469752): Use context receiver for this when it becomes stable.
- with(policy) { parseSystemState(state) }
- }
+ val fileExists =
+ systemFile.parse {
+ // This is the canonical way to call an extension function in a different class.
+ // TODO(b/259469752): Use context receiver for this when it becomes stable.
+ with(policy) { parseSystemState(state) }
+ }
if (!fileExists) {
policy.migrateSystemState(state)
@@ -79,9 +73,8 @@
}
private fun readUserState(state: MutableAccessState, userId: Int) {
- val fileExists = getUserFile(userId).parse {
- with(policy) { parseUserState(state, userId) }
- }
+ val fileExists =
+ getUserFile(userId).parse { with(policy) { parseUserState(state, userId) } }
if (!fileExists) {
policy.migrateUserState(state, userId)
@@ -90,8 +83,8 @@
}
/**
- * @return {@code true} if the file is successfully read from the disk; {@code false} if
- * the file doesn't exist yet.
+ * @return {@code true} if the file is successfully read from the disk; {@code false} if the
+ * file doesn't exist yet.
*/
private inline fun File.parse(block: BinaryXmlPullParser.() -> Unit): Boolean =
try {
@@ -106,9 +99,7 @@
fun write(state: AccessState) {
state.systemState.write(state, UserHandle.USER_ALL)
- state.userStates.forEachIndexed { _, userId, userState ->
- userState.write(state, userId)
- }
+ state.userStates.forEachIndexed { _, userId, userState -> userState.write(state, userId) }
}
private fun WritableState.write(state: AccessState, userId: Int) {
@@ -127,8 +118,10 @@
if (currentDelayMillis > MAX_WRITE_DELAY_MILLIS) {
message.sendToTarget()
} else {
- val newDelayMillis = WRITE_DELAY_TIME_MILLIS
- .coerceAtMost(MAX_WRITE_DELAY_MILLIS - currentDelayMillis)
+ val newDelayMillis =
+ WRITE_DELAY_TIME_MILLIS.coerceAtMost(
+ MAX_WRITE_DELAY_MILLIS - currentDelayMillis
+ )
writeHandler.sendMessageDelayed(message, newDelayMillis)
}
}
@@ -161,15 +154,11 @@
}
private fun writeSystemState(state: AccessState) {
- systemFile.serialize {
- with(policy) { serializeSystemState(state) }
- }
+ systemFile.serialize { with(policy) { serializeSystemState(state) } }
}
private fun writeUserState(state: AccessState, userId: Int) {
- getUserFile(userId).serialize {
- with(policy) { serializeUserState(state, userId) }
- }
+ getUserFile(userId).serialize { with(policy) { serializeUserState(state, userId) } }
}
private inline fun File.serialize(block: BinaryXmlSerializer.() -> Unit) {
diff --git a/services/permission/java/com/android/server/permission/access/AccessPolicy.kt b/services/permission/java/com/android/server/permission/access/AccessPolicy.kt
index 6a349e2..754f77ec 100644
--- a/services/permission/java/com/android/server/permission/access/AccessPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessPolicy.kt
@@ -37,21 +37,24 @@
import com.android.server.pm.permission.PermissionAllowlist
import com.android.server.pm.pkg.PackageState
-class AccessPolicy private constructor(
+class AccessPolicy
+private constructor(
private val schemePolicies: IndexedMap<String, IndexedMap<String, SchemePolicy>>
) {
@Suppress("UNCHECKED_CAST")
- constructor() : this(
- MutableIndexedMap<String, MutableIndexedMap<String, SchemePolicy>>().apply {
- fun addPolicy(policy: SchemePolicy) {
- getOrPut(policy.subjectScheme) { MutableIndexedMap() }[policy.objectScheme] = policy
- }
- addPolicy(AppIdPermissionPolicy())
- addPolicy(DevicePermissionPolicy())
- addPolicy(AppIdAppOpPolicy())
- addPolicy(PackageAppOpPolicy())
- } as IndexedMap<String, IndexedMap<String, SchemePolicy>>
- )
+ constructor() :
+ this(
+ MutableIndexedMap<String, MutableIndexedMap<String, SchemePolicy>>().apply {
+ fun addPolicy(policy: SchemePolicy) {
+ getOrPut(policy.subjectScheme) { MutableIndexedMap() }[policy.objectScheme] =
+ policy
+ }
+ addPolicy(AppIdPermissionPolicy())
+ addPolicy(DevicePermissionPolicy())
+ addPolicy(AppIdAppOpPolicy())
+ addPolicy(PackageAppOpPolicy())
+ } as IndexedMap<String, IndexedMap<String, SchemePolicy>>
+ )
fun getSchemePolicy(subjectScheme: String, objectScheme: String): SchemePolicy =
checkNotNull(schemePolicies[subjectScheme]?.get(objectScheme)) {
@@ -92,23 +95,17 @@
}
fun GetStateScope.onStateMutated() {
- forEachSchemePolicy {
- with(it) { onStateMutated() }
- }
+ forEachSchemePolicy { with(it) { onStateMutated() } }
}
fun MutateStateScope.onInitialized() {
- forEachSchemePolicy {
- with(it) { onInitialized() }
- }
+ forEachSchemePolicy { with(it) { onInitialized() } }
}
fun MutateStateScope.onUserAdded(userId: Int) {
newState.mutateExternalState().mutateUserIds() += userId
newState.mutateUserStatesNoWrite()[userId] = MutableUserState()
- forEachSchemePolicy {
- with(it) { onUserAdded(userId) }
- }
+ forEachSchemePolicy { with(it) { onUserAdded(userId) } }
newState.externalState.packageStates.forEach { (_, packageState) ->
upgradePackageVersion(packageState, userId)
}
@@ -117,9 +114,7 @@
fun MutateStateScope.onUserRemoved(userId: Int) {
newState.mutateExternalState().mutateUserIds() -= userId
newState.mutateUserStatesNoWrite() -= userId
- forEachSchemePolicy {
- with(it) { onUserRemoved(userId) }
- }
+ forEachSchemePolicy { with(it) { onUserRemoved(userId) } }
}
fun MutateStateScope.onStorageVolumeMounted(
@@ -154,9 +149,7 @@
setKnownPackages(knownPackages)
}
addedAppIds.forEachIndexed { _, appId ->
- forEachSchemePolicy {
- with(it) { onAppIdAdded(appId) }
- }
+ forEachSchemePolicy { with(it) { onAppIdAdded(appId) } }
}
forEachSchemePolicy {
with(it) { onStorageVolumeMounted(volumeUuid, packageNames, isSystemUpdated) }
@@ -192,13 +185,9 @@
setKnownPackages(knownPackages)
}
if (isAppIdAdded) {
- forEachSchemePolicy {
- with(it) { onAppIdAdded(appId) }
- }
+ forEachSchemePolicy { with(it) { onAppIdAdded(appId) } }
}
- forEachSchemePolicy {
- with(it) { onPackageAdded(packageState) }
- }
+ forEachSchemePolicy { with(it) { onPackageAdded(packageState) } }
newState.userStates.forEachIndexed { _, userId, _ ->
upgradePackageVersion(packageState, userId)
}
@@ -227,13 +216,9 @@
}
setKnownPackages(knownPackages)
}
- forEachSchemePolicy {
- with(it) { onPackageRemoved(packageName, appId) }
- }
+ forEachSchemePolicy { with(it) { onPackageRemoved(packageName, appId) } }
if (isAppIdRemoved) {
- forEachSchemePolicy {
- with(it) { onAppIdRemoved(appId) }
- }
+ forEachSchemePolicy { with(it) { onAppIdRemoved(appId) } }
}
newState.userStates.forEachIndexed { userStateIndex, _, userState ->
if (packageName in userState.packageVersions) {
@@ -258,9 +243,7 @@
checkNotNull(packageState) {
"Installed package $packageName isn't found in packageStates in onPackageInstalled()"
}
- forEachSchemePolicy {
- with(it) { onPackageInstalled(packageState, userId) }
- }
+ forEachSchemePolicy { with(it) { onPackageInstalled(packageState, userId) } }
}
fun MutateStateScope.onPackageUninstalled(
@@ -276,9 +259,7 @@
setDisabledSystemPackageStates(disabledSystemPackageStates)
setKnownPackages(knownPackages)
}
- forEachSchemePolicy {
- with(it) { onPackageUninstalled(packageName, appId, userId) }
- }
+ forEachSchemePolicy { with(it) { onPackageUninstalled(packageName, appId, userId) } }
}
fun MutateStateScope.onSystemReady(
@@ -292,21 +273,15 @@
setKnownPackages(knownPackages)
setSystemReady(true)
}
- forEachSchemePolicy {
- with(it) { onSystemReady() }
- }
+ forEachSchemePolicy { with(it) { onSystemReady() } }
}
fun migrateSystemState(state: MutableAccessState) {
- forEachSchemePolicy {
- with(it) { migrateSystemState(state) }
- }
+ forEachSchemePolicy { with(it) { migrateSystemState(state) } }
}
fun migrateUserState(state: MutableAccessState, userId: Int) {
- forEachSchemePolicy {
- with(it) { migrateUserState(state, userId) }
- }
+ forEachSchemePolicy { with(it) { migrateUserState(state, userId) } }
}
private fun MutateStateScope.upgradePackageVersion(packageState: PackageState, userId: Int) {
@@ -330,10 +305,12 @@
VERSION_LATEST
}
version == VERSION_LATEST -> {}
- else -> Slog.w(
- LOG_TAG, "Unexpected version $version for package $packageName," +
- "latest version is $VERSION_LATEST"
- )
+ else ->
+ Slog.w(
+ LOG_TAG,
+ "Unexpected version $version for package $packageName," +
+ "latest version is $VERSION_LATEST"
+ )
}
}
@@ -341,11 +318,7 @@
forEachTag {
when (tagName) {
TAG_ACCESS -> {
- forEachTag {
- forEachSchemePolicy {
- with(it) { parseSystemState(state) }
- }
- }
+ forEachTag { forEachSchemePolicy { with(it) { parseSystemState(state) } } }
}
else -> Slog.w(LOG_TAG, "Ignoring unknown tag $tagName when parsing system state")
}
@@ -353,11 +326,7 @@
}
fun BinaryXmlSerializer.serializeSystemState(state: AccessState) {
- tag(TAG_ACCESS) {
- forEachSchemePolicy {
- with(it) { serializeSystemState(state) }
- }
- }
+ tag(TAG_ACCESS) { forEachSchemePolicy { with(it) { serializeSystemState(state) } } }
}
fun BinaryXmlPullParser.parseUserState(state: MutableAccessState, userId: Int) {
@@ -370,9 +339,7 @@
TAG_DEFAULT_PERMISSION_GRANT ->
parseDefaultPermissionGrant(state, userId)
else -> {
- forEachSchemePolicy {
- with(it) { parseUserState(state, userId) }
- }
+ forEachSchemePolicy { with(it) { parseUserState(state, userId) } }
}
}
}
@@ -428,9 +395,7 @@
serializeDefaultPermissionGrantFingerprint(
state.userStates[userId]!!.defaultPermissionGrantFingerprint
)
- forEachSchemePolicy {
- with(it) { serializeUserState(state, userId) }
- }
+ forEachSchemePolicy { with(it) { serializeUserState(state, userId) } }
}
}
@@ -451,9 +416,7 @@
fingerprint: String?
) {
if (fingerprint != null) {
- tag(TAG_DEFAULT_PERMISSION_GRANT) {
- attributeInterned(ATTR_FINGERPRINT, fingerprint)
- }
+ tag(TAG_DEFAULT_PERMISSION_GRANT) { attributeInterned(ATTR_FINGERPRINT, fingerprint) }
}
}
@@ -462,9 +425,7 @@
private inline fun forEachSchemePolicy(action: (SchemePolicy) -> Unit) {
schemePolicies.forEachIndexed { _, _, objectSchemePolicies ->
- objectSchemePolicies.forEachIndexed { _, _, schemePolicy ->
- action(schemePolicy)
- }
+ objectSchemePolicies.forEachIndexed { _, _, schemePolicy -> action(schemePolicy) }
}
}
diff --git a/services/permission/java/com/android/server/permission/access/AccessState.kt b/services/permission/java/com/android/server/permission/access/AccessState.kt
index 94c878a..49d2f81 100644
--- a/services/permission/java/com/android/server/permission/access/AccessState.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessState.kt
@@ -28,7 +28,9 @@
private typealias SystemStateReference = MutableReference<SystemState, MutableSystemState>
typealias UserStates = IntReferenceMap<UserState, MutableUserState>
+
typealias MutableUserStates = MutableIntReferenceMap<UserState, MutableUserState>
+
private typealias UserStatesReference = MutableReference<UserStates, MutableUserStates>
sealed class AccessState(
@@ -48,22 +50,22 @@
override fun toMutable(): MutableAccessState = MutableAccessState(this)
}
-class MutableAccessState private constructor(
+class MutableAccessState
+private constructor(
externalStateReference: ExternalStateReference,
systemStateReference: SystemStateReference,
userStatesReference: UserStatesReference
-) : AccessState(
- externalStateReference,
- systemStateReference,
- userStatesReference
-) {
- constructor() : this(
- ExternalStateReference(MutableExternalState()),
- SystemStateReference(MutableSystemState()),
- UserStatesReference(MutableUserStates())
- )
+) : AccessState(externalStateReference, systemStateReference, userStatesReference) {
+ constructor() :
+ this(
+ ExternalStateReference(MutableExternalState()),
+ SystemStateReference(MutableSystemState()),
+ UserStatesReference(MutableUserStates())
+ )
- internal constructor(accessState: AccessState) : this(
+ internal constructor(
+ accessState: AccessState
+ ) : this(
accessState.externalStateReference.toImmutable(),
accessState.systemStateReference.toImmutable(),
accessState.userStatesReference.toImmutable()
@@ -86,8 +88,10 @@
private typealias UserIdsReference = MutableReference<IntSet, MutableIntSet>
typealias AppIdPackageNames = IntReferenceMap<IndexedListSet<String>, MutableIndexedListSet<String>>
+
typealias MutableAppIdPackageNames =
MutableIntReferenceMap<IndexedListSet<String>, MutableIndexedListSet<String>>
+
private typealias AppIdPackageNamesReference =
MutableReference<AppIdPackageNames, MutableAppIdPackageNames>
@@ -142,7 +146,8 @@
override fun toMutable(): MutableExternalState = MutableExternalState(this)
}
-class MutableExternalState private constructor(
+class MutableExternalState
+private constructor(
userIdsReference: UserIdsReference,
packageStates: Map<String, PackageState>,
disabledSystemPackageStates: Map<String, PackageState>,
@@ -154,34 +159,38 @@
permissionAllowlist: PermissionAllowlist,
implicitToSourcePermissions: IndexedMap<String, IndexedListSet<String>>,
isSystemReady: Boolean
-) : ExternalState(
- userIdsReference,
- packageStates,
- disabledSystemPackageStates,
- appIdPackageNamesReference,
- knownPackages,
- isLeanback,
- configPermissions,
- privilegedPermissionAllowlistPackages,
- permissionAllowlist,
- implicitToSourcePermissions,
- isSystemReady
-) {
- constructor() : this(
- UserIdsReference(MutableIntSet()),
- emptyMap(),
- emptyMap(),
- AppIdPackageNamesReference(MutableAppIdPackageNames()),
- MutableIntMap(),
- false,
- emptyMap(),
- MutableIndexedListSet(),
- PermissionAllowlist(),
- MutableIndexedMap(),
- false
- )
+) :
+ ExternalState(
+ userIdsReference,
+ packageStates,
+ disabledSystemPackageStates,
+ appIdPackageNamesReference,
+ knownPackages,
+ isLeanback,
+ configPermissions,
+ privilegedPermissionAllowlistPackages,
+ permissionAllowlist,
+ implicitToSourcePermissions,
+ isSystemReady
+ ) {
+ constructor() :
+ this(
+ UserIdsReference(MutableIntSet()),
+ emptyMap(),
+ emptyMap(),
+ AppIdPackageNamesReference(MutableAppIdPackageNames()),
+ MutableIntMap(),
+ false,
+ emptyMap(),
+ MutableIndexedListSet(),
+ PermissionAllowlist(),
+ MutableIndexedMap(),
+ false
+ )
- internal constructor(externalState: ExternalState) : this(
+ internal constructor(
+ externalState: ExternalState
+ ) : this(
externalState.userIdsReference.toImmutable(),
externalState.packageStates,
externalState.disabledSystemPackageStates,
@@ -249,9 +258,10 @@
}
}
-private typealias PermissionGroupsReference = MutableReference<
- IndexedMap<String, PermissionGroupInfo>, MutableIndexedMap<String, PermissionGroupInfo>
->
+private typealias PermissionGroupsReference =
+ MutableReference<
+ IndexedMap<String, PermissionGroupInfo>, MutableIndexedMap<String, PermissionGroupInfo>
+ >
private typealias PermissionTreesReference =
MutableReference<IndexedMap<String, Permission>, MutableIndexedMap<String, Permission>>
@@ -280,25 +290,31 @@
override fun toMutable(): MutableSystemState = MutableSystemState(this)
}
-class MutableSystemState private constructor(
+class MutableSystemState
+private constructor(
permissionGroupsReference: PermissionGroupsReference,
permissionTreesReference: PermissionTreesReference,
permissionsReference: PermissionsReference,
writeMode: Int
-) : SystemState(
- permissionGroupsReference,
- permissionTreesReference,
- permissionsReference,
- writeMode
-), MutableWritableState {
- constructor() : this(
- PermissionGroupsReference(MutableIndexedMap()),
- PermissionTreesReference(MutableIndexedMap()),
- PermissionsReference(MutableIndexedMap()),
- WriteMode.NONE
- )
+) :
+ SystemState(
+ permissionGroupsReference,
+ permissionTreesReference,
+ permissionsReference,
+ writeMode
+ ),
+ MutableWritableState {
+ constructor() :
+ this(
+ PermissionGroupsReference(MutableIndexedMap()),
+ PermissionTreesReference(MutableIndexedMap()),
+ PermissionsReference(MutableIndexedMap()),
+ WriteMode.NONE
+ )
- internal constructor(systemState: SystemState) : this(
+ internal constructor(
+ systemState: SystemState
+ ) : this(
systemState.permissionGroupsReference.toImmutable(),
systemState.permissionTreesReference.toImmutable(),
systemState.permissionsReference.toImmutable(),
@@ -311,8 +327,7 @@
fun mutatePermissionTrees(): MutableIndexedMap<String, Permission> =
permissionTreesReference.mutate()
- fun mutatePermissions(): MutableIndexedMap<String, Permission> =
- permissionsReference.mutate()
+ fun mutatePermissions(): MutableIndexedMap<String, Permission> = permissionsReference.mutate()
override fun requestWriteMode(writeMode: Int) {
this.writeMode = maxOf(this.writeMode, writeMode)
@@ -324,34 +339,42 @@
typealias AppIdPermissionFlags =
IntReferenceMap<IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
typealias MutableAppIdPermissionFlags =
MutableIntReferenceMap<IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
private typealias AppIdPermissionFlagsReference =
MutableReference<AppIdPermissionFlags, MutableAppIdPermissionFlags>
-
typealias DevicePermissionFlags =
IndexedReferenceMap<String, IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
typealias MutableDevicePermissionFlags =
MutableIndexedReferenceMap<String, IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
typealias AppIdDevicePermissionFlags =
IntReferenceMap<DevicePermissionFlags, MutableDevicePermissionFlags>
+
typealias MutableAppIdDevicePermissionFlags =
MutableIntReferenceMap<DevicePermissionFlags, MutableDevicePermissionFlags>
+
private typealias AppIdDevicePermissionFlagsReference =
MutableReference<AppIdDevicePermissionFlags, MutableAppIdDevicePermissionFlags>
-typealias AppIdAppOpModes =
- IntReferenceMap<IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+typealias AppIdAppOpModes = IntReferenceMap<IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
typealias MutableAppIdAppOpModes =
MutableIntReferenceMap<IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
private typealias AppIdAppOpModesReference =
MutableReference<AppIdAppOpModes, MutableAppIdAppOpModes>
typealias PackageAppOpModes =
IndexedReferenceMap<String, IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
typealias MutablePackageAppOpModes =
MutableIndexedReferenceMap<String, IndexedMap<String, Int>, MutableIndexedMap<String, Int>>
+
private typealias PackageAppOpModesReference =
MutableReference<PackageAppOpModes, MutablePackageAppOpModes>
@@ -388,7 +411,8 @@
override fun toMutable(): MutableUserState = MutableUserState(this)
}
-class MutableUserState private constructor(
+class MutableUserState
+private constructor(
packageVersionsReference: PackageVersionsReference,
appIdPermissionFlagsReference: AppIdPermissionFlagsReference,
appIdDevicePermissionFlagsReference: AppIdDevicePermissionFlagsReference,
@@ -396,26 +420,31 @@
packageAppOpModesReference: PackageAppOpModesReference,
defaultPermissionGrantFingerprint: String?,
writeMode: Int
-) : UserState(
- packageVersionsReference,
- appIdPermissionFlagsReference,
- appIdDevicePermissionFlagsReference,
- appIdAppOpModesReference,
- packageAppOpModesReference,
- defaultPermissionGrantFingerprint,
- writeMode
-), MutableWritableState {
- constructor() : this(
- PackageVersionsReference(MutableIndexedMap<String, Int>()),
- AppIdPermissionFlagsReference(MutableAppIdPermissionFlags()),
- AppIdDevicePermissionFlagsReference(MutableAppIdDevicePermissionFlags()),
- AppIdAppOpModesReference(MutableAppIdAppOpModes()),
- PackageAppOpModesReference(MutablePackageAppOpModes()),
- null,
- WriteMode.NONE
- )
+) :
+ UserState(
+ packageVersionsReference,
+ appIdPermissionFlagsReference,
+ appIdDevicePermissionFlagsReference,
+ appIdAppOpModesReference,
+ packageAppOpModesReference,
+ defaultPermissionGrantFingerprint,
+ writeMode
+ ),
+ MutableWritableState {
+ constructor() :
+ this(
+ PackageVersionsReference(MutableIndexedMap<String, Int>()),
+ AppIdPermissionFlagsReference(MutableAppIdPermissionFlags()),
+ AppIdDevicePermissionFlagsReference(MutableAppIdDevicePermissionFlags()),
+ AppIdAppOpModesReference(MutableAppIdAppOpModes()),
+ PackageAppOpModesReference(MutablePackageAppOpModes()),
+ null,
+ WriteMode.NONE
+ )
- internal constructor(userState: UserState) : this(
+ internal constructor(
+ userState: UserState
+ ) : this(
userState.packageVersionsReference.toImmutable(),
userState.appIdPermissionFlagsReference.toImmutable(),
userState.appIdDevicePermissionFlagsReference.toImmutable(),
@@ -461,11 +490,7 @@
fun requestWriteMode(writeMode: Int)
}
-open class GetStateScope(
- val state: AccessState
-)
+open class GetStateScope(val state: AccessState)
-class MutateStateScope(
- val oldState: AccessState,
- val newState: MutableAccessState
-) : GetStateScope(newState)
+class MutateStateScope(val oldState: AccessState, val newState: MutableAccessState) :
+ GetStateScope(newState)
diff --git a/services/permission/java/com/android/server/permission/access/AccessUri.kt b/services/permission/java/com/android/server/permission/access/AccessUri.kt
index 1d46ca7..1f5a4df 100644
--- a/services/permission/java/com/android/server/permission/access/AccessUri.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessUri.kt
@@ -18,9 +18,7 @@
import android.os.UserHandle
-sealed class AccessUri(
- val scheme: String
-) {
+sealed class AccessUri(val scheme: String) {
override fun equals(other: Any?): Boolean {
throw NotImplementedError()
}
@@ -34,9 +32,7 @@
}
}
-data class AppOpUri(
- val appOpName: String
-) : AccessUri(SCHEME) {
+data class AppOpUri(val appOpName: String) : AccessUri(SCHEME) {
override fun toString(): String = "$scheme:///$appOpName"
companion object {
@@ -44,10 +40,7 @@
}
}
-data class PackageUri(
- val packageName: String,
- val userId: Int
-) : AccessUri(SCHEME) {
+data class PackageUri(val packageName: String, val userId: Int) : AccessUri(SCHEME) {
override fun toString(): String = "$scheme:///$packageName/$userId"
companion object {
@@ -55,9 +48,7 @@
}
}
-data class PermissionUri(
- val permissionName: String
-) : AccessUri(SCHEME) {
+data class PermissionUri(val permissionName: String) : AccessUri(SCHEME) {
override fun toString(): String = "$scheme:///$permissionName"
companion object {
@@ -65,10 +56,7 @@
}
}
-data class DevicePermissionUri(
- val permissionName: String,
- val deviceId: Int
-) : AccessUri(SCHEME) {
+data class DevicePermissionUri(val permissionName: String, val deviceId: Int) : AccessUri(SCHEME) {
override fun toString(): String = "$scheme:///$permissionName/$deviceId"
companion object {
@@ -76,9 +64,7 @@
}
}
-data class UidUri(
- val uid: Int
-) : AccessUri(SCHEME) {
+data class UidUri(val uid: Int) : AccessUri(SCHEME) {
val userId: Int
get() = UserHandle.getUserId(uid)
diff --git a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpMigration.kt b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpMigration.kt
index 96d315e..6c1b080 100644
--- a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpMigration.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpMigration.kt
@@ -46,9 +46,7 @@
val appOpModes = MutableIndexedMap<String, Int>()
appIdAppOpModes[appId] = appOpModes
- legacyAppOpModes.forEach { (appOpName, appOpMode) ->
- appOpModes[appOpName] = appOpMode
- }
+ legacyAppOpModes.forEach { (appOpName, appOpMode) -> appOpModes[appOpName] = appOpMode }
if (packageNames != null) {
val packageVersions = userState.mutatePackageVersions()
diff --git a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPersistence.kt b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPersistence.kt
index 4c7e946..f291b1a 100644
--- a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPersistence.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPersistence.kt
@@ -51,8 +51,10 @@
}
userState.appIdAppOpModes.forEachReversedIndexed { appIdIndex, appId, _ ->
// Non-application UIDs may not have an Android package but may still have app op state.
- if (appId !in state.externalState.appIdPackageNames &&
- appId >= Process.FIRST_APPLICATION_UID) {
+ if (
+ appId !in state.externalState.appIdPackageNames &&
+ appId >= Process.FIRST_APPLICATION_UID
+ ) {
Slog.w(LOG_TAG, "Dropping unknown app ID $appId when parsing app-op state")
appIdAppOpModes.removeAt(appIdIndex)
userState.requestWriteMode(WriteMode.ASYNCHRONOUS)
diff --git a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPolicy.kt b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPolicy.kt
index c02fe4d..94caf28 100644
--- a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpPolicy.kt
@@ -46,7 +46,9 @@
newState.userStates.forEachIndexed { userStateIndex, _, userState ->
val appIdIndex = userState.appIdAppOpModes.indexOfKey(appId)
if (appIdIndex >= 0) {
- newState.mutateUserStateAt(userStateIndex).mutateAppIdAppOpModes()
+ newState
+ .mutateUserStateAt(userStateIndex)
+ .mutateAppIdAppOpModes()
.removeAt(appIdIndex)
// Skip notifying the change listeners since the app ID no longer exists.
}
@@ -61,8 +63,8 @@
if (userStateIndex < 0) {
return false
}
- val appIdIndex = newState.userStates.valueAt(userStateIndex).appIdAppOpModes
- .indexOfKey(appId)
+ val appIdIndex =
+ newState.userStates.valueAt(userStateIndex).appIdAppOpModes.indexOfKey(appId)
if (appIdIndex < 0) {
return false
}
@@ -71,7 +73,9 @@
}
fun GetStateScope.getAppOpMode(appId: Int, userId: Int, appOpName: String): Int =
- state.userStates[userId]?.appIdAppOpModes?.get(appId)
+ state.userStates[userId]
+ ?.appIdAppOpModes
+ ?.get(appId)
.getWithDefault(appOpName, AppOpsManager.opToDefaultMode(appOpName))
fun MutateStateScope.setAppOpMode(
@@ -81,8 +85,10 @@
mode: Int
): Boolean {
val defaultMode = AppOpsManager.opToDefaultMode(appOpName)
- val oldMode = newState.userStates[userId]!!.appIdAppOpModes[appId]
- .getWithDefault(appOpName, defaultMode)
+ val oldMode =
+ newState.userStates[userId]!!
+ .appIdAppOpModes[appId]
+ .getWithDefault(appOpName, defaultMode)
if (oldMode == mode) {
return false
}
@@ -122,9 +128,7 @@
with(upgrade) { upgradePackageState(packageState, userId, version) }
}
- /**
- * Listener for app op mode changes.
- */
+ /** Listener for app op mode changes. */
abstract class OnAppOpModeChangedListener {
/**
* Called when an app op mode change has been made to the upcoming new state.
diff --git a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpUpgrade.kt b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpUpgrade.kt
index 12df95e..10c7764 100644
--- a/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpUpgrade.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/AppIdAppOpUpgrade.kt
@@ -28,11 +28,13 @@
) {
if (version <= 2) {
with(policy) {
- val appOpMode = getAppOpMode(
- packageState.appId, userId, AppOpsManager.OPSTR_RUN_IN_BACKGROUND
- )
+ val appOpMode =
+ getAppOpMode(packageState.appId, userId, AppOpsManager.OPSTR_RUN_IN_BACKGROUND)
setAppOpMode(
- packageState.appId, userId, AppOpsManager.OPSTR_RUN_ANY_IN_BACKGROUND, appOpMode
+ packageState.appId,
+ userId,
+ AppOpsManager.OPSTR_RUN_ANY_IN_BACKGROUND,
+ appOpMode
)
}
}
@@ -40,14 +42,19 @@
val permissionName = AppOpsManager.opToPermission(AppOpsManager.OP_SCHEDULE_EXACT_ALARM)
if (permissionName in packageState.androidPackage!!.requestedPermissions) {
with(policy) {
- val appOpMode = getAppOpMode(
- packageState.appId, userId, AppOpsManager.OPSTR_SCHEDULE_EXACT_ALARM
- )
+ val appOpMode =
+ getAppOpMode(
+ packageState.appId,
+ userId,
+ AppOpsManager.OPSTR_SCHEDULE_EXACT_ALARM
+ )
val defaultAppOpMode =
AppOpsManager.opToDefaultMode(AppOpsManager.OP_SCHEDULE_EXACT_ALARM)
if (appOpMode == defaultAppOpMode) {
setAppOpMode(
- packageState.appId, userId, AppOpsManager.OPSTR_SCHEDULE_EXACT_ALARM,
+ packageState.appId,
+ userId,
+ AppOpsManager.OPSTR_SCHEDULE_EXACT_ALARM,
AppOpsManager.MODE_ALLOWED
)
}
diff --git a/services/permission/java/com/android/server/permission/access/appop/AppOpService.kt b/services/permission/java/com/android/server/permission/access/appop/AppOpService.kt
index 5b91ad9..26ea9d2 100644
--- a/services/permission/java/com/android/server/permission/access/appop/AppOpService.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/AppOpService.kt
@@ -33,19 +33,16 @@
import com.android.server.permission.access.collection.forEachIndexed
import com.android.server.permission.access.collection.set
-class AppOpService(
- private val service: AccessCheckingService
-) : AppOpsCheckingServiceInterface {
- private val packagePolicy = service.getSchemePolicy(PackageUri.SCHEME, AppOpUri.SCHEME)
- as PackageAppOpPolicy
- private val appIdPolicy = service.getSchemePolicy(UidUri.SCHEME, AppOpUri.SCHEME)
- as AppIdAppOpPolicy
+class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingServiceInterface {
+ private val packagePolicy =
+ service.getSchemePolicy(PackageUri.SCHEME, AppOpUri.SCHEME) as PackageAppOpPolicy
+ private val appIdPolicy =
+ service.getSchemePolicy(UidUri.SCHEME, AppOpUri.SCHEME) as AppIdAppOpPolicy
private val context = service.context
private lateinit var handler: Handler
- @Volatile
- private var listeners = ArraySet<AppOpsModeChangedListener>()
+ @Volatile private var listeners = ArraySet<AppOpsModeChangedListener>()
private val listenersLock = Any()
fun initialize() {
@@ -86,9 +83,7 @@
val appId = UserHandle.getAppId(uid)
val userId = UserHandle.getUserId(uid)
val opName = AppOpsManager.opToPublicName(op)
- return service.getState {
- with(appIdPolicy) { getAppOpMode(appId, userId, opName) }
- }
+ return service.getState { with(appIdPolicy) { getAppOpMode(appId, userId, opName) } }
}
private fun getUidModes(uid: Int): ArrayMap<String, Int>? {
@@ -115,10 +110,7 @@
}
}
- private fun getPackageModes(
- packageName: String,
- userId: Int
- ): ArrayMap<String, Int>? =
+ private fun getPackageModes(packageName: String, userId: Int): ArrayMap<String, Int>? =
service.getState { with(packagePolicy) { getAppOpModes(packageName, userId) } }?.map
override fun setPackageMode(packageName: String, op: Int, mode: Int, userId: Int) {
@@ -131,15 +123,13 @@
override fun removeUid(uid: Int) {
val appId = UserHandle.getAppId(uid)
val userId = UserHandle.getUserId(uid)
- service.mutateState {
- with(appIdPolicy) { removeAppOpModes(appId, userId) }
- }
+ service.mutateState { with(appIdPolicy) { removeAppOpModes(appId, userId) } }
}
override fun removePackage(packageName: String, userId: Int): Boolean {
var wasChanged = false
service.mutateState {
- wasChanged = with (packagePolicy) { removeAppOpModes(packageName, userId) }
+ wasChanged = with(packagePolicy) { removeAppOpModes(packageName, userId) }
}
return wasChanged
}
diff --git a/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPersistence.kt b/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPersistence.kt
index a267637..edeef71 100644
--- a/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPersistence.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPersistence.kt
@@ -52,9 +52,7 @@
}
protected fun BinaryXmlSerializer.serializeAppOps(appOpModes: IndexedMap<String, Int>) {
- appOpModes.forEachIndexed { _, name, mode ->
- serializeAppOp(name, mode)
- }
+ appOpModes.forEachIndexed { _, name, mode -> serializeAppOp(name, mode) }
}
private fun BinaryXmlSerializer.serializeAppOp(name: String, mode: Int) {
diff --git a/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPolicy.kt b/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPolicy.kt
index c0a85f8..758cec0 100644
--- a/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/BaseAppOpPolicy.kt
@@ -23,9 +23,7 @@
import com.android.server.permission.access.MutableAccessState
import com.android.server.permission.access.SchemePolicy
-abstract class BaseAppOpPolicy(
- private val persistence: BaseAppOpPersistence
-) : SchemePolicy() {
+abstract class BaseAppOpPolicy(private val persistence: BaseAppOpPersistence) : SchemePolicy() {
override val objectScheme: String
get() = AppOpUri.SCHEME
diff --git a/services/permission/java/com/android/server/permission/access/appop/PackageAppOpMigration.kt b/services/permission/java/com/android/server/permission/access/appop/PackageAppOpMigration.kt
index 03311a2..8797e39 100644
--- a/services/permission/java/com/android/server/permission/access/appop/PackageAppOpMigration.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/PackageAppOpMigration.kt
@@ -44,9 +44,7 @@
val appOpModes = MutableIndexedMap<String, Int>()
packageAppOpModes[packageName] = appOpModes
- legacyAppOpModes.forEach { (appOpName, appOpMode) ->
- appOpModes[appOpName] = appOpMode
- }
+ legacyAppOpModes.forEach { (appOpName, appOpMode) -> appOpModes[appOpName] = appOpMode }
userState.mutatePackageVersions()[packageName] = version
}
diff --git a/services/permission/java/com/android/server/permission/access/appop/PackageAppOpPolicy.kt b/services/permission/java/com/android/server/permission/access/appop/PackageAppOpPolicy.kt
index 5398a57..0d9470e 100644
--- a/services/permission/java/com/android/server/permission/access/appop/PackageAppOpPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/PackageAppOpPolicy.kt
@@ -46,7 +46,9 @@
newState.userStates.forEachIndexed { userStateIndex, _, userState ->
val packageNameIndex = userState.packageAppOpModes.indexOfKey(packageName)
if (packageNameIndex >= 0) {
- newState.mutateUserStateAt(userStateIndex).mutatePackageAppOpModes()
+ newState
+ .mutateUserStateAt(userStateIndex)
+ .mutatePackageAppOpModes()
.removeAt(packageNameIndex)
// Skip notifying the change listeners since the package no longer exists.
}
@@ -61,18 +63,22 @@
if (userStateIndex < 0) {
return false
}
- val packageNameIndex = newState.userStates.valueAt(userStateIndex).packageAppOpModes
- .indexOfKey(packageName)
+ val packageNameIndex =
+ newState.userStates.valueAt(userStateIndex).packageAppOpModes.indexOfKey(packageName)
if (packageNameIndex < 0) {
return false
}
- newState.mutateUserStateAt(userStateIndex).mutatePackageAppOpModes()
+ newState
+ .mutateUserStateAt(userStateIndex)
+ .mutatePackageAppOpModes()
.removeAt(packageNameIndex)
return true
}
fun GetStateScope.getAppOpMode(packageName: String, userId: Int, appOpName: String): Int =
- state.userStates[userId]?.packageAppOpModes?.get(packageName)
+ state.userStates[userId]
+ ?.packageAppOpModes
+ ?.get(packageName)
.getWithDefault(appOpName, AppOpsManager.opToDefaultMode(appOpName))
fun MutateStateScope.setAppOpMode(
@@ -82,8 +88,10 @@
mode: Int
): Boolean {
val defaultMode = AppOpsManager.opToDefaultMode(appOpName)
- val oldMode = newState.userStates[userId]!!.packageAppOpModes[packageName]
- .getWithDefault(appOpName, defaultMode)
+ val oldMode =
+ newState.userStates[userId]!!
+ .packageAppOpModes[packageName]
+ .getWithDefault(appOpName, defaultMode)
if (oldMode == mode) {
return false
}
@@ -123,9 +131,7 @@
with(upgrade) { upgradePackageState(packageState, userId, version) }
}
- /**
- * Listener for app op mode changes.
- */
+ /** Listener for app op mode changes. */
abstract class OnAppOpModeChangedListener {
/**
* Called when an app op mode change has been made to the upcoming new state.
diff --git a/services/permission/java/com/android/server/permission/access/appop/PackageAppOpUpgrade.kt b/services/permission/java/com/android/server/permission/access/appop/PackageAppOpUpgrade.kt
index 8e37093..f5eedf7 100644
--- a/services/permission/java/com/android/server/permission/access/appop/PackageAppOpUpgrade.kt
+++ b/services/permission/java/com/android/server/permission/access/appop/PackageAppOpUpgrade.kt
@@ -28,11 +28,16 @@
) {
if (version <= 2) {
with(policy) {
- val appOpMode = getAppOpMode(
- packageState.packageName, userId, AppOpsManager.OPSTR_RUN_IN_BACKGROUND
- )
+ val appOpMode =
+ getAppOpMode(
+ packageState.packageName,
+ userId,
+ AppOpsManager.OPSTR_RUN_IN_BACKGROUND
+ )
setAppOpMode(
- packageState.packageName, userId, AppOpsManager.OPSTR_RUN_ANY_IN_BACKGROUND,
+ packageState.packageName,
+ userId,
+ AppOpsManager.OPSTR_RUN_ANY_IN_BACKGROUND,
appOpMode
)
}
diff --git a/services/permission/java/com/android/server/permission/access/collection/ArrayMapExtensions.kt b/services/permission/java/com/android/server/permission/access/collection/ArrayMapExtensions.kt
index 686db42..b74f477 100644
--- a/services/permission/java/com/android/server/permission/access/collection/ArrayMapExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/collection/ArrayMapExtensions.kt
@@ -49,7 +49,9 @@
}
inline fun <K, V> ArrayMap<K, V>.getOrPut(key: K, defaultValue: () -> V): V {
- get(key)?.let { return it }
+ get(key)?.let {
+ return it
+ }
return defaultValue().also { put(key, it) }
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedList.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedList.kt
index ce4aa44..ea8e07f 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedList.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedList.kt
@@ -16,12 +16,8 @@
package com.android.server.permission.access.immutable
-/**
- * Immutable list with index-based access.
- */
-sealed class IndexedList<T>(
- internal val list: ArrayList<T>
-) : Immutable<MutableIndexedList<T>> {
+/** Immutable list with index-based access. */
+sealed class IndexedList<T>(internal val list: ArrayList<T>) : Immutable<MutableIndexedList<T>> {
val size: Int
get() = list.size
@@ -29,20 +25,15 @@
operator fun contains(element: T): Boolean = list.contains(element)
- @Suppress("ReplaceGetOrSet")
- operator fun get(index: Int): T = list.get(index)
+ @Suppress("ReplaceGetOrSet") operator fun get(index: Int): T = list.get(index)
override fun toMutable(): MutableIndexedList<T> = MutableIndexedList(this)
override fun toString(): String = list.toString()
}
-/**
- * Mutable list with index-based access.
- */
-class MutableIndexedList<T>(
- list: ArrayList<T> = ArrayList()
-) : IndexedList<T>(list) {
+/** Mutable list with index-based access. */
+class MutableIndexedList<T>(list: ArrayList<T> = ArrayList()) : IndexedList<T>(list) {
constructor(indexedList: IndexedList<T>) : this(ArrayList(indexedList.list))
@Suppress("ReplaceGetOrSet")
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedListExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedListExtensions.kt
index dc9bae3..a9d804e 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedListExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedListExtensions.kt
@@ -70,9 +70,7 @@
accumulator: (Int, Int, T) -> Int
): Int {
var value = initialValue
- forEachIndexed { index, element ->
- value = accumulator(value, index, element)
- }
+ forEachIndexed { index, element -> value = accumulator(value, index, element) }
return value
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedListSet.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedListSet.kt
index 77e71ba..3a2fd2f 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedListSet.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedListSet.kt
@@ -16,12 +16,9 @@
package com.android.server.permission.access.immutable
-/**
- * Immutable set with index-based access, implemented using a list.
- */
-sealed class IndexedListSet<T>(
- internal val list: ArrayList<T>
-) : Immutable<MutableIndexedListSet<T>> {
+/** Immutable set with index-based access, implemented using a list. */
+sealed class IndexedListSet<T>(internal val list: ArrayList<T>) :
+ Immutable<MutableIndexedListSet<T>> {
val size: Int
get() = list.size
@@ -31,20 +28,15 @@
fun indexOf(element: T): Int = list.indexOf(element)
- @Suppress("ReplaceGetOrSet")
- fun elementAt(index: Int): T = list.get(index)
+ @Suppress("ReplaceGetOrSet") fun elementAt(index: Int): T = list.get(index)
override fun toMutable(): MutableIndexedListSet<T> = MutableIndexedListSet(this)
override fun toString(): String = list.toString()
}
-/**
- * Mutable set with index-based access, implemented using a list.
- */
-class MutableIndexedListSet<T>(
- list: ArrayList<T> = ArrayList()
-) : IndexedListSet<T>(list) {
+/** Mutable set with index-based access, implemented using a list. */
+class MutableIndexedListSet<T>(list: ArrayList<T> = ArrayList()) : IndexedListSet<T>(list) {
constructor(indexedListSet: IndexedListSet<T>) : this(ArrayList(indexedListSet.list))
fun add(element: T): Boolean =
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedListSetExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedListSetExtensions.kt
index 13fc141..2634b53 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedListSetExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedListSetExtensions.kt
@@ -70,9 +70,7 @@
accumulator: (Int, Int, T) -> Int
): Int {
var value = initialValue
- forEachIndexed { index, element ->
- value = accumulator(value, index, element)
- }
+ forEachIndexed { index, element -> value = accumulator(value, index, element) }
return value
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedMap.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedMap.kt
index 299cc89..873c9c8 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedMap.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedMap.kt
@@ -18,12 +18,9 @@
import android.util.ArrayMap
-/**
- * Immutable map with index-based access.
- */
-sealed class IndexedMap<K, V>(
- internal val map: ArrayMap<K, V>
-) : Immutable<MutableIndexedMap<K, V>> {
+/** Immutable map with index-based access. */
+sealed class IndexedMap<K, V>(internal val map: ArrayMap<K, V>) :
+ Immutable<MutableIndexedMap<K, V>> {
val size: Int
get() = map.size
@@ -31,8 +28,7 @@
operator fun contains(key: K): Boolean = map.containsKey(key)
- @Suppress("ReplaceGetOrSet")
- operator fun get(key: K): V? = map.get(key)
+ @Suppress("ReplaceGetOrSet") operator fun get(key: K): V? = map.get(key)
fun indexOfKey(key: K): Int = map.indexOfKey(key)
@@ -45,12 +41,8 @@
override fun toString(): String = map.toString()
}
-/**
- * Mutable map with index-based access.
- */
-class MutableIndexedMap<K, V>(
- map: ArrayMap<K, V> = ArrayMap()
-) : IndexedMap<K, V>(map) {
+/** Mutable map with index-based access. */
+class MutableIndexedMap<K, V>(map: ArrayMap<K, V> = ArrayMap()) : IndexedMap<K, V>(map) {
constructor(indexedMap: IndexedMap<K, V>) : this(ArrayMap(indexedMap.map))
fun put(key: K, value: V): V? = map.put(key, value)
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedMapExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedMapExtensions.kt
index 69f1779c..48637cc 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedMapExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedMapExtensions.kt
@@ -36,7 +36,9 @@
inline fun <K, V, R> IndexedMap<K, V>.firstNotNullOfOrNullIndexed(transform: (Int, K, V) -> R): R? {
forEachIndexed { index, key, value ->
- transform(index, key, value)?.let { return it }
+ transform(index, key, value)?.let {
+ return it
+ }
}
return null
}
@@ -75,9 +77,7 @@
destination: C,
transform: (Int, K, V) -> R,
): C {
- forEachIndexed { index, key, value ->
- transform(index, key, value).let { destination += it }
- }
+ forEachIndexed { index, key, value -> transform(index, key, value).let { destination += it } }
return destination
}
@@ -85,14 +85,14 @@
destination: C,
transform: (Int, K, V) -> R?
): C {
- forEachIndexed { index, key, value ->
- transform(index, key, value)?.let { destination += it }
- }
+ forEachIndexed { index, key, value -> transform(index, key, value)?.let { destination += it } }
return destination
}
inline fun <K, V> MutableIndexedMap<K, V>.getOrPut(key: K, defaultValue: () -> V): V {
- get(key)?.let { return it }
+ get(key)?.let {
+ return it
+ }
return defaultValue().also { put(key, it) }
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMap.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMap.kt
index ff76a47..6fe4718 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMap.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMap.kt
@@ -33,8 +33,7 @@
operator fun contains(key: K): Boolean = map.containsKey(key)
- @Suppress("ReplaceGetOrSet")
- operator fun get(key: K): I? = map.get(key)?.get()
+ @Suppress("ReplaceGetOrSet") operator fun get(key: K): I? = map.get(key)?.get()
fun indexOfKey(key: K): Int = map.indexOfKey(key)
@@ -55,7 +54,9 @@
class MutableIndexedReferenceMap<K, I : Immutable<M>, M : I>(
map: ArrayMap<K, MutableReference<I, M>> = ArrayMap()
) : IndexedReferenceMap<K, I, M>(map) {
- constructor(indexedReferenceMap: IndexedReferenceMap<K, I, M>) : this(
+ constructor(
+ indexedReferenceMap: IndexedReferenceMap<K, I, M>
+ ) : this(
ArrayMap(indexedReferenceMap.map).apply {
for (i in 0 until size) {
setValueAt(i, valueAt(i).toImmutable())
@@ -63,8 +64,7 @@
}
)
- @Suppress("ReplaceGetOrSet")
- fun mutate(key: K): M? = map.get(key)?.mutate()
+ @Suppress("ReplaceGetOrSet") fun mutate(key: K): M? = map.get(key)?.mutate()
fun put(key: K, value: M): I? = map.put(key, MutableReference(value))?.get()
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMapExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMapExtensions.kt
index 22b4d52..43a902b 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMapExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedReferenceMapExtensions.kt
@@ -72,7 +72,9 @@
key: K,
defaultValue: () -> M
): M {
- mutate(key)?.let { return it }
+ mutate(key)?.let {
+ return it
+ }
return defaultValue().also { put(key, it) }
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IndexedSet.kt b/services/permission/java/com/android/server/permission/access/immutable/IndexedSet.kt
index 547e56c..cbc24b1 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IndexedSet.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IndexedSet.kt
@@ -18,12 +18,8 @@
import android.util.ArraySet
-/**
- * Immutable set with index-based access.
- */
-sealed class IndexedSet<T>(
- internal val set: ArraySet<T>
-) : Immutable<MutableIndexedSet<T>> {
+/** Immutable set with index-based access. */
+sealed class IndexedSet<T>(internal val set: ArraySet<T>) : Immutable<MutableIndexedSet<T>> {
val size: Int
get() = set.size
@@ -40,12 +36,8 @@
override fun toString(): String = set.toString()
}
-/**
- * Mutable set with index-based access.
- */
-class MutableIndexedSet<T>(
- set: ArraySet<T> = ArraySet()
-) : IndexedSet<T>(set) {
+/** Mutable set with index-based access. */
+class MutableIndexedSet<T>(set: ArraySet<T> = ArraySet()) : IndexedSet<T>(set) {
constructor(indexedSet: IndexedSet<T>) : this(ArraySet(indexedSet.set))
fun add(element: T): Boolean = set.add(element)
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IntMap.kt b/services/permission/java/com/android/server/permission/access/immutable/IntMap.kt
index 7ed29e8..e9a405f 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IntMap.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IntMap.kt
@@ -18,12 +18,8 @@
import android.util.SparseArray
-/**
- * Immutable map with index-based access and [Int] keys.
- */
-sealed class IntMap<T>(
- internal val array: SparseArray<T>
-) : Immutable<MutableIntMap<T>> {
+/** Immutable map with index-based access and [Int] keys. */
+sealed class IntMap<T>(internal val array: SparseArray<T>) : Immutable<MutableIntMap<T>> {
val size: Int
get() = array.size()
@@ -44,12 +40,8 @@
override fun toString(): String = array.toString()
}
-/**
- * Mutable map with index-based access and [Int] keys.
- */
-class MutableIntMap<T>(
- array: SparseArray<T> = SparseArray()
-) : IntMap<T>(array) {
+/** Mutable map with index-based access and [Int] keys. */
+class MutableIntMap<T>(array: SparseArray<T> = SparseArray()) : IntMap<T>(array) {
constructor(intMap: IntMap<T>) : this(intMap.array.clone())
fun put(key: Int, value: T): T? = array.putReturnOld(key, value)
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IntMapExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IntMapExtensions.kt
index 9aa0a41..09d7319 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IntMapExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IntMapExtensions.kt
@@ -36,7 +36,9 @@
inline fun <T, R> IntMap<T>.firstNotNullOfOrNullIndexed(transform: (Int, Int, T) -> R): R? {
forEachIndexed { index, key, value ->
- transform(index, key, value)?.let { return it }
+ transform(index, key, value)?.let {
+ return it
+ }
}
return null
}
@@ -72,7 +74,9 @@
}
inline fun <T> MutableIntMap<T>.getOrPut(key: Int, defaultValue: () -> T): T {
- get(key)?.let { return it }
+ get(key)?.let {
+ return it
+ }
return defaultValue().also { put(key, it) }
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMap.kt b/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMap.kt
index 160b227..3f26517 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMap.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMap.kt
@@ -33,8 +33,7 @@
operator fun contains(key: Int): Boolean = array.contains(key)
- @Suppress("ReplaceGetOrSet")
- operator fun get(key: Int): I? = array.get(key)?.get()
+ @Suppress("ReplaceGetOrSet") operator fun get(key: Int): I? = array.get(key)?.get()
fun indexOfKey(key: Int): Int = array.indexOfKey(key)
@@ -55,7 +54,9 @@
class MutableIntReferenceMap<I : Immutable<M>, M : I>(
array: SparseArray<MutableReference<I, M>> = SparseArray()
) : IntReferenceMap<I, M>(array) {
- constructor(intReferenceMap: IntReferenceMap<I, M>) : this(
+ constructor(
+ intReferenceMap: IntReferenceMap<I, M>
+ ) : this(
intReferenceMap.array.clone().apply {
for (i in 0 until size()) {
setValueAt(i, valueAt(i).toImmutable())
@@ -63,8 +64,7 @@
}
)
- @Suppress("ReplaceGetOrSet")
- fun mutate(key: Int): M? = array.get(key)?.mutate()
+ @Suppress("ReplaceGetOrSet") fun mutate(key: Int): M? = array.get(key)?.mutate()
fun put(key: Int, value: M): I? = array.putReturnOld(key, MutableReference(value))?.get()
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMapExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMapExtensions.kt
index 1ed4f8a..a1bab95 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMapExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IntReferenceMapExtensions.kt
@@ -72,7 +72,9 @@
key: Int,
defaultValue: () -> M
): M {
- mutate(key)?.let { return it }
+ mutate(key)?.let {
+ return it
+ }
return defaultValue().also { put(key, it) }
}
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IntSet.kt b/services/permission/java/com/android/server/permission/access/immutable/IntSet.kt
index 21f2af2..1254797 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IntSet.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IntSet.kt
@@ -18,12 +18,8 @@
import android.util.SparseBooleanArray
-/**
- * Immutable set with index-based access and [Int] elements.
- */
-sealed class IntSet(
- internal val array: SparseBooleanArray
-) : Immutable<MutableIntSet> {
+/** Immutable set with index-based access and [Int] elements. */
+sealed class IntSet(internal val array: SparseBooleanArray) : Immutable<MutableIntSet> {
val size: Int
get() = array.size()
@@ -40,12 +36,8 @@
override fun toString(): String = array.toString()
}
-/**
- * Mutable set with index-based access and [Int] elements.
- */
-class MutableIntSet(
- array: SparseBooleanArray = SparseBooleanArray()
-) : IntSet(array) {
+/** Mutable set with index-based access and [Int] elements. */
+class MutableIntSet(array: SparseBooleanArray = SparseBooleanArray()) : IntSet(array) {
constructor(intSet: IntSet) : this(intSet.array.clone())
fun add(element: Int): Boolean =
diff --git a/services/permission/java/com/android/server/permission/access/immutable/IntSetExtensions.kt b/services/permission/java/com/android/server/permission/access/immutable/IntSetExtensions.kt
index 163ebbf..9d0d14f 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/IntSetExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/IntSetExtensions.kt
@@ -66,7 +66,7 @@
operator fun IntSet.plus(element: Int): MutableIntSet = toMutable().apply { this += element }
-fun MutableIntSet(values: IntArray): MutableIntSet = MutableIntSet().apply{ this += values }
+fun MutableIntSet(values: IntArray): MutableIntSet = MutableIntSet().apply { this += values }
operator fun MutableIntSet.plusAssign(element: Int) {
array.put(element, true)
diff --git a/services/permission/java/com/android/server/permission/access/immutable/MutableReference.kt b/services/permission/java/com/android/server/permission/access/immutable/MutableReference.kt
index 171cfeb..471a71b 100644
--- a/services/permission/java/com/android/server/permission/access/immutable/MutableReference.kt
+++ b/services/permission/java/com/android/server/permission/access/immutable/MutableReference.kt
@@ -27,21 +27,17 @@
* exposed on the immutable interface of the data structure as a `getFoo` method, and the [mutate]
* method exposed on the mutable interface of the data structure as a `mutateFoo` method. When the
* data structure is mutated/copied, a new instance of this class should be obtained with
- * [toImmutable], which makes the wrapped reference immutable-only again and thus prevents
- * further modifications to a data structure accessed with its immutable interface.
+ * [toImmutable], which makes the wrapped reference immutable-only again and thus prevents further
+ * modifications to a data structure accessed with its immutable interface.
*
* @see MutableIndexedReferenceMap
* @see MutableIntReferenceMap
*/
-class MutableReference<I : Immutable<M>, M : I> private constructor(
- private var immutable: I,
- private var mutable: M?
-) {
+class MutableReference<I : Immutable<M>, M : I>
+private constructor(private var immutable: I, private var mutable: M?) {
constructor(mutable: M) : this(mutable, mutable)
- /**
- * Return an immutable reference to the wrapped mutable data structure.
- */
+ /** Return an immutable reference to the wrapped mutable data structure. */
fun get(): I = immutable
/**
@@ -50,7 +46,9 @@
* already mutable.
*/
fun mutate(): M {
- mutable?.let { return it }
+ mutable?.let {
+ return it
+ }
return immutable.toMutable().also {
immutable = it
mutable = it
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionMigration.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionMigration.kt
index 691ed8f..2983895 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionMigration.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionMigration.kt
@@ -23,9 +23,7 @@
import com.android.server.permission.access.util.PackageVersionMigration
import com.android.server.pm.permission.PermissionMigrationHelper
-/**
- * This class migrate legacy permissions to unified permission subsystem
- */
+/** This class migrate legacy permissions to unified permission subsystem */
class AppIdPermissionMigration {
internal fun migrateSystemState(state: MutableAccessState) {
val legacyPermissionsManager =
@@ -34,10 +32,15 @@
return
}
- migratePermissions(state.mutateSystemState().mutatePermissions(),
- legacyPermissionsManager.legacyPermissions)
- migratePermissions(state.mutateSystemState().mutatePermissionTrees(),
- legacyPermissionsManager.legacyPermissionTrees, true)
+ migratePermissions(
+ state.mutateSystemState().mutatePermissions(),
+ legacyPermissionsManager.legacyPermissions
+ )
+ migratePermissions(
+ state.mutateSystemState().mutatePermissionTrees(),
+ legacyPermissionsManager.legacyPermissionTrees,
+ true
+ )
}
private fun migratePermissions(
@@ -46,14 +49,15 @@
isPermissionTree: Boolean = false
) {
legacyPermissions.forEach { (_, legacyPermission) ->
- val permission = Permission(
- legacyPermission.permissionInfo, false, legacyPermission.type, 0
- )
+ val permission =
+ Permission(legacyPermission.permissionInfo, false, legacyPermission.type, 0)
permissions[permission.name] = permission
if (DEBUG_MIGRATION) {
- Slog.v(LOG_TAG, "Migrated permission: ${permission.name}, type: " +
- "${permission.type}, appId: ${permission.appId}, protectionLevel: " +
- "${permission.protectionLevel}, tree: $isPermissionTree"
+ Slog.v(
+ LOG_TAG,
+ "Migrated permission: ${permission.name}, type: " +
+ "${permission.type}, appId: ${permission.appId}, protectionLevel: " +
+ "${permission.protectionLevel}, tree: $isPermissionTree"
)
}
}
@@ -81,25 +85,23 @@
val permissionFlags = MutableIndexedMap<String, Int>()
appIdPermissionFlags[appId] = permissionFlags
- legacyPermissionStates.forEach forEachPermission@ {
+ legacyPermissionStates.forEach forEachPermission@{
(permissionName, legacyPermissionState) ->
val permission = state.systemState.permissions[permissionName]
if (permission == null) {
Slog.w(
- LOG_TAG, "Dropping unknown permission $permissionName for app ID $appId" +
+ LOG_TAG,
+ "Dropping unknown permission $permissionName for app ID $appId" +
" when migrating permission state"
)
return@forEachPermission
}
- permissionFlags[permissionName] = migratePermissionFlags(
- permission, legacyPermissionState, appId, userId
- )
+ permissionFlags[permissionName] =
+ migratePermissionFlags(permission, legacyPermissionState, appId, userId)
}
val packageVersions = userState.mutatePackageVersions()
- packageNames.forEachIndexed { _, packageName ->
- packageVersions[packageName] = version
- }
+ packageNames.forEachIndexed { _, packageName -> packageVersions[packageName] = version }
}
}
@@ -109,29 +111,35 @@
appId: Int,
userId: Int
): Int {
- var flags = when {
- permission.isNormal -> if (legacyPermissionState.isGranted) {
- PermissionFlags.INSTALL_GRANTED
- } else {
- PermissionFlags.INSTALL_REVOKED
- }
- permission.isSignature || permission.isInternal ->
- if (legacyPermissionState.isGranted) {
- if (permission.isDevelopment || permission.isRole) {
- PermissionFlags.PROTECTION_GRANTED or PermissionFlags.RUNTIME_GRANTED
+ var flags =
+ when {
+ permission.isNormal ->
+ if (legacyPermissionState.isGranted) {
+ PermissionFlags.INSTALL_GRANTED
} else {
- PermissionFlags.PROTECTION_GRANTED
+ PermissionFlags.INSTALL_REVOKED
}
- } else {
- 0
- }
- permission.isRuntime ->
- if (legacyPermissionState.isGranted) PermissionFlags.RUNTIME_GRANTED else 0
- else -> 0
- }
- flags = PermissionFlags.updateFlags(
- permission, flags, legacyPermissionState.flags, legacyPermissionState.flags
- )
+ permission.isSignature || permission.isInternal ->
+ if (legacyPermissionState.isGranted) {
+ if (permission.isDevelopment || permission.isRole) {
+ PermissionFlags.PROTECTION_GRANTED or PermissionFlags.RUNTIME_GRANTED
+ } else {
+ PermissionFlags.PROTECTION_GRANTED
+ }
+ } else {
+ 0
+ }
+ permission.isRuntime ->
+ if (legacyPermissionState.isGranted) PermissionFlags.RUNTIME_GRANTED else 0
+ else -> 0
+ }
+ flags =
+ PermissionFlags.updateFlags(
+ permission,
+ flags,
+ legacyPermissionState.flags,
+ legacyPermissionState.flags
+ )
if (DEBUG_MIGRATION) {
val oldFlagString = PermissionFlags.apiFlagsToString(legacyPermissionState.flags)
val newFlagString = PermissionFlags.toString(flags)
@@ -139,7 +147,8 @@
val newGrantState = PermissionFlags.isPermissionGranted(flags)
val flagsMismatch = legacyPermissionState.flags != PermissionFlags.toApiFlags(flags)
Slog.v(
- LOG_TAG, "Migrated appId: $appId, permission: " +
+ LOG_TAG,
+ "Migrated appId: $appId, permission: " +
"${permission.name}, user: $userId, oldGrantState: $oldGrantState" +
", oldFlags: $oldFlagString, newFlags: $newFlagString, grantMismatch: " +
"${oldGrantState != newGrantState}, flagsMismatch: $flagsMismatch"
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPersistence.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPersistence.kt
index 2c8175b..1f40f01 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPersistence.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPersistence.kt
@@ -57,11 +57,12 @@
isPermissionTree: Boolean
) {
val systemState = state.mutateSystemState(WriteMode.NONE)
- val permissions = if (isPermissionTree) {
- systemState.mutatePermissionTrees()
- } else {
- systemState.mutatePermissions()
- }
+ val permissions =
+ if (isPermissionTree) {
+ systemState.mutatePermissionTrees()
+ } else {
+ systemState.mutatePermissions()
+ }
forEachTag {
when (val tagName = tagName) {
TAG_PERMISSION -> parsePermission(permissions)
@@ -71,10 +72,13 @@
permissions.forEachReversedIndexed { permissionIndex, _, permission ->
val packageName = permission.packageName
val externalState = state.externalState
- if (packageName !in externalState.packageStates &&
- packageName !in externalState.disabledSystemPackageStates) {
+ if (
+ packageName !in externalState.packageStates &&
+ packageName !in externalState.disabledSystemPackageStates
+ ) {
Slog.w(
- LOG_TAG, "Dropping permission ${permission.name} from unknown package" +
+ LOG_TAG,
+ "Dropping permission ${permission.name} from unknown package" +
" $packageName when parsing permissions"
)
permissions.removeAt(permissionIndex)
@@ -88,11 +92,12 @@
) {
val name = getAttributeValueOrThrow(ATTR_NAME).intern()
@Suppress("DEPRECATION")
- val permissionInfo = PermissionInfo().apply {
- this.name = name
- packageName = getAttributeValueOrThrow(ATTR_PACKAGE_NAME).intern()
- protectionLevel = getAttributeIntHexOrThrow(ATTR_PROTECTION_LEVEL)
- }
+ val permissionInfo =
+ PermissionInfo().apply {
+ this.name = name
+ packageName = getAttributeValueOrThrow(ATTR_PACKAGE_NAME).intern()
+ protectionLevel = getAttributeIntHexOrThrow(ATTR_PROTECTION_LEVEL)
+ }
val type = getAttributeIntOrThrow(ATTR_TYPE)
when (type) {
Permission.TYPE_MANIFEST -> {}
@@ -125,15 +130,14 @@
tagName: String,
permissions: IndexedMap<String, Permission>
) {
- tag(tagName) {
- permissions.forEachIndexed { _, _, it -> serializePermission(it) }
- }
+ tag(tagName) { permissions.forEachIndexed { _, _, it -> serializePermission(it) } }
}
private fun BinaryXmlSerializer.serializePermission(permission: Permission) {
val type = permission.type
when (type) {
- Permission.TYPE_MANIFEST, Permission.TYPE_DYNAMIC -> {}
+ Permission.TYPE_MANIFEST,
+ Permission.TYPE_DYNAMIC -> {}
Permission.TYPE_CONFIG -> return
else -> {
Slog.w(LOG_TAG, "Skipping serializing permission $name with unknown type $type")
@@ -228,11 +232,12 @@
tag(TAG_PERMISSION) {
attributeInterned(ATTR_NAME, name)
// Never serialize one-time permissions as granted.
- val serializedFlags = if (flags.hasBits(PermissionFlags.ONE_TIME)) {
- flags andInv PermissionFlags.RUNTIME_GRANTED
- } else {
- flags
- }
+ val serializedFlags =
+ if (flags.hasBits(PermissionFlags.ONE_TIME)) {
+ flags andInv PermissionFlags.RUNTIME_GRANTED
+ } else {
+ flags
+ }
attributeInt(ATTR_FLAGS, serializedFlags)
}
}
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
index 345f101..08ba753 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
@@ -55,7 +55,8 @@
@Volatile
private var onPermissionFlagsChangedListeners:
- IndexedListSet<OnPermissionFlagsChangedListener> = MutableIndexedListSet()
+ IndexedListSet<OnPermissionFlagsChangedListener> =
+ MutableIndexedListSet()
private val onPermissionFlagsChangedListenersLock = Any()
private val privilegedPermissionAllowlistViolations = MutableIndexedSet<String>()
@@ -73,30 +74,37 @@
override fun MutateStateScope.onInitialized() {
newState.externalState.configPermissions.forEach { (permissionName, permissionEntry) ->
val oldPermission = newState.systemState.permissions[permissionName]
- val newPermission = if (oldPermission != null) {
- if (permissionEntry.gids != null) {
- oldPermission.copy(
- gids = permissionEntry.gids, areGidsPerUser = permissionEntry.perUser
- )
+ val newPermission =
+ if (oldPermission != null) {
+ if (permissionEntry.gids != null) {
+ oldPermission.copy(
+ gids = permissionEntry.gids,
+ areGidsPerUser = permissionEntry.perUser
+ )
+ } else {
+ return@forEach
+ }
} else {
- return@forEach
+ @Suppress("DEPRECATION")
+ val permissionInfo =
+ PermissionInfo().apply {
+ name = permissionName
+ packageName = PLATFORM_PACKAGE_NAME
+ protectionLevel = PermissionInfo.PROTECTION_SIGNATURE
+ }
+ if (permissionEntry.gids != null) {
+ Permission(
+ permissionInfo,
+ false,
+ Permission.TYPE_CONFIG,
+ 0,
+ permissionEntry.gids,
+ permissionEntry.perUser
+ )
+ } else {
+ Permission(permissionInfo, false, Permission.TYPE_CONFIG, 0)
+ }
}
- } else {
- @Suppress("DEPRECATION")
- val permissionInfo = PermissionInfo().apply {
- name = permissionName
- packageName = PLATFORM_PACKAGE_NAME
- protectionLevel = PermissionInfo.PROTECTION_SIGNATURE
- }
- if (permissionEntry.gids != null) {
- Permission(
- permissionInfo, false, Permission.TYPE_CONFIG, 0, permissionEntry.gids,
- permissionEntry.perUser
- )
- } else {
- Permission(permissionInfo, false, Permission.TYPE_CONFIG, 0)
- }
- }
newState.mutateSystemState().mutatePermissions()[permissionName] = newPermission
}
}
@@ -200,30 +208,32 @@
val androidPackage = packageState.androidPackage ?: return
val appId = packageState.appId
androidPackage.requestedPermissions.forEach { permissionName ->
- val permission = newState.systemState.permissions[permissionName]
- ?: return@forEach
+ val permission = newState.systemState.permissions[permissionName] ?: return@forEach
if (!permission.isHardOrSoftRestricted) {
return@forEach
}
- val isRequestedBySystemPackage = anyPackageInAppId(appId) {
- it.isSystem && permissionName in it.androidPackage!!.requestedPermissions
- }
+ val isRequestedBySystemPackage =
+ anyPackageInAppId(appId) {
+ it.isSystem && permissionName in it.androidPackage!!.requestedPermissions
+ }
if (isRequestedBySystemPackage) {
return@forEach
}
val oldFlags = getPermissionFlags(appId, userId, permissionName)
var newFlags = oldFlags andInv PermissionFlags.UPGRADE_EXEMPT
val isExempt = newFlags.hasAnyBit(PermissionFlags.MASK_EXEMPT)
- newFlags = if (permission.isHardRestricted && !isExempt) {
- newFlags or PermissionFlags.RESTRICTION_REVOKED
- } else {
- newFlags andInv PermissionFlags.RESTRICTION_REVOKED
- }
- newFlags = if (permission.isSoftRestricted && !isExempt) {
- newFlags or PermissionFlags.SOFT_RESTRICTED
- } else {
- newFlags andInv PermissionFlags.SOFT_RESTRICTED
- }
+ newFlags =
+ if (permission.isHardRestricted && !isExempt) {
+ newFlags or PermissionFlags.RESTRICTION_REVOKED
+ } else {
+ newFlags andInv PermissionFlags.RESTRICTION_REVOKED
+ }
+ newFlags =
+ if (permission.isSoftRestricted && !isExempt) {
+ newFlags or PermissionFlags.SOFT_RESTRICTED
+ } else {
+ newFlags andInv PermissionFlags.SOFT_RESTRICTED
+ }
setPermissionFlags(appId, userId, permissionName, newFlags)
}
}
@@ -243,15 +253,15 @@
val androidPackage = packageState.androidPackage ?: return
val appId = packageState.appId
androidPackage.requestedPermissions.forEach { permissionName ->
- val permission = newState.systemState.permissions[permissionName]
- ?: return@forEach
+ val permission = newState.systemState.permissions[permissionName] ?: return@forEach
if (!permission.isRuntime || permission.isRemoved) {
return@forEach
}
- val isRequestedByOtherPackages = anyPackageInAppId(appId) {
- it.packageName != packageName &&
- permissionName in it.androidPackage!!.requestedPermissions
- }
+ val isRequestedByOtherPackages =
+ anyPackageInAppId(appId) {
+ it.packageName != packageName &&
+ permissionName in it.androidPackage!!.requestedPermissions
+ }
if (isRequestedByOtherPackages) {
return@forEach
}
@@ -260,13 +270,15 @@
return@forEach
}
var newFlags = oldFlags
- newFlags = if (
- newFlags.hasBits(PermissionFlags.ROLE) || newFlags.hasBits(PermissionFlags.PREGRANT)
- ) {
- newFlags or PermissionFlags.RUNTIME_GRANTED
- } else {
- newFlags andInv PermissionFlags.RUNTIME_GRANTED
- }
+ newFlags =
+ if (
+ newFlags.hasBits(PermissionFlags.ROLE) ||
+ newFlags.hasBits(PermissionFlags.PREGRANT)
+ ) {
+ newFlags or PermissionFlags.RUNTIME_GRANTED
+ } else {
+ newFlags andInv PermissionFlags.RUNTIME_GRANTED
+ }
newFlags = newFlags andInv USER_SETTABLE_MASK
if (newFlags.hasBits(PermissionFlags.LEGACY_GRANTED)) {
newFlags = newFlags or PermissionFlags.IMPLICIT
@@ -285,24 +297,32 @@
if (!canAdoptPermissions(packageName, originalPackageName)) {
return@forEachIndexed
}
- newState.systemState.permissions.forEachIndexed permissions@ {
- permissionIndex, permissionName, oldPermission ->
+ newState.systemState.permissions.forEachIndexed permissions@{
+ permissionIndex,
+ permissionName,
+ oldPermission ->
if (oldPermission.packageName != originalPackageName) {
return@permissions
}
@Suppress("DEPRECATION")
- val newPermissionInfo = PermissionInfo().apply {
- name = oldPermission.permissionInfo.name
- this.packageName = packageName
- protectionLevel = oldPermission.permissionInfo.protectionLevel
- }
+ val newPermissionInfo =
+ PermissionInfo().apply {
+ name = oldPermission.permissionInfo.name
+ this.packageName = packageName
+ protectionLevel = oldPermission.permissionInfo.protectionLevel
+ }
// Different from the old implementation, which removes the GIDs upon permission
// adoption, but adds them back on the next boot, we now just consistently keep the
// GIDs.
- val newPermission = oldPermission.copy(
- permissionInfo = newPermissionInfo, isReconciled = false, appId = 0
- )
- newState.mutateSystemState().mutatePermissions()
+ val newPermission =
+ oldPermission.copy(
+ permissionInfo = newPermissionInfo,
+ isReconciled = false,
+ appId = 0
+ )
+ newState
+ .mutateSystemState()
+ .mutatePermissions()
.putAt(permissionIndex, newPermission)
changedPermissionNames += permissionName
}
@@ -313,18 +333,20 @@
packageName: String,
originalPackageName: String
): Boolean {
- val originalPackageState = newState.externalState.packageStates[originalPackageName]
- ?: return false
+ val originalPackageState =
+ newState.externalState.packageStates[originalPackageName] ?: return false
if (!originalPackageState.isSystem) {
Slog.w(
- LOG_TAG, "Unable to adopt permissions from $originalPackageName to $packageName:" +
+ LOG_TAG,
+ "Unable to adopt permissions from $originalPackageName to $packageName:" +
" original package not in system partition"
)
return false
}
if (originalPackageState.androidPackage != null) {
Slog.w(
- LOG_TAG, "Unable to adopt permissions from $originalPackageName to $packageName:" +
+ LOG_TAG,
+ "Unable to adopt permissions from $originalPackageName to $packageName:" +
" original package still exists"
)
return false
@@ -339,20 +361,25 @@
val isInstantApp = packageState.userStates.allIndexed { _, _, it -> it.isInstantApp }
if (isInstantApp) {
Slog.w(
- LOG_TAG, "Ignoring permission groups declared in package" +
+ LOG_TAG,
+ "Ignoring permission groups declared in package" +
" ${packageState.packageName}: instant apps cannot declare permission groups"
)
return
}
packageState.androidPackage!!.permissionGroups.forEachIndexed { _, parsedPermissionGroup ->
- val newPermissionGroup = PackageInfoUtils.generatePermissionGroupInfo(
- parsedPermissionGroup, PackageManager.GET_META_DATA.toLong()
- )!!
+ val newPermissionGroup =
+ PackageInfoUtils.generatePermissionGroupInfo(
+ parsedPermissionGroup,
+ PackageManager.GET_META_DATA.toLong()
+ )!!
// TODO: Clear permission state on group take-over?
val permissionGroupName = newPermissionGroup.name
val oldPermissionGroup = newState.systemState.permissionGroups[permissionGroupName]
- if (oldPermissionGroup != null &&
- newPermissionGroup.packageName != oldPermissionGroup.packageName) {
+ if (
+ oldPermissionGroup != null &&
+ newPermissionGroup.packageName != oldPermissionGroup.packageName
+ ) {
val newPackageName = newPermissionGroup.packageName
val oldPackageName = oldPermissionGroup.packageName
// Different from the old implementation, which defines permission group on
@@ -361,7 +388,8 @@
// to permissions so that we no longer need to rely on the scan order.
if (!packageState.isSystem) {
Slog.w(
- LOG_TAG, "Ignoring permission group $permissionGroupName declared in" +
+ LOG_TAG,
+ "Ignoring permission group $permissionGroupName declared in" +
" package $newPackageName: already declared in another" +
" package $oldPackageName"
)
@@ -369,14 +397,16 @@
}
if (newState.externalState.packageStates[oldPackageName]?.isSystem == true) {
Slog.w(
- LOG_TAG, "Ignoring permission group $permissionGroupName declared in" +
+ LOG_TAG,
+ "Ignoring permission group $permissionGroupName declared in" +
" system package $newPackageName: already declared in another" +
" system package $oldPackageName"
)
return@forEachIndexed
}
Slog.w(
- LOG_TAG, "Overriding permission group $permissionGroupName with" +
+ LOG_TAG,
+ "Overriding permission group $permissionGroupName with" +
" new declaration in system package $newPackageName: originally" +
" declared in another package $oldPackageName"
)
@@ -393,20 +423,23 @@
val androidPackage = packageState.androidPackage!!
// This may not be the same package as the old permission because the old permission owner
// can be different, hence using this somewhat strange name to prevent misuse.
- val oldNewPackage = oldState.externalState.packageStates[packageState.packageName]
- ?.androidPackage
- val isPackageSigningChanged = oldNewPackage != null &&
- androidPackage.signingDetails != oldNewPackage.signingDetails
+ val oldNewPackage =
+ oldState.externalState.packageStates[packageState.packageName]?.androidPackage
+ val isPackageSigningChanged =
+ oldNewPackage != null && androidPackage.signingDetails != oldNewPackage.signingDetails
androidPackage.permissions.forEachIndexed { _, parsedPermission ->
- val newPermissionInfo = PackageInfoUtils.generatePermissionInfo(
- parsedPermission, PackageManager.GET_META_DATA.toLong()
- )!!
+ val newPermissionInfo =
+ PackageInfoUtils.generatePermissionInfo(
+ parsedPermission,
+ PackageManager.GET_META_DATA.toLong()
+ )!!
val permissionName = newPermissionInfo.name
- val oldPermission = if (parsedPermission.isTree) {
- newState.systemState.permissionTrees[permissionName]
- } else {
- newState.systemState.permissions[permissionName]
- }
+ val oldPermission =
+ if (parsedPermission.isTree) {
+ newState.systemState.permissionTrees[permissionName]
+ } else {
+ newState.systemState.permissions[permissionName]
+ }
// Different from the old implementation, which may add an (incomplete) signature
// permission inside another package's permission tree, we now consistently ignore such
// permissions.
@@ -414,128 +447,152 @@
val newPackageName = newPermissionInfo.packageName
if (permissionTree != null && newPackageName != permissionTree.packageName) {
Slog.w(
- LOG_TAG, "Ignoring permission $permissionName declared in package" +
+ LOG_TAG,
+ "Ignoring permission $permissionName declared in package" +
" $newPackageName: base permission tree ${permissionTree.name} is" +
" declared in another package ${permissionTree.packageName}"
)
return@forEachIndexed
}
- val newPermission = if (oldPermission != null &&
- newPackageName != oldPermission.packageName) {
- val oldPackageName = oldPermission.packageName
- // Only allow system apps to redefine non-system permissions.
- if (!packageState.isSystem) {
- Slog.w(
- LOG_TAG, "Ignoring permission $permissionName declared in package" +
- " $newPackageName: already declared in another package" +
- " $oldPackageName"
- )
- return@forEachIndexed
- }
- if (oldPermission.type == Permission.TYPE_CONFIG && !oldPermission.isReconciled) {
- // It's a config permission and has no owner, take ownership now.
- oldPermission.copy(
- permissionInfo = newPermissionInfo, isReconciled = true,
- type = Permission.TYPE_MANIFEST, appId = packageState.appId
- )
- } else if (newState.externalState.packageStates[oldPackageName]?.isSystem != true) {
- Slog.w(
- LOG_TAG, "Overriding permission $permissionName with new declaration in" +
- " system package $newPackageName: originally declared in another" +
- " package $oldPackageName"
- )
- // Remove permission state on owner change.
- newState.externalState.userIds.forEachIndexed { _, userId ->
- newState.externalState.appIdPackageNames.forEachIndexed { _, appId, _ ->
- setPermissionFlags(appId, userId, permissionName, 0)
- }
- }
- // Different from the old implementation, which removes the GIDs upon permission
- // override, but adds them back on the next boot, we now just consistently keep
- // the GIDs.
- Permission(
- newPermissionInfo, true, Permission.TYPE_MANIFEST, packageState.appId,
- oldPermission.gids, oldPermission.areGidsPerUser
- )
- } else {
- Slog.w(
- LOG_TAG, "Ignoring permission $permissionName declared in system package" +
- " $newPackageName: already declared in another system package" +
- " $oldPackageName"
- )
- return@forEachIndexed
- }
- } else {
- if (oldPermission != null && oldPermission.isReconciled) {
- val isPermissionGroupChanged = newPermissionInfo.isRuntime &&
- newPermissionInfo.group != null &&
- newPermissionInfo.group != oldPermission.groupName
- val isPermissionProtectionChanged =
- oldPermission.type != Permission.TYPE_CONFIG && (
- (newPermissionInfo.isRuntime && !oldPermission.isRuntime) ||
- (newPermissionInfo.isInternal && !oldPermission.isInternal)
+ val newPermission =
+ if (oldPermission != null && newPackageName != oldPermission.packageName) {
+ val oldPackageName = oldPermission.packageName
+ // Only allow system apps to redefine non-system permissions.
+ if (!packageState.isSystem) {
+ Slog.w(
+ LOG_TAG,
+ "Ignoring permission $permissionName declared in package" +
+ " $newPackageName: already declared in another package" +
+ " $oldPackageName"
)
- if (isPermissionGroupChanged || isPermissionProtectionChanged) {
+ return@forEachIndexed
+ }
+ if (
+ oldPermission.type == Permission.TYPE_CONFIG && !oldPermission.isReconciled
+ ) {
+ // It's a config permission and has no owner, take ownership now.
+ oldPermission.copy(
+ permissionInfo = newPermissionInfo,
+ isReconciled = true,
+ type = Permission.TYPE_MANIFEST,
+ appId = packageState.appId
+ )
+ } else if (
+ newState.externalState.packageStates[oldPackageName]?.isSystem != true
+ ) {
+ Slog.w(
+ LOG_TAG,
+ "Overriding permission $permissionName with new declaration in" +
+ " system package $newPackageName: originally declared in another" +
+ " package $oldPackageName"
+ )
+ // Remove permission state on owner change.
newState.externalState.userIds.forEachIndexed { _, userId ->
newState.externalState.appIdPackageNames.forEachIndexed { _, appId, _ ->
- if (isPermissionGroupChanged) {
- // We might auto-grant permissions if any permission of
- // the group is already granted. Hence if the group of
- // a granted permission changes we need to revoke it to
- // avoid having permissions of the new group auto-granted.
- Slog.w(
- LOG_TAG, "Revoking runtime permission $permissionName for" +
- " appId $appId and userId $userId as the permission" +
- " group changed from ${oldPermission.groupName}" +
- " to ${newPermissionInfo.group}"
- )
- }
- if (isPermissionProtectionChanged) {
- Slog.w(
- LOG_TAG, "Revoking permission $permissionName for" +
- " appId $appId and userId $userId as the permission" +
- " protection changed."
- )
- }
setPermissionFlags(appId, userId, permissionName, 0)
}
}
+ // Different from the old implementation, which removes the GIDs upon
+ // permission
+ // override, but adds them back on the next boot, we now just consistently
+ // keep
+ // the GIDs.
+ Permission(
+ newPermissionInfo,
+ true,
+ Permission.TYPE_MANIFEST,
+ packageState.appId,
+ oldPermission.gids,
+ oldPermission.areGidsPerUser
+ )
+ } else {
+ Slog.w(
+ LOG_TAG,
+ "Ignoring permission $permissionName declared in system package" +
+ " $newPackageName: already declared in another system package" +
+ " $oldPackageName"
+ )
+ return@forEachIndexed
+ }
+ } else {
+ if (oldPermission != null && oldPermission.isReconciled) {
+ val isPermissionGroupChanged =
+ newPermissionInfo.isRuntime &&
+ newPermissionInfo.group != null &&
+ newPermissionInfo.group != oldPermission.groupName
+ val isPermissionProtectionChanged =
+ oldPermission.type != Permission.TYPE_CONFIG &&
+ ((newPermissionInfo.isRuntime && !oldPermission.isRuntime) ||
+ (newPermissionInfo.isInternal && !oldPermission.isInternal))
+ if (isPermissionGroupChanged || isPermissionProtectionChanged) {
+ newState.externalState.userIds.forEachIndexed { _, userId ->
+ newState.externalState.appIdPackageNames.forEachIndexed {
+ _,
+ appId,
+ _ ->
+ if (isPermissionGroupChanged) {
+ // We might auto-grant permissions if any permission of
+ // the group is already granted. Hence if the group of
+ // a granted permission changes we need to revoke it to
+ // avoid having permissions of the new group auto-granted.
+ Slog.w(
+ LOG_TAG,
+ "Revoking runtime permission $permissionName for" +
+ " appId $appId and userId $userId as the permission" +
+ " group changed from ${oldPermission.groupName}" +
+ " to ${newPermissionInfo.group}"
+ )
+ }
+ if (isPermissionProtectionChanged) {
+ Slog.w(
+ LOG_TAG,
+ "Revoking permission $permissionName for" +
+ " appId $appId and userId $userId as the permission" +
+ " protection changed."
+ )
+ }
+ setPermissionFlags(appId, userId, permissionName, 0)
+ }
+ }
+ }
+ }
+
+ // Different from the old implementation, which doesn't update the permission
+ // definition upon app update, but does update it on the next boot, we now
+ // consistently update the permission definition upon app update.
+ @Suppress("IfThenToElvis")
+ if (oldPermission != null) {
+ oldPermission.copy(
+ permissionInfo = newPermissionInfo,
+ isReconciled = true,
+ type = Permission.TYPE_MANIFEST,
+ appId = packageState.appId
+ )
+ } else {
+ Permission(
+ newPermissionInfo,
+ true,
+ Permission.TYPE_MANIFEST,
+ packageState.appId
+ )
}
}
- // Different from the old implementation, which doesn't update the permission
- // definition upon app update, but does update it on the next boot, we now
- // consistently update the permission definition upon app update.
- @Suppress("IfThenToElvis")
- if (oldPermission != null) {
- oldPermission.copy(
- permissionInfo = newPermissionInfo, isReconciled = true,
- type = Permission.TYPE_MANIFEST, appId = packageState.appId
- )
- } else {
- Permission(
- newPermissionInfo, true, Permission.TYPE_MANIFEST, packageState.appId
- )
- }
- }
-
if (parsedPermission.isTree) {
newState.mutateSystemState().mutatePermissionTrees()[permissionName] = newPermission
} else {
newState.mutateSystemState().mutatePermissions()[permissionName] = newPermission
- val isPermissionChanged = oldPermission == null ||
- newPackageName != oldPermission.packageName ||
- newPermission.protectionLevel != oldPermission.protectionLevel || (
- oldPermission.isReconciled && (
- (newPermission.isSignature && isPackageSigningChanged) || (
- newPermission.isKnownSigner &&
- newPermission.knownCerts != oldPermission.knownCerts
- ) || (
- newPermission.isRuntime && newPermission.groupName != null &&
- newPermission.groupName != oldPermission.groupName
- )
- )
- )
+ val isPermissionChanged =
+ oldPermission == null ||
+ newPackageName != oldPermission.packageName ||
+ newPermission.protectionLevel != oldPermission.protectionLevel ||
+ (oldPermission.isReconciled &&
+ ((newPermission.isSignature && isPackageSigningChanged) ||
+ (newPermission.isKnownSigner &&
+ newPermission.knownCerts != oldPermission.knownCerts) ||
+ (newPermission.isRuntime &&
+ newPermission.groupName != null &&
+ newPermission.groupName != oldPermission.groupName)))
if (isPermissionChanged) {
changedPermissionNames += permissionName
}
@@ -552,39 +609,47 @@
if (packageState != null && androidPackage == null) {
return
}
- val disabledSystemPackage = newState.externalState.disabledSystemPackageStates[packageName]
- ?.androidPackage
+ val disabledSystemPackage =
+ newState.externalState.disabledSystemPackageStates[packageName]?.androidPackage
// Unlike in the previous implementation, we now also retain permission trees defined by
// disabled system packages for consistency with permissions.
newState.systemState.permissionTrees.forEachReversedIndexed {
- permissionTreeIndex, permissionTreeName, permissionTree ->
- if (permissionTree.packageName == packageName && (
- packageState == null || androidPackage!!.permissions.noneIndexed { _, it ->
- it.isTree && it.name == permissionTreeName
- }
- ) && (
- disabledSystemPackage?.permissions?.anyIndexed { _, it ->
- it.isTree && it.name == permissionTreeName
- } != true
- )) {
+ permissionTreeIndex,
+ permissionTreeName,
+ permissionTree ->
+ if (
+ permissionTree.packageName == packageName &&
+ (packageState == null ||
+ androidPackage!!.permissions.noneIndexed { _, it ->
+ it.isTree && it.name == permissionTreeName
+ }) &&
+ (disabledSystemPackage?.permissions?.anyIndexed { _, it ->
+ it.isTree && it.name == permissionTreeName
+ } != true)
+ ) {
newState.mutateSystemState().mutatePermissionTrees().removeAt(permissionTreeIndex)
}
}
newState.systemState.permissions.forEachReversedIndexed {
- permissionIndex, permissionName, permission ->
+ permissionIndex,
+ permissionName,
+ permission ->
val updatedPermission = updatePermissionIfDynamic(permission)
- newState.mutateSystemState().mutatePermissions()
+ newState
+ .mutateSystemState()
+ .mutatePermissions()
.putAt(permissionIndex, updatedPermission)
- if (updatedPermission.packageName == packageName && (
- packageState == null || androidPackage!!.permissions.noneIndexed { _, it ->
- !it.isTree && it.name == permissionName
- }
- ) && (
- disabledSystemPackage?.permissions?.anyIndexed { _, it ->
- !it.isTree && it.name == permissionName
- } != true
- )) {
+ if (
+ updatedPermission.packageName == packageName &&
+ (packageState == null ||
+ androidPackage!!.permissions.noneIndexed { _, it ->
+ !it.isTree && it.name == permissionName
+ }) &&
+ (disabledSystemPackage?.permissions?.anyIndexed { _, it ->
+ !it.isTree && it.name == permissionName
+ } != true)
+ ) {
// Different from the old implementation where we keep the permission state if the
// permission is declared by a disabled system package (ag/15189282), we now
// shouldn't be notified when the updated system package is removed but the disabled
@@ -608,9 +673,12 @@
val permissionTree = findPermissionTree(permission.name) ?: return permission
@Suppress("DEPRECATION")
return permission.copy(
- permissionInfo = PermissionInfo(permission.permissionInfo).apply {
- packageName = permissionTree.packageName
- }, appId = permissionTree.appId, isReconciled = true
+ permissionInfo =
+ PermissionInfo(permission.permissionInfo).apply {
+ packageName = permissionTree.packageName
+ },
+ appId = permissionTree.appId,
+ isReconciled = true
)
}
@@ -636,8 +704,9 @@
}
private fun MutateStateScope.revokePermissionsOnPackageUpdate(appId: Int) {
- val hasOldPackage = appId in oldState.externalState.appIdPackageNames &&
- anyPackageInAppId(appId, oldState) { true }
+ val hasOldPackage =
+ appId in oldState.externalState.appIdPackageNames &&
+ anyPackageInAppId(appId, oldState) { true }
if (!hasOldPackage) {
// Don't revoke anything if this isn't a package update, i.e. if information about the
// old package isn't available. Notably, this also means skipping packages changed via
@@ -650,46 +719,58 @@
// app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
val oldTargetSdkVersion =
reducePackageInAppId(appId, Build.VERSION_CODES.CUR_DEVELOPMENT, oldState) {
- targetSdkVersion, packageState ->
+ targetSdkVersion,
+ packageState ->
targetSdkVersion.coerceAtMost(packageState.androidPackage!!.targetSdkVersion)
}
val newTargetSdkVersion =
reducePackageInAppId(appId, Build.VERSION_CODES.CUR_DEVELOPMENT, newState) {
- targetSdkVersion, packageState ->
+ targetSdkVersion,
+ packageState ->
targetSdkVersion.coerceAtMost(packageState.androidPackage!!.targetSdkVersion)
}
@Suppress("ConvertTwoComparisonsToRangeCheck")
- val isTargetSdkVersionDowngraded = oldTargetSdkVersion >= Build.VERSION_CODES.Q &&
- newTargetSdkVersion < Build.VERSION_CODES.Q
+ val isTargetSdkVersionDowngraded =
+ oldTargetSdkVersion >= Build.VERSION_CODES.Q &&
+ newTargetSdkVersion < Build.VERSION_CODES.Q
@Suppress("ConvertTwoComparisonsToRangeCheck")
- val isTargetSdkVersionUpgraded = oldTargetSdkVersion < Build.VERSION_CODES.Q &&
- newTargetSdkVersion >= Build.VERSION_CODES.Q
- val oldIsRequestLegacyExternalStorage = anyPackageInAppId(appId, oldState) {
- it.androidPackage!!.isRequestLegacyExternalStorage
- }
- val newIsRequestLegacyExternalStorage = anyPackageInAppId(appId, newState) {
- it.androidPackage!!.isRequestLegacyExternalStorage
- }
- val isNewlyRequestingLegacyExternalStorage = !isTargetSdkVersionUpgraded &&
- !oldIsRequestLegacyExternalStorage && newIsRequestLegacyExternalStorage
- val shouldRevokeStorageAndMediaPermissions = isNewlyRequestingLegacyExternalStorage ||
- isTargetSdkVersionDowngraded
+ val isTargetSdkVersionUpgraded =
+ oldTargetSdkVersion < Build.VERSION_CODES.Q &&
+ newTargetSdkVersion >= Build.VERSION_CODES.Q
+ val oldIsRequestLegacyExternalStorage =
+ anyPackageInAppId(appId, oldState) {
+ it.androidPackage!!.isRequestLegacyExternalStorage
+ }
+ val newIsRequestLegacyExternalStorage =
+ anyPackageInAppId(appId, newState) {
+ it.androidPackage!!.isRequestLegacyExternalStorage
+ }
+ val isNewlyRequestingLegacyExternalStorage =
+ !isTargetSdkVersionUpgraded &&
+ !oldIsRequestLegacyExternalStorage &&
+ newIsRequestLegacyExternalStorage
+ val shouldRevokeStorageAndMediaPermissions =
+ isNewlyRequestingLegacyExternalStorage || isTargetSdkVersionDowngraded
if (shouldRevokeStorageAndMediaPermissions) {
newState.userStates.forEachIndexed { _, userId, userState ->
userState.appIdPermissionFlags[appId]?.forEachReversedIndexed {
- _, permissionName, oldFlags ->
+ _,
+ permissionName,
+ oldFlags ->
// Do not revoke the permission during an upgrade if it's POLICY_FIXED or
// SYSTEM_FIXED. Otherwise the user cannot grant back the permission.
- if (permissionName in STORAGE_AND_MEDIA_PERMISSIONS &&
- oldFlags.hasBits(PermissionFlags.RUNTIME_GRANTED) &&
- !oldFlags.hasAnyBit(SYSTEM_OR_POLICY_FIXED_MASK)) {
+ if (
+ permissionName in STORAGE_AND_MEDIA_PERMISSIONS &&
+ oldFlags.hasBits(PermissionFlags.RUNTIME_GRANTED) &&
+ !oldFlags.hasAnyBit(SYSTEM_OR_POLICY_FIXED_MASK)
+ ) {
Slog.v(
- LOG_TAG, "Revoking storage permission: $permissionName for appId: " +
+ LOG_TAG,
+ "Revoking storage permission: $permissionName for appId: " +
" $appId and user: $userId"
)
- val newFlags = oldFlags andInv (
- PermissionFlags.RUNTIME_GRANTED or USER_SETTABLE_MASK
- )
+ val newFlags =
+ oldFlags andInv (PermissionFlags.RUNTIME_GRANTED or USER_SETTABLE_MASK)
setPermissionFlags(appId, userId, permissionName, newFlags)
}
}
@@ -704,9 +785,10 @@
val externalState = newState.externalState
externalState.userIds.forEachIndexed { _, userId ->
externalState.appIdPackageNames.forEachIndexed { _, appId, _ ->
- val isPermissionRequested = anyPackageInAppId(appId) {
- permissionName in it.androidPackage!!.requestedPermissions
- }
+ val isPermissionRequested =
+ anyPackageInAppId(appId) {
+ permissionName in it.androidPackage!!.requestedPermissions
+ }
if (isPermissionRequested) {
evaluatePermissionState(appId, userId, permissionName, installedPackageState)
}
@@ -720,7 +802,9 @@
) {
newState.externalState.userIds.forEachIndexed { _, userId ->
evaluateAllPermissionStatesForPackageAndUser(
- packageState, userId, installedPackageState
+ packageState,
+ userId,
+ installedPackageState
)
}
}
@@ -732,7 +816,10 @@
) {
packageState.androidPackage?.requestedPermissions?.forEach { permissionName ->
evaluatePermissionState(
- packageState.appId, userId, permissionName, installedPackageState
+ packageState.appId,
+ userId,
+ permissionName,
+ installedPackageState
)
}
}
@@ -779,57 +866,71 @@
val wasGranted = oldFlags.hasBits(PermissionFlags.INSTALL_GRANTED)
if (!wasGranted) {
val wasRevoked = oldFlags.hasBits(PermissionFlags.INSTALL_REVOKED)
- val isRequestedByInstalledPackage = installedPackageState != null &&
- permissionName in installedPackageState.androidPackage!!.requestedPermissions
+ val isRequestedByInstalledPackage =
+ installedPackageState != null &&
+ permissionName in
+ installedPackageState.androidPackage!!.requestedPermissions
val isRequestedBySystemPackage =
requestingPackageStates.anyIndexed { _, it -> it.isSystem }
- val isCompatibilityPermission = requestingPackageStates.anyIndexed { _, it ->
- isCompatibilityPermissionForPackage(it.androidPackage!!, permissionName)
- }
+ val isCompatibilityPermission =
+ requestingPackageStates.anyIndexed { _, it ->
+ isCompatibilityPermissionForPackage(it.androidPackage!!, permissionName)
+ }
// If this is an existing, non-system package,
// then we can't add any new permissions to it.
// Except if this is a permission that was added to the platform
- var newFlags = if (!wasRevoked || isRequestedByInstalledPackage ||
- isRequestedBySystemPackage || isCompatibilityPermission) {
- PermissionFlags.INSTALL_GRANTED
- } else {
- PermissionFlags.INSTALL_REVOKED
- }
+ var newFlags =
+ if (
+ !wasRevoked ||
+ isRequestedByInstalledPackage ||
+ isRequestedBySystemPackage ||
+ isCompatibilityPermission
+ ) {
+ PermissionFlags.INSTALL_GRANTED
+ } else {
+ PermissionFlags.INSTALL_REVOKED
+ }
if (permission.isAppOp) {
- newFlags = newFlags or (
- oldFlags and (PermissionFlags.ROLE or PermissionFlags.USER_SET)
- )
+ newFlags =
+ newFlags or
+ (oldFlags and (PermissionFlags.ROLE or PermissionFlags.USER_SET))
}
setPermissionFlags(appId, userId, permissionName, newFlags)
}
} else if (permission.isSignature || permission.isInternal) {
val wasProtectionGranted = oldFlags.hasBits(PermissionFlags.PROTECTION_GRANTED)
- var newFlags = if (hasMissingPackage && wasProtectionGranted) {
- // Keep the non-runtime permission grants for shared UID with missing androidPackage
- PermissionFlags.PROTECTION_GRANTED
- } else {
- val mayGrantByPrivileged = !permission.isPrivileged ||
- requestingPackageStates.anyIndexed { _, it ->
- checkPrivilegedPermissionAllowlist(it, permission)
- }
- val shouldGrantBySignature = permission.isSignature &&
- requestingPackageStates.anyIndexed { _, it ->
- shouldGrantPermissionBySignature(it, permission)
- }
- val shouldGrantByProtectionFlags = requestingPackageStates.anyIndexed { _, it ->
- shouldGrantPermissionByProtectionFlags(it, permission)
- }
- if (mayGrantByPrivileged &&
- (shouldGrantBySignature || shouldGrantByProtectionFlags)) {
+ var newFlags =
+ if (hasMissingPackage && wasProtectionGranted) {
+ // Keep the non-runtime permission grants for shared UID with missing
+ // androidPackage
PermissionFlags.PROTECTION_GRANTED
} else {
- 0
+ val mayGrantByPrivileged =
+ !permission.isPrivileged ||
+ requestingPackageStates.anyIndexed { _, it ->
+ checkPrivilegedPermissionAllowlist(it, permission)
+ }
+ val shouldGrantBySignature =
+ permission.isSignature &&
+ requestingPackageStates.anyIndexed { _, it ->
+ shouldGrantPermissionBySignature(it, permission)
+ }
+ val shouldGrantByProtectionFlags =
+ requestingPackageStates.anyIndexed { _, it ->
+ shouldGrantPermissionByProtectionFlags(it, permission)
+ }
+ if (
+ mayGrantByPrivileged &&
+ (shouldGrantBySignature || shouldGrantByProtectionFlags)
+ ) {
+ PermissionFlags.PROTECTION_GRANTED
+ } else {
+ 0
+ }
}
- }
if (permission.isAppOp) {
- newFlags = newFlags or (
- oldFlags and (PermissionFlags.ROLE or PermissionFlags.USER_SET)
- )
+ newFlags =
+ newFlags or (oldFlags and (PermissionFlags.ROLE or PermissionFlags.USER_SET))
}
// Different from the old implementation, which seemingly allows granting an
// unallowlisted privileged permission via development or role but revokes it upon next
@@ -840,9 +941,9 @@
newFlags = newFlags or (oldFlags and PermissionFlags.RUNTIME_GRANTED)
}
if (permission.isRole) {
- newFlags = newFlags or (
- oldFlags and (PermissionFlags.ROLE or PermissionFlags.RUNTIME_GRANTED)
- )
+ newFlags =
+ newFlags or
+ (oldFlags and (PermissionFlags.ROLE or PermissionFlags.RUNTIME_GRANTED))
}
setPermissionFlags(appId, userId, permissionName, newFlags)
} else if (permission.isRuntime) {
@@ -850,7 +951,9 @@
val wasRevoked = newFlags != 0 && !PermissionFlags.isPermissionGranted(newFlags)
val targetSdkVersion =
requestingPackageStates.reduceIndexed(Build.VERSION_CODES.CUR_DEVELOPMENT) {
- targetSdkVersion, _, packageState ->
+ targetSdkVersion,
+ _,
+ packageState ->
targetSdkVersion.coerceAtMost(packageState.androidPackage!!.targetSdkVersion)
}
if (targetSdkVersion < Build.VERSION_CODES.M) {
@@ -883,23 +986,27 @@
}
}
val wasGrantedByImplicit = newFlags.hasBits(PermissionFlags.IMPLICIT_GRANTED)
- val isLeanbackNotificationsPermission = newState.externalState.isLeanback &&
- permissionName in NOTIFICATIONS_PERMISSIONS
- val isImplicitPermission = requestingPackageStates.anyIndexed { _, it ->
- permissionName in it.androidPackage!!.implicitPermissions
- }
- val sourcePermissions = newState.externalState
- .implicitToSourcePermissions[permissionName]
- val isAnySourcePermissionNonRuntime = sourcePermissions?.anyIndexed {
- _, sourcePermissionName ->
- val sourcePermission = newState.systemState.permissions[sourcePermissionName]
- checkNotNull(sourcePermission) {
- "Unknown source permission $sourcePermissionName in split permissions"
+ val isLeanbackNotificationsPermission =
+ newState.externalState.isLeanback && permissionName in NOTIFICATIONS_PERMISSIONS
+ val isImplicitPermission =
+ requestingPackageStates.anyIndexed { _, it ->
+ permissionName in it.androidPackage!!.implicitPermissions
}
- !sourcePermission.isRuntime
- } ?: false
- val shouldGrantByImplicit = isLeanbackNotificationsPermission ||
- (isImplicitPermission && isAnySourcePermissionNonRuntime)
+ val sourcePermissions =
+ newState.externalState.implicitToSourcePermissions[permissionName]
+ val isAnySourcePermissionNonRuntime =
+ sourcePermissions?.anyIndexed { _, sourcePermissionName ->
+ val sourcePermission =
+ newState.systemState.permissions[sourcePermissionName]
+ checkNotNull(sourcePermission) {
+ "Unknown source permission $sourcePermissionName in split permissions"
+ }
+ !sourcePermission.isRuntime
+ }
+ ?: false
+ val shouldGrantByImplicit =
+ isLeanbackNotificationsPermission ||
+ (isImplicitPermission && isAnySourcePermissionNonRuntime)
if (shouldGrantByImplicit) {
newFlags = newFlags or PermissionFlags.IMPLICIT_GRANTED
if (wasRevoked) {
@@ -907,26 +1014,31 @@
}
} else {
newFlags = newFlags andInv PermissionFlags.IMPLICIT_GRANTED
- if ((wasGrantedByLegacy || wasGrantedByImplicit) &&
- newFlags.hasBits(PermissionFlags.APP_OP_REVOKED)) {
+ if (
+ (wasGrantedByLegacy || wasGrantedByImplicit) &&
+ newFlags.hasBits(PermissionFlags.APP_OP_REVOKED)
+ ) {
// The permission was granted from a compatibility grant or an implicit
// grant, however this flag might still be set if the user denied this
// permission in the settings. Hence upon app upgrade and when this
// permission is no longer LEGACY_GRANTED or IMPLICIT_GRANTED and we revoke
// the permission, we want to remove this flag so that the app can request
// the permission again.
- newFlags = newFlags andInv (
- PermissionFlags.RUNTIME_GRANTED or PermissionFlags.APP_OP_REVOKED
- )
+ newFlags =
+ newFlags andInv
+ (PermissionFlags.RUNTIME_GRANTED or PermissionFlags.APP_OP_REVOKED)
}
}
if (!isImplicitPermission && hasImplicitFlag) {
newFlags = newFlags andInv PermissionFlags.IMPLICIT
var shouldRetainAsNearbyDevices = false
if (permissionName in NEARBY_DEVICES_PERMISSIONS) {
- val accessBackgroundLocationFlags = getPermissionFlags(
- appId, userId, Manifest.permission.ACCESS_BACKGROUND_LOCATION
- )
+ val accessBackgroundLocationFlags =
+ getPermissionFlags(
+ appId,
+ userId,
+ Manifest.permission.ACCESS_BACKGROUND_LOCATION
+ )
shouldRetainAsNearbyDevices =
PermissionFlags.isAppOpGranted(accessBackgroundLocationFlags) &&
!accessBackgroundLocationFlags.hasBits(PermissionFlags.IMPLICIT)
@@ -937,46 +1049,57 @@
newFlags = newFlags or PermissionFlags.RUNTIME_GRANTED
}
} else {
- newFlags = newFlags andInv (
- PermissionFlags.RUNTIME_GRANTED or PermissionFlags.USER_SET or
- PermissionFlags.USER_FIXED
- )
+ newFlags =
+ newFlags andInv
+ (PermissionFlags.RUNTIME_GRANTED or
+ PermissionFlags.USER_SET or
+ PermissionFlags.USER_FIXED)
}
}
}
val wasExempt = newFlags.hasAnyBit(PermissionFlags.MASK_EXEMPT)
val wasRestricted = newFlags.hasAnyBit(PermissionFlags.MASK_RESTRICTED)
- val isExempt = if (permission.isHardOrSoftRestricted && !wasExempt && !wasRestricted) {
- // All restricted permissions start as exempt. If there's an installer for the
- // package, we will drop this UPGRADE_EXEMPT flag when we receive the
- // onPackageInstalled() callback and set up the INSTALLER_EXEMPT flags.
- // UPGRADE_EXEMPT is chosen instead of other flags because it is the same flag that
- // was assigned to pre-installed apps in RuntimePermissionsUpgradeController, and to
- // apps with missing permission state.
- // This way we make sure both pre-installed apps, and apps updated/installed after
- // a rollback snapshot is taken, can get the allowlist for permissions that won't be
- // allowlisted otherwise.
- newFlags = newFlags or PermissionFlags.UPGRADE_EXEMPT
- true
- } else {
- wasExempt
- }
- newFlags = if (permission.isHardRestricted && !isExempt) {
- newFlags or PermissionFlags.RESTRICTION_REVOKED
- } else {
- newFlags andInv PermissionFlags.RESTRICTION_REVOKED
- }
- newFlags = if (permission.isSoftRestricted && !isExempt) {
- newFlags or PermissionFlags.SOFT_RESTRICTED
- } else {
- newFlags andInv PermissionFlags.SOFT_RESTRICTED
- }
+ val isExempt =
+ if (permission.isHardOrSoftRestricted && !wasExempt && !wasRestricted) {
+ // All restricted permissions start as exempt. If there's an installer for the
+ // package, we will drop this UPGRADE_EXEMPT flag when we receive the
+ // onPackageInstalled() callback and set up the INSTALLER_EXEMPT flags.
+ // UPGRADE_EXEMPT is chosen instead of other flags because it is the same flag
+ // that
+ // was assigned to pre-installed apps in RuntimePermissionsUpgradeController,
+ // and to
+ // apps with missing permission state.
+ // This way we make sure both pre-installed apps, and apps updated/installed
+ // after
+ // a rollback snapshot is taken, can get the allowlist for permissions that
+ // won't be
+ // allowlisted otherwise.
+ newFlags = newFlags or PermissionFlags.UPGRADE_EXEMPT
+ true
+ } else {
+ wasExempt
+ }
+ newFlags =
+ if (permission.isHardRestricted && !isExempt) {
+ newFlags or PermissionFlags.RESTRICTION_REVOKED
+ } else {
+ newFlags andInv PermissionFlags.RESTRICTION_REVOKED
+ }
+ newFlags =
+ if (permission.isSoftRestricted && !isExempt) {
+ newFlags or PermissionFlags.SOFT_RESTRICTED
+ } else {
+ newFlags andInv PermissionFlags.SOFT_RESTRICTED
+ }
setPermissionFlags(appId, userId, permissionName, newFlags)
} else {
- Slog.e(LOG_TAG, "Unknown protection level ${permission.protectionLevel}" +
- "for permission ${permission.name} while evaluating permission state" +
- "for appId $appId and userId $userId")
+ Slog.e(
+ LOG_TAG,
+ "Unknown protection level ${permission.protectionLevel}" +
+ "for permission ${permission.name} while evaluating permission state" +
+ "for appId $appId and userId $userId"
+ )
}
}
@@ -985,7 +1108,7 @@
forEachPackageInAppId(appId) {
implicitPermissions += it.androidPackage!!.implicitPermissions
}
- implicitPermissions.forEachIndexed implicitPermissions@ { _, implicitPermissionName ->
+ implicitPermissions.forEachIndexed implicitPermissions@{ _, implicitPermissionName ->
val implicitPermission = newState.systemState.permissions[implicitPermissionName]
checkNotNull(implicitPermission) {
"Unknown implicit permission $implicitPermissionName in split permissions"
@@ -999,10 +1122,11 @@
if (!isNewPermission) {
return@implicitPermissions
}
- val sourcePermissions = newState.externalState
- .implicitToSourcePermissions[implicitPermissionName] ?: return@implicitPermissions
+ val sourcePermissions =
+ newState.externalState.implicitToSourcePermissions[implicitPermissionName]
+ ?: return@implicitPermissions
var newFlags = getPermissionFlags(appId, userId, implicitPermissionName)
- sourcePermissions.forEachIndexed sourcePermissions@ { _, sourcePermissionName ->
+ sourcePermissions.forEachIndexed sourcePermissions@{ _, sourcePermissionName ->
val sourcePermission = newState.systemState.permissions[sourcePermissionName]
checkNotNull(sourcePermission) {
"Unknown source permission $sourcePermissionName in split permissions"
@@ -1032,11 +1156,14 @@
permissionName: String
): Boolean {
for (compatibilityPermission in CompatibilityPermissionInfo.COMPAT_PERMS) {
- if (compatibilityPermission.name == permissionName &&
- androidPackage.targetSdkVersion < compatibilityPermission.sdkVersion) {
+ if (
+ compatibilityPermission.name == permissionName &&
+ androidPackage.targetSdkVersion < compatibilityPermission.sdkVersion
+ ) {
Slog.i(
- LOG_TAG, "Auto-granting $permissionName to old package" +
- " ${androidPackage.packageName}"
+ LOG_TAG,
+ "Auto-granting $permissionName to old package" +
+ " ${androidPackage.packageName}"
)
return true
}
@@ -1058,15 +1185,23 @@
// and the defining package still trusts the old certificate for permissions
// - or it shares the above relationships with the system package
val packageSigningDetails = packageState.androidPackage!!.signingDetails
- val sourceSigningDetails = newState.externalState
- .packageStates[permission.packageName]?.androidPackage?.signingDetails
- val platformSigningDetails = newState.externalState
- .packageStates[PLATFORM_PACKAGE_NAME]!!.androidPackage!!.signingDetails
- return sourceSigningDetails?.hasCommonSignerWithCapability(packageSigningDetails,
- SigningDetails.CertCapabilities.PERMISSION) == true ||
+ val sourceSigningDetails =
+ newState.externalState.packageStates[permission.packageName]
+ ?.androidPackage
+ ?.signingDetails
+ val platformSigningDetails =
+ newState.externalState.packageStates[PLATFORM_PACKAGE_NAME]!!
+ .androidPackage!!
+ .signingDetails
+ return sourceSigningDetails?.hasCommonSignerWithCapability(
+ packageSigningDetails,
+ SigningDetails.CertCapabilities.PERMISSION
+ ) == true ||
packageSigningDetails.hasAncestorOrSelf(platformSigningDetails) ||
- platformSigningDetails.checkCapability(packageSigningDetails,
- SigningDetails.CertCapabilities.PERMISSION)
+ platformSigningDetails.checkCapability(
+ packageSigningDetails,
+ SigningDetails.CertCapabilities.PERMISSION
+ )
}
private fun MutateStateScope.checkPrivilegedPermissionAllowlist(
@@ -1082,8 +1217,9 @@
if (!(packageState.isSystem && packageState.isPrivileged)) {
return true
}
- if (permission.packageName !in
- newState.externalState.privilegedPermissionAllowlistPackages) {
+ if (
+ permission.packageName !in newState.externalState.privilegedPermissionAllowlistPackages
+ ) {
return true
}
val allowlistState = getPrivilegedPermissionAllowlistState(packageState, permission.name)
@@ -1099,13 +1235,15 @@
// Apps that are in updated apex's do not need to be allowlisted
if (!packageState.isApkInUpdatedApex) {
Slog.w(
- LOG_TAG, "Privileged permission ${permission.name} for package" +
- " ${packageState.packageName} (${packageState.path}) not in" +
- " privileged permission allowlist"
+ LOG_TAG,
+ "Privileged permission ${permission.name} for package" +
+ " ${packageState.packageName} (${packageState.path}) not in" +
+ " privileged permission allowlist"
)
if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
- privilegedPermissionAllowlistViolations += "${packageState.packageName}" +
- " (${packageState.path}): ${permission.name}"
+ privilegedPermissionAllowlistViolations +=
+ "${packageState.packageName}" +
+ " (${packageState.path}): ${permission.name}"
}
}
}
@@ -1124,32 +1262,40 @@
val apexModuleName = packageState.apexModuleName
val packageName = packageState.packageName
return when {
- packageState.isVendor -> permissionAllowlist.getVendorPrivilegedAppAllowlistState(
- packageName, permissionName
- )
- packageState.isProduct -> permissionAllowlist.getProductPrivilegedAppAllowlistState(
- packageName, permissionName
- )
+ packageState.isVendor ->
+ permissionAllowlist.getVendorPrivilegedAppAllowlistState(
+ packageName,
+ permissionName
+ )
+ packageState.isProduct ->
+ permissionAllowlist.getProductPrivilegedAppAllowlistState(
+ packageName,
+ permissionName
+ )
packageState.isSystemExt ->
permissionAllowlist.getSystemExtPrivilegedAppAllowlistState(
- packageName, permissionName
+ packageName,
+ permissionName
)
apexModuleName != null -> {
- val nonApexAllowlistState = permissionAllowlist.getPrivilegedAppAllowlistState(
- packageName, permissionName
- )
+ val nonApexAllowlistState =
+ permissionAllowlist.getPrivilegedAppAllowlistState(packageName, permissionName)
if (nonApexAllowlistState != null) {
// TODO(andreionea): Remove check as soon as all apk-in-apex
// permission allowlists are migrated.
Slog.w(
- LOG_TAG, "Package $packageName is an APK in APEX but has permission" +
+ LOG_TAG,
+ "Package $packageName is an APK in APEX but has permission" +
" allowlist on the system image, please bundle the allowlist in the" +
" $apexModuleName APEX instead"
)
}
- val apexAllowlistState = permissionAllowlist.getApexPrivilegedAppAllowlistState(
- apexModuleName, packageName, permissionName
- )
+ val apexAllowlistState =
+ permissionAllowlist.getApexPrivilegedAppAllowlistState(
+ apexModuleName,
+ packageName,
+ permissionName
+ )
apexAllowlistState ?: nonApexAllowlistState
}
else -> permissionAllowlist.getPrivilegedAppAllowlistState(packageName, permissionName)
@@ -1208,18 +1354,19 @@
val knownPackages = newState.externalState.knownPackages
val packageName = packageState.packageName
if ((permission.isPrivileged || permission.isOem) && packageState.isSystem) {
- val shouldGrant = if (packageState.isUpdatedSystemApp) {
- // For updated system applications, a privileged/oem permission
- // is granted only if it had been defined by the original application.
- val disabledSystemPackageState = newState.externalState
- .disabledSystemPackageStates[packageState.packageName]
- val disabledSystemPackage = disabledSystemPackageState?.androidPackage
- disabledSystemPackage != null &&
- permission.name in disabledSystemPackage.requestedPermissions &&
- shouldGrantPrivilegedOrOemPermission(disabledSystemPackageState, permission)
- } else {
- shouldGrantPrivilegedOrOemPermission(packageState, permission)
- }
+ val shouldGrant =
+ if (packageState.isUpdatedSystemApp) {
+ // For updated system applications, a privileged/oem permission
+ // is granted only if it had been defined by the original application.
+ val disabledSystemPackageState =
+ newState.externalState.disabledSystemPackageStates[packageState.packageName]
+ val disabledSystemPackage = disabledSystemPackageState?.androidPackage
+ disabledSystemPackage != null &&
+ permission.name in disabledSystemPackage.requestedPermissions &&
+ shouldGrantPrivilegedOrOemPermission(disabledSystemPackageState, permission)
+ } else {
+ shouldGrantPrivilegedOrOemPermission(packageState, permission)
+ }
if (shouldGrant) {
return true
}
@@ -1230,16 +1377,18 @@
// we still want to blindly grant it to old apps.
return true
}
- if (permission.isInstaller && (
- packageName in knownPackages[KnownPackages.PACKAGE_INSTALLER]!! ||
- packageName in knownPackages[KnownPackages.PACKAGE_PERMISSION_CONTROLLER]!!
- )) {
+ if (
+ permission.isInstaller &&
+ (packageName in knownPackages[KnownPackages.PACKAGE_INSTALLER]!! ||
+ packageName in knownPackages[KnownPackages.PACKAGE_PERMISSION_CONTROLLER]!!)
+ ) {
// If this permission is to be granted to the system installer and
// this app is an installer or permission controller, then it gets the permission.
return true
}
- if (permission.isVerifier &&
- packageName in knownPackages[KnownPackages.PACKAGE_VERIFIER]!!) {
+ if (
+ permission.isVerifier && packageName in knownPackages[KnownPackages.PACKAGE_VERIFIER]!!
+ ) {
// If this permission is to be granted to the system verifier and
// this app is a verifier, then it gets the permission.
return true
@@ -1248,53 +1397,67 @@
// Any pre-installed system app is allowed to get this permission.
return true
}
- if (permission.isKnownSigner &&
- androidPackage.signingDetails.hasAncestorOrSelfWithDigest(permission.knownCerts)) {
+ if (
+ permission.isKnownSigner &&
+ androidPackage.signingDetails.hasAncestorOrSelfWithDigest(permission.knownCerts)
+ ) {
// If the permission is to be granted to a known signer then check if any of this
// app's signing certificates are in the trusted certificate digest Set.
return true
}
- if (permission.isSetup &&
- packageName in knownPackages[KnownPackages.PACKAGE_SETUP_WIZARD]!!) {
+ if (
+ permission.isSetup && packageName in knownPackages[KnownPackages.PACKAGE_SETUP_WIZARD]!!
+ ) {
// If this permission is to be granted to the system setup wizard and
// this app is a setup wizard, then it gets the permission.
return true
}
- if (permission.isSystemTextClassifier &&
- packageName in knownPackages[KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER]!!) {
+ if (
+ permission.isSystemTextClassifier &&
+ packageName in knownPackages[KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER]!!
+ ) {
// Special permissions for the system default text classifier.
return true
}
- if (permission.isConfigurator &&
- packageName in knownPackages[KnownPackages.PACKAGE_CONFIGURATOR]!!) {
+ if (
+ permission.isConfigurator &&
+ packageName in knownPackages[KnownPackages.PACKAGE_CONFIGURATOR]!!
+ ) {
// Special permissions for the device configurator.
return true
}
- if (permission.isIncidentReportApprover &&
- packageName in knownPackages[KnownPackages.PACKAGE_INCIDENT_REPORT_APPROVER]!!) {
+ if (
+ permission.isIncidentReportApprover &&
+ packageName in knownPackages[KnownPackages.PACKAGE_INCIDENT_REPORT_APPROVER]!!
+ ) {
// If this permission is to be granted to the incident report approver and
// this app is the incident report approver, then it gets the permission.
return true
}
- if (permission.isAppPredictor &&
- packageName in knownPackages[KnownPackages.PACKAGE_APP_PREDICTOR]!!) {
+ if (
+ permission.isAppPredictor &&
+ packageName in knownPackages[KnownPackages.PACKAGE_APP_PREDICTOR]!!
+ ) {
// Special permissions for the system app predictor.
return true
}
- if (permission.isCompanion &&
- packageName in knownPackages[KnownPackages.PACKAGE_COMPANION]!!) {
+ if (
+ permission.isCompanion &&
+ packageName in knownPackages[KnownPackages.PACKAGE_COMPANION]!!
+ ) {
// Special permissions for the system companion device manager.
return true
}
- if (permission.isRetailDemo &&
- packageName in knownPackages[KnownPackages.PACKAGE_RETAIL_DEMO]!!) {
+ if (
+ permission.isRetailDemo &&
+ packageName in knownPackages[KnownPackages.PACKAGE_RETAIL_DEMO]!!
+ ) {
// Special permission granted only to the OEM specified retail demo app.
// Note that the original code was passing app ID as UID, so this behavior is kept
// unchanged.
return true
}
- if (permission.isRecents &&
- packageName in knownPackages[KnownPackages.PACKAGE_RECENTS]!!) {
+ if (permission.isRecents && packageName in knownPackages[KnownPackages.PACKAGE_RECENTS]!!) {
// Special permission for the recents app.
return true
}
@@ -1319,9 +1482,10 @@
// flag.
if (packageState.isVendor && !permission.isVendorPrivileged) {
Slog.w(
- LOG_TAG, "Permission $permissionName cannot be granted to privileged" +
- " vendor app $packageName because it isn't a vendorPrivileged" +
- " permission"
+ LOG_TAG,
+ "Permission $permissionName cannot be granted to privileged" +
+ " vendor app $packageName because it isn't a vendorPrivileged" +
+ " permission"
)
return false
}
@@ -1330,8 +1494,11 @@
}
permission.isOem -> {
if (packageState.isOem) {
- val allowlistState = newState.externalState.permissionAllowlist
- .getOemAppAllowlistState(packageName, permissionName)
+ val allowlistState =
+ newState.externalState.permissionAllowlist.getOemAppAllowlistState(
+ packageName,
+ permissionName
+ )
checkNotNull(allowlistState) {
"OEM permission $permissionName requested by package" +
" $packageName must be explicitly declared granted or not"
@@ -1358,13 +1525,18 @@
val appId = externalState.packageStates[packageName]?.appId ?: continue
newState.userStates.forEachIndexed { _, userId, _ ->
evaluatePermissionState(
- appId, userId, Manifest.permission.PACKAGE_USAGE_STATS, null
+ appId,
+ userId,
+ Manifest.permission.PACKAGE_USAGE_STATS,
+ null
)
}
}
if (!privilegedPermissionAllowlistViolations.isEmpty()) {
- throw IllegalStateException("Signature|privileged permissions not in privileged" +
- " permission allowlist: $privilegedPermissionAllowlistViolations")
+ throw IllegalStateException(
+ "Signature|privileged permissions not in privileged" +
+ " permission allowlist: $privilegedPermissionAllowlistViolations"
+ )
}
}
@@ -1389,10 +1561,14 @@
fun GetStateScope.findPermissionTree(permissionName: String): Permission? =
state.systemState.permissionTrees.firstNotNullOfOrNullIndexed {
- _, permissionTreeName, permissionTree ->
- if (permissionName.startsWith(permissionTreeName) &&
- permissionName.length > permissionTreeName.length &&
- permissionName[permissionTreeName.length] == '.') {
+ _,
+ permissionTreeName,
+ permissionTree ->
+ if (
+ permissionName.startsWith(permissionTreeName) &&
+ permissionName.length > permissionTreeName.length &&
+ permissionName[permissionTreeName.length] == '.'
+ ) {
permissionTree
} else {
null
@@ -1403,15 +1579,11 @@
newState.mutateSystemState().mutatePermissionTrees()[permission.name] = permission
}
- /**
- * returns all permission group definitions available in the system
- */
+ /** returns all permission group definitions available in the system */
fun GetStateScope.getPermissionGroups(): IndexedMap<String, PermissionGroupInfo> =
state.systemState.permissionGroups
- /**
- * returns all permission definitions available in the system
- */
+ /** returns all permission definitions available in the system */
fun GetStateScope.getPermissions(): IndexedMap<String, Permission> =
state.systemState.permissions
@@ -1430,11 +1602,8 @@
fun GetStateScope.getUidPermissionFlags(appId: Int, userId: Int): IndexedMap<String, Int>? =
state.userStates[userId]?.appIdPermissionFlags?.get(appId)
- fun GetStateScope.getPermissionFlags(
- appId: Int,
- userId: Int,
- permissionName: String
- ): Int = getPermissionFlags(state, appId, userId, permissionName)
+ fun GetStateScope.getPermissionFlags(appId: Int, userId: Int, permissionName: String): Int =
+ getPermissionFlags(state, appId, userId, permissionName)
private fun MutateStateScope.getOldStatePermissionFlags(
appId: Int,
@@ -1465,8 +1634,10 @@
flagMask: Int,
flagValues: Int
): Boolean {
- val oldFlags = newState.userStates[userId]!!.appIdPermissionFlags[appId]
- .getWithDefault(permissionName, 0)
+ val oldFlags =
+ newState.userStates[userId]!!
+ .appIdPermissionFlags[appId]
+ .getWithDefault(permissionName, 0)
val newFlags = (oldFlags andInv flagMask) or (flagValues and flagMask)
if (oldFlags == newFlags) {
return false
@@ -1517,38 +1688,37 @@
private const val PLATFORM_PACKAGE_NAME = "android"
// A set of permissions that we don't want to revoke when they are no longer implicit.
- private val RETAIN_IMPLICIT_FLAGS_PERMISSIONS = indexedSetOf(
- Manifest.permission.ACCESS_MEDIA_LOCATION,
- Manifest.permission.ACTIVITY_RECOGNITION,
- Manifest.permission.READ_MEDIA_AUDIO,
- Manifest.permission.READ_MEDIA_IMAGES,
- Manifest.permission.READ_MEDIA_VIDEO,
- )
+ private val RETAIN_IMPLICIT_FLAGS_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.ACCESS_MEDIA_LOCATION,
+ Manifest.permission.ACTIVITY_RECOGNITION,
+ Manifest.permission.READ_MEDIA_AUDIO,
+ Manifest.permission.READ_MEDIA_IMAGES,
+ Manifest.permission.READ_MEDIA_VIDEO,
+ )
- private val NEARBY_DEVICES_PERMISSIONS = indexedSetOf(
- Manifest.permission.BLUETOOTH_ADVERTISE,
- Manifest.permission.BLUETOOTH_CONNECT,
- Manifest.permission.BLUETOOTH_SCAN,
- Manifest.permission.NEARBY_WIFI_DEVICES
- )
+ private val NEARBY_DEVICES_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.BLUETOOTH_ADVERTISE,
+ Manifest.permission.BLUETOOTH_CONNECT,
+ Manifest.permission.BLUETOOTH_SCAN,
+ Manifest.permission.NEARBY_WIFI_DEVICES
+ )
- private val NOTIFICATIONS_PERMISSIONS = indexedSetOf(
- Manifest.permission.POST_NOTIFICATIONS
- )
+ private val NOTIFICATIONS_PERMISSIONS = indexedSetOf(Manifest.permission.POST_NOTIFICATIONS)
- private val STORAGE_AND_MEDIA_PERMISSIONS = indexedSetOf(
- Manifest.permission.READ_EXTERNAL_STORAGE,
- Manifest.permission.WRITE_EXTERNAL_STORAGE,
- Manifest.permission.READ_MEDIA_AUDIO,
- Manifest.permission.READ_MEDIA_VIDEO,
- Manifest.permission.READ_MEDIA_IMAGES,
- Manifest.permission.ACCESS_MEDIA_LOCATION,
- Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED
- )
+ private val STORAGE_AND_MEDIA_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.READ_EXTERNAL_STORAGE,
+ Manifest.permission.WRITE_EXTERNAL_STORAGE,
+ Manifest.permission.READ_MEDIA_AUDIO,
+ Manifest.permission.READ_MEDIA_VIDEO,
+ Manifest.permission.READ_MEDIA_IMAGES,
+ Manifest.permission.ACCESS_MEDIA_LOCATION,
+ Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED
+ )
- /**
- * Mask for all permission flags that can be set by the user
- */
+ /** Mask for all permission flags that can be set by the user */
private const val USER_SETTABLE_MASK =
PermissionFlags.USER_SET or
PermissionFlags.USER_FIXED or
@@ -1558,16 +1728,14 @@
PermissionFlags.USER_SELECTED
/**
- * Mask for all permission flags that imply we shouldn't automatically modify the
- * permission grant state.
+ * Mask for all permission flags that imply we shouldn't automatically modify the permission
+ * grant state.
*/
private const val SYSTEM_OR_POLICY_FIXED_MASK =
PermissionFlags.SYSTEM_FIXED or PermissionFlags.POLICY_FIXED
}
- /**
- * Listener for permission flags changes.
- */
+ /** Listener for permission flags changes. */
abstract class OnPermissionFlagsChangedListener {
/**
* Called when a permission flags change has been made to the upcoming new state.
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionUpgrade.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionUpgrade.kt
index b644d8f..edacda0 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionUpgrade.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionUpgrade.kt
@@ -32,7 +32,6 @@
* Upgrade the package permissions, if needed.
*
* @param version package version
- *
* @see [com.android.server.permission.access.util.PackageVersionMigration.getVersion]
*/
fun MutateStateScope.upgradePackageState(
@@ -43,7 +42,8 @@
val packageName = packageState.packageName
if (version <= 3) {
Slog.v(
- LOG_TAG, "Allowlisting and upgrading background location permission for " +
+ LOG_TAG,
+ "Allowlisting and upgrading background location permission for " +
"package: $packageName, version: $version, user:$userId"
)
allowlistRestrictedPermissions(packageState, userId)
@@ -51,7 +51,8 @@
}
if (version <= 10) {
Slog.v(
- LOG_TAG, "Upgrading access media location permission for package: $packageName" +
+ LOG_TAG,
+ "Upgrading access media location permission for package: $packageName" +
", version: $version, user: $userId"
)
upgradeAccessMediaLocationPermission(packageState, userId)
@@ -59,7 +60,8 @@
// TODO Enable isAtLeastT check, when moving subsystem to mainline.
if (version <= 12 /*&& SdkLevel.isAtLeastT()*/) {
Slog.v(
- LOG_TAG, "Upgrading scoped permissions for package: $packageName" +
+ LOG_TAG,
+ "Upgrading scoped permissions for package: $packageName" +
", version: $version, user: $userId"
)
upgradeAuralVisualMediaPermissions(packageState, userId)
@@ -67,7 +69,8 @@
// TODO Enable isAtLeastU check, when moving subsystem to mainline.
if (version <= 14 /*&& SdkLevel.isAtLeastU()*/) {
Slog.v(
- LOG_TAG, "Upgrading visual media permission for package: $packageName" +
+ LOG_TAG,
+ "Upgrading visual media permission for package: $packageName" +
", version: $version, user: $userId"
)
upgradeUserSelectedVisualMediaPermission(packageState, userId)
@@ -84,8 +87,11 @@
if (permissionName in LEGACY_RESTRICTED_PERMISSIONS) {
with(policy) {
updatePermissionFlags(
- packageState.appId, userId, permissionName,
- PermissionFlags.UPGRADE_EXEMPT, PermissionFlags.UPGRADE_EXEMPT
+ packageState.appId,
+ userId,
+ permissionName,
+ PermissionFlags.UPGRADE_EXEMPT,
+ PermissionFlags.UPGRADE_EXEMPT
)
}
}
@@ -96,21 +102,27 @@
packageState: PackageState,
userId: Int
) {
- if (Manifest.permission.ACCESS_BACKGROUND_LOCATION in
- packageState.androidPackage!!.requestedPermissions) {
+ if (
+ Manifest.permission.ACCESS_BACKGROUND_LOCATION in
+ packageState.androidPackage!!.requestedPermissions
+ ) {
val appId = packageState.appId
- val accessFineLocationFlags = with(policy) {
- getPermissionFlags(appId, userId, Manifest.permission.ACCESS_FINE_LOCATION)
- }
- val accessCoarseLocationFlags = with(policy) {
- getPermissionFlags(appId, userId, Manifest.permission.ACCESS_COARSE_LOCATION)
- }
+ val accessFineLocationFlags =
+ with(policy) {
+ getPermissionFlags(appId, userId, Manifest.permission.ACCESS_FINE_LOCATION)
+ }
+ val accessCoarseLocationFlags =
+ with(policy) {
+ getPermissionFlags(appId, userId, Manifest.permission.ACCESS_COARSE_LOCATION)
+ }
val isForegroundLocationGranted =
PermissionFlags.isAppOpGranted(accessFineLocationFlags) ||
PermissionFlags.isAppOpGranted(accessCoarseLocationFlags)
if (isForegroundLocationGranted) {
grantRuntimePermission(
- packageState, userId, Manifest.permission.ACCESS_BACKGROUND_LOCATION
+ packageState,
+ userId,
+ Manifest.permission.ACCESS_BACKGROUND_LOCATION
)
}
}
@@ -120,24 +132,29 @@
packageState: PackageState,
userId: Int
) {
- if (Manifest.permission.ACCESS_MEDIA_LOCATION in
- packageState.androidPackage!!.requestedPermissions) {
- val flags = with(policy) {
- getPermissionFlags(
- packageState.appId, userId, Manifest.permission.READ_EXTERNAL_STORAGE
- )
- }
+ if (
+ Manifest.permission.ACCESS_MEDIA_LOCATION in
+ packageState.androidPackage!!.requestedPermissions
+ ) {
+ val flags =
+ with(policy) {
+ getPermissionFlags(
+ packageState.appId,
+ userId,
+ Manifest.permission.READ_EXTERNAL_STORAGE
+ )
+ }
if (PermissionFlags.isAppOpGranted(flags)) {
grantRuntimePermission(
- packageState, userId, Manifest.permission.ACCESS_MEDIA_LOCATION
+ packageState,
+ userId,
+ Manifest.permission.ACCESS_MEDIA_LOCATION
)
}
}
}
- /**
- * Upgrade permissions based on storage permissions grant
- */
+ /** Upgrade permissions based on storage permissions grant */
private fun MutateStateScope.upgradeAuralVisualMediaPermissions(
packageState: PackageState,
userId: Int
@@ -147,15 +164,15 @@
return
}
val requestedPermissionNames = androidPackage.requestedPermissions
- val isStorageUserGranted = STORAGE_PERMISSIONS.anyIndexed { _, permissionName ->
- if (permissionName !in requestedPermissionNames) {
- return@anyIndexed false
+ val isStorageUserGranted =
+ STORAGE_PERMISSIONS.anyIndexed { _, permissionName ->
+ if (permissionName !in requestedPermissionNames) {
+ return@anyIndexed false
+ }
+ val flags =
+ with(policy) { getPermissionFlags(packageState.appId, userId, permissionName) }
+ PermissionFlags.isAppOpGranted(flags) && flags.hasBits(PermissionFlags.USER_SET)
}
- val flags = with(policy) {
- getPermissionFlags(packageState.appId, userId, permissionName)
- }
- PermissionFlags.isAppOpGranted(flags) && flags.hasBits(PermissionFlags.USER_SET)
- }
if (isStorageUserGranted) {
AURAL_VISUAL_MEDIA_PERMISSIONS.forEachIndexed { _, permissionName ->
if (permissionName in requestedPermissionNames) {
@@ -165,9 +182,7 @@
}
}
- /**
- * Upgrade permission based on the grant in [Manifest.permission_group.READ_MEDIA_VISUAL]
- */
+ /** Upgrade permission based on the grant in [Manifest.permission_group.READ_MEDIA_VISUAL] */
private fun MutateStateScope.upgradeUserSelectedVisualMediaPermission(
packageState: PackageState,
userId: Int
@@ -177,19 +192,21 @@
return
}
val requestedPermissionNames = androidPackage.requestedPermissions
- val isVisualMediaUserGranted = VISUAL_MEDIA_PERMISSIONS.anyIndexed { _, permissionName ->
- if (permissionName !in requestedPermissionNames) {
- return@anyIndexed false
+ val isVisualMediaUserGranted =
+ VISUAL_MEDIA_PERMISSIONS.anyIndexed { _, permissionName ->
+ if (permissionName !in requestedPermissionNames) {
+ return@anyIndexed false
+ }
+ val flags =
+ with(policy) { getPermissionFlags(packageState.appId, userId, permissionName) }
+ PermissionFlags.isAppOpGranted(flags) && flags.hasBits(PermissionFlags.USER_SET)
}
- val flags = with(policy) {
- getPermissionFlags(packageState.appId, userId, permissionName)
- }
- PermissionFlags.isAppOpGranted(flags) && flags.hasBits(PermissionFlags.USER_SET)
- }
if (isVisualMediaUserGranted) {
if (Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED in requestedPermissionNames) {
grantRuntimePermission(
- packageState, userId, Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED
+ packageState,
+ userId,
+ Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED
)
}
}
@@ -201,7 +218,8 @@
permissionName: String
) {
Slog.v(
- LOG_TAG, "Granting runtime permission for package: ${packageState.packageName}, " +
+ LOG_TAG,
+ "Granting runtime permission for package: ${packageState.packageName}, " +
"permission: $permissionName, userId: $userId"
)
val permission = newState.systemState.permissions[permissionName]!!
@@ -220,13 +238,13 @@
}
flags = flags or PermissionFlags.RUNTIME_GRANTED
- flags = flags andInv (
- PermissionFlags.APP_OP_REVOKED or
- PermissionFlags.IMPLICIT or
- PermissionFlags.LEGACY_GRANTED or
- PermissionFlags.HIBERNATION or
- PermissionFlags.ONE_TIME
- )
+ flags =
+ flags andInv
+ (PermissionFlags.APP_OP_REVOKED or
+ PermissionFlags.IMPLICIT or
+ PermissionFlags.LEGACY_GRANTED or
+ PermissionFlags.HIBERNATION or
+ PermissionFlags.ONE_TIME)
with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
}
@@ -234,39 +252,45 @@
private val LOG_TAG = AppIdPermissionUpgrade::class.java.simpleName
private const val MASK_ANY_FIXED =
- PermissionFlags.USER_SET or PermissionFlags.USER_FIXED or
- PermissionFlags.POLICY_FIXED or PermissionFlags.SYSTEM_FIXED
+ PermissionFlags.USER_SET or
+ PermissionFlags.USER_FIXED or
+ PermissionFlags.POLICY_FIXED or
+ PermissionFlags.SYSTEM_FIXED
- private val LEGACY_RESTRICTED_PERMISSIONS = indexedSetOf(
- Manifest.permission.ACCESS_BACKGROUND_LOCATION,
- Manifest.permission.READ_EXTERNAL_STORAGE,
- Manifest.permission.WRITE_EXTERNAL_STORAGE,
- Manifest.permission.SEND_SMS,
- Manifest.permission.RECEIVE_SMS,
- Manifest.permission.RECEIVE_WAP_PUSH,
- Manifest.permission.RECEIVE_MMS,
- Manifest.permission.READ_CELL_BROADCASTS,
- Manifest.permission.READ_CALL_LOG,
- Manifest.permission.WRITE_CALL_LOG,
- Manifest.permission.PROCESS_OUTGOING_CALLS
- )
+ private val LEGACY_RESTRICTED_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.ACCESS_BACKGROUND_LOCATION,
+ Manifest.permission.READ_EXTERNAL_STORAGE,
+ Manifest.permission.WRITE_EXTERNAL_STORAGE,
+ Manifest.permission.SEND_SMS,
+ Manifest.permission.RECEIVE_SMS,
+ Manifest.permission.RECEIVE_WAP_PUSH,
+ Manifest.permission.RECEIVE_MMS,
+ Manifest.permission.READ_CELL_BROADCASTS,
+ Manifest.permission.READ_CALL_LOG,
+ Manifest.permission.WRITE_CALL_LOG,
+ Manifest.permission.PROCESS_OUTGOING_CALLS
+ )
- private val STORAGE_PERMISSIONS = indexedSetOf(
- Manifest.permission.READ_EXTERNAL_STORAGE,
- Manifest.permission.WRITE_EXTERNAL_STORAGE
- )
- private val AURAL_VISUAL_MEDIA_PERMISSIONS = indexedSetOf(
- Manifest.permission.READ_MEDIA_AUDIO,
- Manifest.permission.READ_MEDIA_IMAGES,
- Manifest.permission.READ_MEDIA_VIDEO,
- Manifest.permission.ACCESS_MEDIA_LOCATION,
- Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED
- )
+ private val STORAGE_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.READ_EXTERNAL_STORAGE,
+ Manifest.permission.WRITE_EXTERNAL_STORAGE
+ )
+ private val AURAL_VISUAL_MEDIA_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.READ_MEDIA_AUDIO,
+ Manifest.permission.READ_MEDIA_IMAGES,
+ Manifest.permission.READ_MEDIA_VIDEO,
+ Manifest.permission.ACCESS_MEDIA_LOCATION,
+ Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED
+ )
// Visual media permissions in T
- private val VISUAL_MEDIA_PERMISSIONS = indexedSetOf(
- Manifest.permission.READ_MEDIA_IMAGES,
- Manifest.permission.READ_MEDIA_VIDEO,
- Manifest.permission.ACCESS_MEDIA_LOCATION
- )
+ private val VISUAL_MEDIA_PERMISSIONS =
+ indexedSetOf(
+ Manifest.permission.READ_MEDIA_IMAGES,
+ Manifest.permission.READ_MEDIA_VIDEO,
+ Manifest.permission.ACCESS_MEDIA_LOCATION
+ )
}
}
diff --git a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt
index 37a4a90..1bee356 100644
--- a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPersistence.kt
@@ -135,9 +135,7 @@
) {
tag(TAG_DEVICE) {
attributeInterned(ATTR_ID, deviceId)
- permissionFlags.forEachIndexed { _, name, flags ->
- serializePermission(name, flags)
- }
+ permissionFlags.forEachIndexed { _, name, flags -> serializePermission(name, flags) }
}
}
@@ -145,11 +143,12 @@
tag(TAG_PERMISSION) {
attributeInterned(ATTR_NAME, name)
// Never serialize one-time permissions as granted.
- val serializedFlags = if (flags.hasBits(PermissionFlags.ONE_TIME)) {
- flags andInv PermissionFlags.RUNTIME_GRANTED
- } else {
- flags
- }
+ val serializedFlags =
+ if (flags.hasBits(PermissionFlags.ONE_TIME)) {
+ flags andInv PermissionFlags.RUNTIME_GRANTED
+ } else {
+ flags
+ }
attributeInt(ATTR_FLAGS, serializedFlags)
}
}
@@ -166,4 +165,4 @@
private const val ATTR_NAME = "name"
private const val ATTR_FLAGS = "flags"
}
-}
\ No newline at end of file
+}
diff --git a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt
index 4addab3..15a5859 100644
--- a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt
@@ -53,8 +53,8 @@
override fun MutateStateScope.onAppIdRemoved(appId: Int) {
newState.userStates.forEachIndexed { userStateIndex, _, userState ->
if (appId in userState.appIdDevicePermissionFlags) {
- newState.mutateUserStateAt(userStateIndex)
- .mutateAppIdDevicePermissionFlags() -= appId
+ newState.mutateUserStateAt(userStateIndex).mutateAppIdDevicePermissionFlags() -=
+ appId
}
}
}
@@ -96,10 +96,11 @@
val appId = packageState.appId
val appIdPermissionFlags = newState.userStates[userId]!!.appIdDevicePermissionFlags
androidPackage.requestedPermissions.forEach { permissionName ->
- val isRequestedByOtherPackages = anyPackageInAppId(appId) {
- it.packageName != packageName &&
- permissionName in it.androidPackage!!.requestedPermissions
- }
+ val isRequestedByOtherPackages =
+ anyPackageInAppId(appId) {
+ it.packageName != packageName &&
+ permissionName in it.androidPackage!!.requestedPermissions
+ }
if (isRequestedByOtherPackages) {
return@forEach
}
@@ -116,7 +117,9 @@
}
newState.userStates.forEachIndexed { _, userId, userState ->
userState.appIdDevicePermissionFlags[appId]?.forEachReversedIndexed {
- _, deviceId, permissionFlags ->
+ _,
+ deviceId,
+ permissionFlags ->
permissionFlags.forEachReversedIndexed { _, permissionName, _ ->
if (permissionName !in requestedPermissions) {
setPermissionFlags(appId, deviceId, userId, permissionName, 0)
@@ -166,11 +169,17 @@
userId: Int,
permissionName: String
): Int {
- val flags = state.userStates[userId]?.appIdDevicePermissionFlags?.get(appId)?.get(deviceId)
- ?.getWithDefault(permissionName, 0) ?: 0
+ val flags =
+ state.userStates[userId]
+ ?.appIdDevicePermissionFlags
+ ?.get(appId)
+ ?.get(deviceId)
+ ?.getWithDefault(permissionName, 0)
+ ?: 0
if (PermissionManager.DEBUG_DEVICE_PERMISSIONS) {
Slog.i(
- LOG_TAG, "getPermissionFlags: appId=$appId, userId=$userId," +
+ LOG_TAG,
+ "getPermissionFlags: appId=$appId, userId=$userId," +
" deviceId=$deviceId, permissionName=$permissionName," +
" flags=${PermissionFlags.toString(flags)}"
)
@@ -186,7 +195,12 @@
flags: Int
): Boolean =
updatePermissionFlags(
- appId, deviceId, userId, permissionName, PermissionFlags.MASK_ALL, flags
+ appId,
+ deviceId,
+ userId,
+ permissionName,
+ PermissionFlags.MASK_ALL,
+ flags
)
private fun MutateStateScope.updatePermissionFlags(
@@ -201,20 +215,23 @@
Slog.w(LOG_TAG, "$permissionName is not a device aware permission.")
return false
}
- val oldFlags = newState.userStates[userId]!!.appIdDevicePermissionFlags[appId]
- ?.get(deviceId).getWithDefault(permissionName, 0)
+ val oldFlags =
+ newState.userStates[userId]!!
+ .appIdDevicePermissionFlags[appId]
+ ?.get(deviceId)
+ .getWithDefault(permissionName, 0)
val newFlags = (oldFlags andInv flagMask) or (flagValues and flagMask)
if (oldFlags == newFlags) {
return false
}
val appIdDevicePermissionFlags =
newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags()
- val devicePermissionFlags = appIdDevicePermissionFlags.mutateOrPut(appId) {
- MutableIndexedReferenceMap()
- }
+ val devicePermissionFlags =
+ appIdDevicePermissionFlags.mutateOrPut(appId) { MutableIndexedReferenceMap() }
if (PermissionManager.DEBUG_DEVICE_PERMISSIONS) {
Slog.i(
- LOG_TAG, "setPermissionFlags(): appId=$appId, userId=$userId," +
+ LOG_TAG,
+ "setPermissionFlags(): appId=$appId, userId=$userId," +
" deviceId=$deviceId, permissionName=$permissionName," +
" newFlags=${PermissionFlags.toString(newFlags)}"
)
@@ -229,40 +246,39 @@
}
listeners.forEachIndexed { _, it ->
it.onDevicePermissionFlagsChanged(
- appId, userId, deviceId, permissionName, oldFlags, newFlags
+ appId,
+ userId,
+ deviceId,
+ permissionName,
+ oldFlags,
+ newFlags
)
}
return true
}
fun addOnPermissionFlagsChangedListener(listener: OnDevicePermissionFlagsChangedListener) {
- synchronized(listenersLock) {
- listeners = listeners + listener
- }
+ synchronized(listenersLock) { listeners = listeners + listener }
}
fun removeOnPermissionFlagsChangedListener(listener: OnDevicePermissionFlagsChangedListener) {
- synchronized(listenersLock) {
- listeners = listeners - listener
- }
+ synchronized(listenersLock) { listeners = listeners - listener }
}
private fun isDeviceAwarePermission(permissionName: String): Boolean =
- DEVICE_AWARE_PERMISSIONS.contains(permissionName)
+ DEVICE_AWARE_PERMISSIONS.contains(permissionName)
companion object {
private val LOG_TAG = DevicePermissionPolicy::class.java.simpleName
- /**
- * These permissions are supported for virtual devices.
- */
+ /** These permissions are supported for virtual devices. */
// TODO: b/298661870 - Use new API to get the list of device aware permissions.
val DEVICE_AWARE_PERMISSIONS = emptySet<String>()
}
/**
- * TODO: b/289355341 - implement listener for permission changes
- * Listener for permission flags changes.
+ * TODO: b/289355341 - implement listener for permission changes Listener for permission flags
+ * changes.
*/
abstract class OnDevicePermissionFlagsChangedListener {
/**
@@ -288,4 +304,4 @@
*/
abstract fun onStateMutated()
}
-}
\ No newline at end of file
+}
diff --git a/services/permission/java/com/android/server/permission/access/permission/Permission.kt b/services/permission/java/com/android/server/permission/access/permission/Permission.kt
index c7fe1a9..aa56928 100644
--- a/services/permission/java/com/android/server/permission/access/permission/Permission.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/Permission.kt
@@ -26,8 +26,7 @@
val isReconciled: Boolean,
val type: Int,
val appId: Int,
- @Suppress("ArrayInDataClass")
- val gids: IntArray = EmptyArray.INT,
+ @Suppress("ArrayInDataClass") val gids: IntArray = EmptyArray.INT,
val areGidsPerUser: Boolean = false
) {
inline val name: String
@@ -43,8 +42,7 @@
get() = type == TYPE_DYNAMIC
inline val protectionLevel: Int
- @Suppress("DEPRECATION")
- get() = permissionInfo.protectionLevel
+ @Suppress("DEPRECATION") get() = permissionInfo.protectionLevel
inline val protection: Int
get() = permissionInfo.protection
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionFlags.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionFlags.kt
index 550d148..b9d89c2 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionFlags.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionFlags.kt
@@ -32,15 +32,12 @@
*
* The old binary permission state is now tracked by multiple `*_GRANTED` and `*_REVOKED` flags, so
* that:
- *
* - With [INSTALL_GRANTED] and [INSTALL_REVOKED], we can now get rid of the old per-package
* `areInstallPermissionsFixed` attribute and correctly track it per-permission, finally fixing
* edge cases during module rollbacks.
- *
* - With [LEGACY_GRANTED] and [IMPLICIT_GRANTED], we can now ensure that legacy permissions and
* implicit permissions split from non-runtime permissions are never revoked, without checking
* split permissions and package state everywhere slowly and in slightly different ways.
- *
* - With [RESTRICTION_REVOKED], we can now get rid of the error-prone logic about revoking and
* potentially re-granting permissions upon restriction state changes.
*
@@ -55,9 +52,7 @@
* don't have any effect on the binary permission state.
*/
object PermissionFlags {
- /**
- * Permission flag for a normal permission that is granted at package installation.
- */
+ /** Permission flag for a normal permission that is granted at package installation. */
const val INSTALL_GRANTED = 1 shl 0
/**
@@ -97,8 +92,8 @@
/**
* Permission flag for a runtime permission whose state is set by the user.
*
- * For example, this flag may be set when the permission is allowed by the user in the
- * request permission dialog, or managed in the permission settings.
+ * For example, this flag may be set when the permission is allowed by the user in the request
+ * permission dialog, or managed in the permission settings.
*
* @see PackageManager.FLAG_PERMISSION_USER_SET
*/
@@ -290,8 +285,8 @@
/**
* Permission flag for a runtime permission that is selected by the user.
*
- * For example, this flag may be set when one of the coarse/fine location accuracies is
- * selected by the user.
+ * For example, this flag may be set when one of the coarse/fine location accuracies is selected
+ * by the user.
*
* This flag is informational and managed by PermissionController.
*
@@ -299,28 +294,37 @@
*/
const val USER_SELECTED = 1 shl 23
- /**
- * Mask for all permission flags.
- */
+ /** Mask for all permission flags. */
const val MASK_ALL = 0.inv()
- /**
- * Mask for all permission flags that may be applied to a runtime permission.
- */
- const val MASK_RUNTIME = ROLE or RUNTIME_GRANTED or USER_SET or USER_FIXED or POLICY_FIXED or
- SYSTEM_FIXED or PREGRANT or LEGACY_GRANTED or IMPLICIT_GRANTED or IMPLICIT or
- USER_SENSITIVE_WHEN_GRANTED or USER_SENSITIVE_WHEN_REVOKED or INSTALLER_EXEMPT or
- SYSTEM_EXEMPT or UPGRADE_EXEMPT or RESTRICTION_REVOKED or SOFT_RESTRICTED or
- APP_OP_REVOKED or ONE_TIME or HIBERNATION or USER_SELECTED
+ /** Mask for all permission flags that may be applied to a runtime permission. */
+ const val MASK_RUNTIME =
+ ROLE or
+ RUNTIME_GRANTED or
+ USER_SET or
+ USER_FIXED or
+ POLICY_FIXED or
+ SYSTEM_FIXED or
+ PREGRANT or
+ LEGACY_GRANTED or
+ IMPLICIT_GRANTED or
+ IMPLICIT or
+ USER_SENSITIVE_WHEN_GRANTED or
+ USER_SENSITIVE_WHEN_REVOKED or
+ INSTALLER_EXEMPT or
+ SYSTEM_EXEMPT or
+ UPGRADE_EXEMPT or
+ RESTRICTION_REVOKED or
+ SOFT_RESTRICTED or
+ APP_OP_REVOKED or
+ ONE_TIME or
+ HIBERNATION or
+ USER_SELECTED
- /**
- * Mask for all permission flags about permission exemption.
- */
+ /** Mask for all permission flags about permission exemption. */
const val MASK_EXEMPT = INSTALLER_EXEMPT or SYSTEM_EXEMPT or UPGRADE_EXEMPT
- /**
- * Mask for all permission flags about permission restriction.
- */
+ /** Mask for all permission flags about permission restriction. */
const val MASK_RESTRICTED = RESTRICTION_REVOKED or SOFT_RESTRICTED
fun isPermissionGranted(flags: Int): Boolean {
@@ -363,11 +367,13 @@
apiFlags = apiFlags or PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT
}
if (flags.hasBits(IMPLICIT)) {
- apiFlags = apiFlags or if (flags.hasBits(LEGACY_GRANTED)) {
- PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED
- } else {
- PackageManager.FLAG_PERMISSION_REVOKE_WHEN_REQUESTED
- }
+ apiFlags =
+ apiFlags or
+ if (flags.hasBits(LEGACY_GRANTED)) {
+ PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED
+ } else {
+ PackageManager.FLAG_PERMISSION_REVOKE_WHEN_REQUESTED
+ }
}
if (flags.hasBits(USER_SENSITIVE_WHEN_GRANTED)) {
apiFlags = apiFlags or PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED
@@ -440,8 +446,10 @@
}
flags = flags or (oldFlags and LEGACY_GRANTED)
flags = flags or (oldFlags and IMPLICIT_GRANTED)
- if (apiFlags.hasBits(PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) ||
- apiFlags.hasBits(PackageManager.FLAG_PERMISSION_REVOKE_WHEN_REQUESTED)) {
+ if (
+ apiFlags.hasBits(PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) ||
+ apiFlags.hasBits(PackageManager.FLAG_PERMISSION_REVOKE_WHEN_REQUESTED)
+ ) {
flags = flags or IMPLICIT
}
if (apiFlags.hasBits(PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED)) {
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 2a29265..ab3d78c 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -41,10 +41,10 @@
import android.os.ServiceManager
import android.os.UserHandle
import android.os.UserManager
-import android.permission.flags.Flags
import android.permission.IOnPermissionsChangeListener
import android.permission.PermissionControllerManager
import android.permission.PermissionManager
+import android.permission.flags.Flags
import android.provider.Settings
import android.util.ArrayMap
import android.util.ArraySet
@@ -88,28 +88,25 @@
import com.android.server.pm.UserManagerService
import com.android.server.pm.parsing.pkg.AndroidPackageUtils
import com.android.server.pm.permission.LegacyPermission
-import com.android.server.pm.permission.Permission as LegacyPermission2
import com.android.server.pm.permission.LegacyPermissionSettings
import com.android.server.pm.permission.LegacyPermissionState
+import com.android.server.pm.permission.Permission as LegacyPermission2
import com.android.server.pm.permission.PermissionManagerServiceInterface
import com.android.server.pm.permission.PermissionManagerServiceInternal
import com.android.server.pm.pkg.AndroidPackage
import com.android.server.pm.pkg.PackageState
import com.android.server.policy.SoftRestrictedPermissionPolicy
-import libcore.util.EmptyArray
import java.io.FileDescriptor
import java.io.PrintWriter
import java.util.concurrent.CompletableFuture
import java.util.concurrent.ExecutionException
import java.util.concurrent.TimeUnit
import java.util.concurrent.TimeoutException
+import libcore.util.EmptyArray
-/**
- * Modern implementation of [PermissionManagerServiceInterface].
- */
-class PermissionService(
- private val service: AccessCheckingService
-) : PermissionManagerServiceInterface {
+/** Modern implementation of [PermissionManagerServiceInterface]. */
+class PermissionService(private val service: AccessCheckingService) :
+ PermissionManagerServiceInterface {
private val policy =
service.getSchemePolicy(UidUri.SCHEME, PermissionUri.SCHEME) as AppIdPermissionPolicy
@@ -131,8 +128,7 @@
private lateinit var onPermissionFlagsChangedListener: OnPermissionFlagsChangedListener
private val storageVolumeLock = Any()
- @GuardedBy("storageVolumeLock")
- private val mountedStorageVolumes = ArraySet<String?>()
+ @GuardedBy("storageVolumeLock") private val mountedStorageVolumes = ArraySet<String?>()
@GuardedBy("storageVolumeLock")
private val storageVolumePackageNames = ArrayMap<String?, MutableList<String>>()
@@ -144,8 +140,8 @@
* A permission backup might contain apps that are not installed. In this case we delay the
* restoration until the app is installed.
*
- * This array (`userId -> noDelayedBackupLeft`) is `true` for all the users where
- * there is **no more** delayed backup left.
+ * This array (`userId -> noDelayedBackupLeft`) is `true` for all the users where there is **no
+ * more** delayed backup left.
*/
private val isDelayedPermissionBackupFinished = SparseBooleanArray()
@@ -154,9 +150,10 @@
packageManagerInternal = LocalServices.getService(PackageManagerInternal::class.java)
packageManagerLocal =
LocalManagerRegistry.getManagerOrThrow(PackageManagerLocal::class.java)
- platformCompat = IPlatformCompat.Stub.asInterface(
- ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE)
- )
+ platformCompat =
+ IPlatformCompat.Stub.asInterface(
+ ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE)
+ )
systemConfig = SystemConfig.getInstance()
userManagerInternal = LocalServices.getService(UserManagerInternal::class.java)
userManagerService = UserManagerService.getInstance()
@@ -166,8 +163,8 @@
PackageManager.invalidatePackageInfoCache()
PermissionManager.disablePackageNamePermissionCache()
- handlerThread = ServiceThread(LOG_TAG, Process.THREAD_PRIORITY_BACKGROUND, true)
- .apply { start() }
+ handlerThread =
+ ServiceThread(LOG_TAG, Process.THREAD_PRIORITY_BACKGROUND, true).apply { start() }
handler = Handler(handlerThread.looper)
onPermissionsChangeListeners = OnPermissionsChangeListeners(FgThread.get().looper)
onPermissionFlagsChangedListener = OnPermissionFlagsChangedListener()
@@ -181,9 +178,7 @@
return emptyList()
}
- val permissionGroups = service.getState {
- with(policy) { getPermissionGroups() }
- }
+ val permissionGroups = service.getState { with(policy) { getPermissionGroups() } }
return permissionGroups.mapNotNullIndexedTo(ArrayList()) { _, _, permissionGroup ->
if (snapshot.isPackageVisibleToUid(permissionGroup.packageName, callingUid)) {
@@ -206,9 +201,9 @@
return null
}
- permissionGroup = service.getState {
- with(policy) { getPermissionGroups()[permissionGroupName] }
- } ?: return null
+ permissionGroup =
+ service.getState { with(policy) { getPermissionGroups()[permissionGroupName] } }
+ ?: return null
if (!snapshot.isPackageVisibleToUid(permissionGroup.packageName, callingUid)) {
return null
@@ -242,29 +237,28 @@
return null
}
- permission = service.getState {
- with(policy) { getPermissions()[permissionName] }
- } ?: return null
+ permission =
+ service.getState { with(policy) { getPermissions()[permissionName] } }
+ ?: return null
if (!snapshot.isPackageVisibleToUid(permission.packageName, callingUid)) {
return null
}
val opPackage = snapshot.getPackageState(opPackageName)?.androidPackage
- targetSdkVersion = when {
- // System sees all flags.
- isRootOrSystemOrShellUid(callingUid) -> Build.VERSION_CODES.CUR_DEVELOPMENT
- opPackage != null -> opPackage.targetSdkVersion
- else -> Build.VERSION_CODES.CUR_DEVELOPMENT
- }
+ targetSdkVersion =
+ when {
+ // System sees all flags.
+ isRootOrSystemOrShellUid(callingUid) -> Build.VERSION_CODES.CUR_DEVELOPMENT
+ opPackage != null -> opPackage.targetSdkVersion
+ else -> Build.VERSION_CODES.CUR_DEVELOPMENT
+ }
}
return permission.generatePermissionInfo(flags, targetSdkVersion)
}
- /**
- * Generate a new [PermissionInfo] from [Permission] and adjust it accordingly.
- */
+ /** Generate a new [PermissionInfo] from [Permission] and adjust it accordingly. */
private fun Permission.generatePermissionInfo(
flags: Int,
targetSdkVersion: Int = Build.VERSION_CODES.CUR_DEVELOPMENT
@@ -296,22 +290,27 @@
return null
}
- val permissions = service.getState {
- if (permissionGroupName != null) {
- val permissionGroup =
- with(policy) { getPermissionGroups()[permissionGroupName] } ?: return null
+ val permissions =
+ service.getState {
+ if (permissionGroupName != null) {
+ val permissionGroup =
+ with(policy) { getPermissionGroups()[permissionGroupName] }
+ ?: return null
- if (!snapshot.isPackageVisibleToUid(permissionGroup.packageName, callingUid)) {
- return null
+ if (
+ !snapshot.isPackageVisibleToUid(permissionGroup.packageName, callingUid)
+ ) {
+ return null
+ }
}
+
+ with(policy) { getPermissions() }
}
- with(policy) { getPermissions() }
- }
-
return permissions.mapNotNullIndexedTo(ArrayList()) { _, _, permission ->
- if (permission.groupName == permissionGroupName &&
- snapshot.isPackageVisibleToUid(permission.packageName, callingUid)
+ if (
+ permission.groupName == permissionGroupName &&
+ snapshot.isPackageVisibleToUid(permission.packageName, callingUid)
) {
permission.generatePermissionInfo(flags)
} else {
@@ -334,9 +333,7 @@
private inline fun getPermissionsWithProtectionOrProtectionFlags(
predicate: (Permission) -> Boolean
): List<PermissionInfo> {
- val permissions = service.getState {
- with(policy) { getPermissions() }
- }
+ val permissions = service.getState { with(policy) { getPermissions() } }
return permissions.mapNotNullIndexedTo(ArrayList()) { _, _, permission ->
if (predicate(permission)) {
@@ -348,18 +345,16 @@
}
override fun getPermissionGids(permissionName: String, userId: Int): IntArray {
- val permission = service.getState {
- with(policy) { getPermissions()[permissionName] }
- } ?: return EmptyArray.INT
+ val permission =
+ service.getState { with(policy) { getPermissions()[permissionName] } }
+ ?: return EmptyArray.INT
return permission.getGidsForUser(userId)
}
override fun getInstalledPermissions(packageName: String): Set<String> {
requireNotNull(packageName) { "packageName cannot be null" }
- val permissions = service.getState {
- with(policy) { getPermissions() }
- }
+ val permissions = service.getState { with(policy) { getPermissions() } }
return permissions.mapNotNullIndexedTo(ArraySet()) { _, _, permission ->
if (permission.packageName == packageName) {
@@ -398,9 +393,8 @@
permissionInfo.protectionLevel =
PermissionInfo.fixProtectionLevel(permissionInfo.protectionLevel)
- val newPermission = Permission(
- permissionInfo, true, Permission.TYPE_DYNAMIC, permissionTree.appId
- )
+ val newPermission =
+ Permission(permissionInfo, true, Permission.TYPE_DYNAMIC, permissionTree.appId)
with(policy) { addPermission(newPermission, !async) }
}
@@ -431,7 +425,7 @@
val callingUid = Binder.getCallingUid()
val permissionTree = with(policy) { findPermissionTree(permissionName) }
if (permissionTree != null && permissionTree.appId == UserHandle.getAppId(callingUid)) {
- return permissionTree
+ return permissionTree
}
throw SecurityException(
@@ -447,8 +441,9 @@
// if that plus the size of 'info' would exceed our stated maximum.
if (permissionTree.appId != Process.SYSTEM_UID) {
val permissionTreeFootprint = calculatePermissionTreeFootprint(permissionTree)
- if (permissionTreeFootprint + permissionInfo.calculateFootprint() >
- MAX_PERMISSION_TREE_FOOTPRINT
+ if (
+ permissionTreeFootprint + permissionInfo.calculateFootprint() >
+ MAX_PERMISSION_TREE_FOOTPRINT
) {
throw SecurityException("Permission tree size cap exceeded")
}
@@ -483,14 +478,16 @@
packageManagerInternal.getPackageStateInternal(androidPackage.packageName)
if (packageState == null) {
Slog.e(
- LOG_TAG, "checkUidPermission: PackageState not found for AndroidPackage" +
+ LOG_TAG,
+ "checkUidPermission: PackageState not found for AndroidPackage" +
" $androidPackage"
)
return PackageManager.PERMISSION_DENIED
}
- val isPermissionGranted = service.getState {
- isPermissionGranted(packageState, userId, permissionName, deviceId)
- }
+ val isPermissionGranted =
+ service.getState {
+ isPermissionGranted(packageState, userId, permissionName, deviceId)
+ }
return if (isPermissionGranted) {
PackageManager.PERMISSION_GRANTED
} else {
@@ -505,9 +502,7 @@
}
}
- /**
- * Internal implementation that should only be called by [checkUidPermission].
- */
+ /** Internal implementation that should only be called by [checkUidPermission]. */
private fun isSystemUidPermissionGranted(uid: Int, permissionName: String): Boolean {
val uidPermissions = systemConfig.systemPermissions[uid] ?: return false
if (permissionName in uidPermissions) {
@@ -532,12 +527,14 @@
return PackageManager.PERMISSION_DENIED
}
- val packageState = packageManagerLocal.withFilteredSnapshot(Binder.getCallingUid(), userId)
- .use { it.getPackageState(packageName) } ?: return PackageManager.PERMISSION_DENIED
+ val packageState =
+ packageManagerLocal.withFilteredSnapshot(Binder.getCallingUid(), userId).use {
+ it.getPackageState(packageName)
+ }
+ ?: return PackageManager.PERMISSION_DENIED
- val isPermissionGranted = service.getState {
- isPermissionGranted(packageState, userId, permissionName, deviceId)
- }
+ val isPermissionGranted =
+ service.getState { isPermissionGranted(packageState, userId, permissionName, deviceId) }
return if (isPermissionGranted) {
PackageManager.PERMISSION_GRANTED
} else {
@@ -566,8 +563,15 @@
}
val fullerPermissionName = FULLER_PERMISSIONS[permissionName]
- if (fullerPermissionName != null &&
- isSinglePermissionGranted(appId, userId, isInstantApp, fullerPermissionName, deviceId)
+ if (
+ fullerPermissionName != null &&
+ isSinglePermissionGranted(
+ appId,
+ userId,
+ isInstantApp,
+ fullerPermissionName,
+ deviceId
+ )
) {
return true
}
@@ -575,9 +579,7 @@
return false
}
- /**
- * Internal implementation that should only be called by [isPermissionGranted].
- */
+ /** Internal implementation that should only be called by [isPermissionGranted]. */
private fun GetStateScope.isSinglePermissionGranted(
appId: Int,
userId: Int,
@@ -604,20 +606,27 @@
requireNotNull(packageName) { "packageName cannot be null" }
Preconditions.checkArgumentNonnegative(userId, "userId")
- val packageState = packageManagerLocal.withUnfilteredSnapshot()
- .use { it.getPackageState(packageName) }
+ val packageState =
+ packageManagerLocal.withUnfilteredSnapshot().use { it.getPackageState(packageName) }
if (packageState == null) {
Slog.w(LOG_TAG, "getGrantedPermissions: Unknown package $packageName")
return emptySet()
}
service.getState {
- val permissionFlags = with(policy) { getUidPermissionFlags(packageState.appId, userId) }
- ?: return emptySet()
+ val permissionFlags =
+ with(policy) { getUidPermissionFlags(packageState.appId, userId) }
+ ?: return emptySet()
return permissionFlags.mapNotNullIndexedTo(ArraySet()) { _, permissionName, _ ->
- if (isPermissionGranted(
- packageState, userId, permissionName, Context.DEVICE_ID_DEFAULT)) {
+ if (
+ isPermissionGranted(
+ packageState,
+ userId,
+ permissionName,
+ Context.DEVICE_ID_DEFAULT
+ )
+ ) {
permissionName
} else {
null
@@ -635,8 +644,8 @@
// permission state is not found, now we always return at least global GIDs. This is
// more consistent with the pre-S-refactor behavior. This is also because we are now
// actively trimming the per-UID objects when empty.
- val permissionFlags = with(policy) { getUidPermissionFlags(appId, userId) }
- ?: return globalGids.copyOf()
+ val permissionFlags =
+ with(policy) { getUidPermissionFlags(appId, userId) } ?: return globalGids.copyOf()
val gids = GrowingIntArray.wrap(globalGids)
permissionFlags.forEachIndexed { _, permissionName, flags ->
@@ -644,8 +653,8 @@
return@forEachIndexed
}
- val permission = with(policy) { getPermissions()[permissionName] }
- ?: return@forEachIndexed
+ val permission =
+ with(policy) { getPermissions()[permissionName] } ?: return@forEachIndexed
val permissionGids = permission.getGidsForUser(userId)
if (permissionGids.isEmpty()) {
return@forEachIndexed
@@ -662,9 +671,7 @@
deviceId: Int,
userId: Int
) {
- setRuntimePermissionGranted(
- packageName, userId, permissionName, deviceId, isGranted = true
- )
+ setRuntimePermissionGranted(packageName, userId, permissionName, deviceId, isGranted = true)
}
override fun revokeRuntimePermission(
@@ -675,7 +682,12 @@
reason: String?
) {
setRuntimePermissionGranted(
- packageName, userId, permissionName, deviceId, isGranted = false, revokeReason = reason
+ packageName,
+ userId,
+ permissionName,
+ deviceId,
+ isGranted = false,
+ revokeReason = reason
)
}
@@ -684,8 +696,12 @@
userId: Int
) {
setRuntimePermissionGranted(
- packageName, userId, Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT,
- isGranted = false, skipKillUid = true
+ packageName,
+ userId,
+ Manifest.permission.POST_NOTIFICATIONS,
+ Context.DEVICE_ID_DEFAULT,
+ isGranted = false,
+ skipKillUid = true
)
}
@@ -704,19 +720,24 @@
) {
val methodName = if (isGranted) "grantRuntimePermission" else "revokeRuntimePermission"
val callingUid = Binder.getCallingUid()
- val isDebugEnabled = if (isGranted) {
- PermissionManager.DEBUG_TRACE_GRANTS
- } else {
- PermissionManager.DEBUG_TRACE_PERMISSION_UPDATES
- }
- if (isDebugEnabled &&
- PermissionManager.shouldTraceGrant(packageName, permissionName, userId)) {
+ val isDebugEnabled =
+ if (isGranted) {
+ PermissionManager.DEBUG_TRACE_GRANTS
+ } else {
+ PermissionManager.DEBUG_TRACE_PERMISSION_UPDATES
+ }
+ if (
+ isDebugEnabled &&
+ PermissionManager.shouldTraceGrant(packageName, permissionName, userId)
+ ) {
val callingUidName = packageManagerInternal.getNameForUid(callingUid)
Slog.i(
- LOG_TAG, "$methodName(packageName = $packageName," +
+ LOG_TAG,
+ "$methodName(packageName = $packageName," +
" permissionName = $permissionName" +
(if (isGranted) "" else "skipKillUid = $skipKillUid, reason = $revokeReason") +
- ", userId = $userId," + " callingUid = $callingUidName ($callingUid))",
+ ", userId = $userId," +
+ " callingUid = $callingUidName ($callingUid))",
RuntimeException()
)
}
@@ -727,23 +748,31 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = true, enforceShellRestriction = true, methodName
+ userId,
+ enforceFullPermission = true,
+ enforceShellRestriction = true,
+ methodName
)
- val enforcedPermissionName = if (isGranted) {
- Manifest.permission.GRANT_RUNTIME_PERMISSIONS
- } else {
- Manifest.permission.REVOKE_RUNTIME_PERMISSIONS
- }
+ val enforcedPermissionName =
+ if (isGranted) {
+ Manifest.permission.GRANT_RUNTIME_PERMISSIONS
+ } else {
+ Manifest.permission.REVOKE_RUNTIME_PERMISSIONS
+ }
context.enforceCallingOrSelfPermission(enforcedPermissionName, methodName)
val packageState: PackageState?
- val permissionControllerPackageName = packageManagerInternal.getKnownPackageNames(
- KnownPackages.PACKAGE_PERMISSION_CONTROLLER, UserHandle.USER_SYSTEM
- ).first()
+ val permissionControllerPackageName =
+ packageManagerInternal
+ .getKnownPackageNames(
+ KnownPackages.PACKAGE_PERMISSION_CONTROLLER,
+ UserHandle.USER_SYSTEM
+ )
+ .first()
val permissionControllerPackageState: PackageState?
packageManagerLocal.withUnfilteredSnapshot().use { snapshot ->
- packageState = snapshot.filtered(callingUid, userId)
- .use { it.getPackageState(packageName) }
+ packageState =
+ snapshot.filtered(callingUid, userId).use { it.getPackageState(packageName) }
permissionControllerPackageState =
snapshot.getPackageState(permissionControllerPackageName)
}
@@ -756,11 +785,13 @@
return
}
- val canManageRolePermission = isRootOrSystemUid(callingUid) ||
- UserHandle.getAppId(callingUid) == permissionControllerPackageState!!.appId
- val overridePolicyFixed = context.checkCallingOrSelfPermission(
- Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY
- ) == PackageManager.PERMISSION_GRANTED
+ val canManageRolePermission =
+ isRootOrSystemUid(callingUid) ||
+ UserHandle.getAppId(callingUid) == permissionControllerPackageState!!.appId
+ val overridePolicyFixed =
+ context.checkCallingOrSelfPermission(
+ Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY
+ ) == PackageManager.PERMISSION_GRANTED
service.mutateState {
with(onPermissionFlagsChangedListener) {
@@ -773,8 +804,15 @@
}
setRuntimePermissionGranted(
- packageState, userId, permissionName, deviceId, isGranted, canManageRolePermission,
- overridePolicyFixed, reportError = true, methodName
+ packageState,
+ userId,
+ permissionName,
+ deviceId,
+ isGranted,
+ canManageRolePermission,
+ overridePolicyFixed,
+ reportError = true,
+ methodName
)
}
}
@@ -791,8 +829,9 @@
PackageInstaller.SessionParams.PERMISSION_STATE_DENIED -> {}
else -> {
Slog.w(
- LOG_TAG, "setRequestedPermissionStates: Unknown permission state" +
- " $permissionState for permission $permissionName"
+ LOG_TAG,
+ "setRequestedPermissionStates: Unknown permission state" +
+ " $permissionState for permission $permissionName"
)
return@forEachIndexed
}
@@ -800,35 +839,50 @@
if (permissionName !in packageState.androidPackage!!.requestedPermissions) {
return@forEachIndexed
}
- val permission = with(policy) { getPermissions()[permissionName] }
- ?: return@forEachIndexed
+ val permission =
+ with(policy) { getPermissions()[permissionName] } ?: return@forEachIndexed
when {
permission.isDevelopment || permission.isRuntime -> {
- if (permissionState ==
- PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED) {
+ if (
+ permissionState ==
+ PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED
+ ) {
setRuntimePermissionGranted(
- packageState, userId, permissionName, Context.DEVICE_ID_DEFAULT,
- isGranted = true, canManageRolePermission = false,
- overridePolicyFixed = false, reportError = false,
+ packageState,
+ userId,
+ permissionName,
+ Context.DEVICE_ID_DEFAULT,
+ isGranted = true,
+ canManageRolePermission = false,
+ overridePolicyFixed = false,
+ reportError = false,
"setRequestedPermissionStates"
)
updatePermissionFlags(
- packageState.appId, userId, permissionName,
+ packageState.appId,
+ userId,
+ permissionName,
Context.DEVICE_ID_DEFAULT,
PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED or
- PackageManager.FLAG_PERMISSION_REVOKED_COMPAT, 0,
+ PackageManager.FLAG_PERMISSION_REVOKED_COMPAT,
+ 0,
canUpdateSystemFlags = false,
reportErrorForUnknownPermission = false,
- isPermissionRequested = true, "setRequestedPermissionStates",
+ isPermissionRequested = true,
+ "setRequestedPermissionStates",
packageState.packageName
)
}
}
- permission.isAppOp && permissionName in
+ permission.isAppOp &&
+ permissionName in
PackageInstallerService.INSTALLER_CHANGEABLE_APP_OP_PERMISSIONS ->
setAppOpPermissionGranted(
- packageState, userId, permissionName, permissionState ==
- PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED
+ packageState,
+ userId,
+ permissionName,
+ permissionState ==
+ PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED
)
else -> {}
}
@@ -836,9 +890,7 @@
}
}
- /**
- * Set whether a runtime permission is granted, without any validation on caller.
- */
+ /** Set whether a runtime permission is granted, without any validation on caller. */
private fun MutateStateScope.setRuntimePermissionGranted(
packageState: PackageState,
userId: Int,
@@ -876,8 +928,11 @@
// their permissions as always granted
return
}
- if (isGranted && packageState.getUserStateOrDefault(userId).isInstantApp &&
- !permission.isInstant) {
+ if (
+ isGranted &&
+ packageState.getUserStateOrDefault(userId).isInstantApp &&
+ !permission.isInstant
+ ) {
if (reportError) {
throw SecurityException(
"Cannot grant non-instant permission $permissionName to package" +
@@ -913,7 +968,8 @@
if (oldFlags.hasBits(PermissionFlags.SYSTEM_FIXED)) {
if (reportError) {
Slog.e(
- LOG_TAG, "$methodName: Cannot change system fixed permission $permissionName" +
+ LOG_TAG,
+ "$methodName: Cannot change system fixed permission $permissionName" +
" for package $packageName"
)
}
@@ -923,7 +979,8 @@
if (oldFlags.hasBits(PermissionFlags.POLICY_FIXED) && !overridePolicyFixed) {
if (reportError) {
Slog.e(
- LOG_TAG, "$methodName: Cannot change policy fixed permission $permissionName" +
+ LOG_TAG,
+ "$methodName: Cannot change policy fixed permission $permissionName" +
" for package $packageName"
)
}
@@ -933,7 +990,8 @@
if (isGranted && oldFlags.hasBits(PermissionFlags.RESTRICTION_REVOKED)) {
if (reportError) {
Slog.e(
- LOG_TAG, "$methodName: Cannot grant hard-restricted non-exempt permission" +
+ LOG_TAG,
+ "$methodName: Cannot grant hard-restricted non-exempt permission" +
" $permissionName to package $packageName"
)
}
@@ -942,14 +1000,19 @@
if (isGranted && oldFlags.hasBits(PermissionFlags.SOFT_RESTRICTED)) {
// TODO: Refactor SoftRestrictedPermissionPolicy.
- val softRestrictedPermissionPolicy = SoftRestrictedPermissionPolicy.forPermission(
- context, AndroidPackageUtils.generateAppInfoWithoutState(androidPackage),
- androidPackage, UserHandle.of(userId), permissionName
- )
+ val softRestrictedPermissionPolicy =
+ SoftRestrictedPermissionPolicy.forPermission(
+ context,
+ AndroidPackageUtils.generateAppInfoWithoutState(androidPackage),
+ androidPackage,
+ UserHandle.of(userId),
+ permissionName
+ )
if (!softRestrictedPermissionPolicy.mayGrantPermission()) {
if (reportError) {
Slog.e(
- LOG_TAG, "$methodName: Cannot grant soft-restricted non-exempt permission" +
+ LOG_TAG,
+ "$methodName: Cannot grant soft-restricted non-exempt permission" +
" $permissionName to package $packageName"
)
}
@@ -965,15 +1028,17 @@
setPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId, newFlags)
if (permission.isRuntime) {
- val action = if (isGranted) {
- MetricsProto.MetricsEvent.ACTION_PERMISSION_GRANTED
- } else {
- MetricsProto.MetricsEvent.ACTION_PERMISSION_REVOKED
- }
- val log = LogMaker(action).apply {
- setPackageName(packageName)
- addTaggedData(MetricsProto.MetricsEvent.FIELD_PERMISSION, permissionName)
- }
+ val action =
+ if (isGranted) {
+ MetricsProto.MetricsEvent.ACTION_PERMISSION_GRANTED
+ } else {
+ MetricsProto.MetricsEvent.ACTION_PERMISSION_REVOKED
+ }
+ val log =
+ LogMaker(action).apply {
+ setPackageName(packageName)
+ addTaggedData(MetricsProto.MetricsEvent.FIELD_PERMISSION, permissionName)
+ }
metricsLogger.write(log)
}
}
@@ -984,8 +1049,8 @@
permissionName: String,
isGranted: Boolean
) {
- val appOpPolicy = service.getSchemePolicy(UidUri.SCHEME, AppOpUri.SCHEME) as
- AppIdAppOpPolicy
+ val appOpPolicy =
+ service.getSchemePolicy(UidUri.SCHEME, AppOpUri.SCHEME) as AppIdAppOpPolicy
val appOpName = AppOpsManager.permissionToOp(permissionName)!!
val mode = if (isGranted) AppOpsManager.MODE_ALLOWED else AppOpsManager.MODE_ERRORED
with(appOpPolicy) { setAppOpMode(packageState.appId, userId, appOpName, mode) }
@@ -1003,17 +1068,20 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = true, enforceShellRestriction = false,
+ userId,
+ enforceFullPermission = true,
+ enforceShellRestriction = false,
"getPermissionFlags"
)
enforceCallingOrSelfAnyPermission(
- "getPermissionFlags", Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
+ "getPermissionFlags",
+ Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
Manifest.permission.REVOKE_RUNTIME_PERMISSIONS,
Manifest.permission.GET_RUNTIME_PERMISSIONS
)
- val packageState = packageManagerLocal.withFilteredSnapshot()
- .use { it.getPackageState(packageName) }
+ val packageState =
+ packageManagerLocal.withFilteredSnapshot().use { it.getPackageState(packageName) }
if (packageState == null) {
Slog.w(LOG_TAG, "getPermissionFlags: Unknown package $packageName")
return 0
@@ -1045,12 +1113,17 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = true, enforceShellRestriction = false,
+ userId,
+ enforceFullPermission = true,
+ enforceShellRestriction = false,
"isPermissionRevokedByPolicy"
)
- val packageState = packageManagerLocal.withFilteredSnapshot(Binder.getCallingUid(), userId)
- .use { it.getPackageState(packageName) } ?: return false
+ val packageState =
+ packageManagerLocal.withFilteredSnapshot(Binder.getCallingUid(), userId).use {
+ it.getPackageState(packageName)
+ }
+ ?: return false
service.getState {
if (isPermissionGranted(packageState, userId, permissionName, deviceId)) {
@@ -1069,12 +1142,13 @@
// TODO(b/173235285): Some caller may pass USER_ALL as userId.
// Preconditions.checkArgumentNonnegative(userId, "userId")
- val packageState = packageManagerLocal.withUnfilteredSnapshot()
- .use { it.getPackageState(packageName) } ?: return false
+ val packageState =
+ packageManagerLocal.withUnfilteredSnapshot().use { it.getPackageState(packageName) }
+ ?: return false
- val permissionFlags = service.getState {
- with(policy) { getUidPermissionFlags(packageState.appId, userId) }
- } ?: return false
+ val permissionFlags =
+ service.getState { with(policy) { getUidPermissionFlags(packageState.appId, userId) } }
+ ?: return false
return permissionFlags.anyIndexed { _, _, it -> it.hasBits(REVIEW_REQUIRED_FLAGS) }
}
@@ -1090,13 +1164,18 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = true, enforceShellRestriction = false,
+ userId,
+ enforceFullPermission = true,
+ enforceShellRestriction = false,
"shouldShowRequestPermissionRationale"
)
val callingUid = Binder.getCallingUid()
- val packageState = packageManagerLocal.withFilteredSnapshot(callingUid, userId)
- .use { it.getPackageState(packageName) } ?: return false
+ val packageState =
+ packageManagerLocal.withFilteredSnapshot(callingUid, userId).use {
+ it.getPackageState(packageName)
+ }
+ ?: return false
val appId = packageState.appId
if (UserHandle.getAppId(callingUid) != appId) {
return false
@@ -1115,17 +1194,24 @@
}
if (permissionName == Manifest.permission.ACCESS_BACKGROUND_LOCATION) {
- val isBackgroundRationaleChangeEnabled = Binder::class.withClearedCallingIdentity {
- try {
- platformCompat.isChangeEnabledByPackageName(
- BACKGROUND_RATIONALE_CHANGE_ID, packageName, userId
- )
- } catch (e: RemoteException) {
- Slog.e(LOG_TAG, "shouldShowRequestPermissionRationale: Unable to check if" +
- " compatibility change is enabled", e)
- false
+ val isBackgroundRationaleChangeEnabled =
+ Binder::class.withClearedCallingIdentity {
+ try {
+ platformCompat.isChangeEnabledByPackageName(
+ BACKGROUND_RATIONALE_CHANGE_ID,
+ packageName,
+ userId
+ )
+ } catch (e: RemoteException) {
+ Slog.e(
+ LOG_TAG,
+ "shouldShowRequestPermissionRationale: Unable to check if" +
+ " compatibility change is enabled",
+ e
+ )
+ false
+ }
}
- }
if (isBackgroundRationaleChangeEnabled) {
return true
}
@@ -1144,20 +1230,30 @@
userId: Int
) {
val callingUid = Binder.getCallingUid()
- if (PermissionManager.DEBUG_TRACE_PERMISSION_UPDATES &&
- PermissionManager.shouldTraceGrant(packageName, permissionName, userId)) {
- val flagMaskString = DebugUtils.flagsToString(
- PackageManager::class.java, "FLAG_PERMISSION_", flagMask.toLong()
- )
- val flagValuesString = DebugUtils.flagsToString(
- PackageManager::class.java, "FLAG_PERMISSION_", flagValues.toLong()
- )
+ if (
+ PermissionManager.DEBUG_TRACE_PERMISSION_UPDATES &&
+ PermissionManager.shouldTraceGrant(packageName, permissionName, userId)
+ ) {
+ val flagMaskString =
+ DebugUtils.flagsToString(
+ PackageManager::class.java,
+ "FLAG_PERMISSION_",
+ flagMask.toLong()
+ )
+ val flagValuesString =
+ DebugUtils.flagsToString(
+ PackageManager::class.java,
+ "FLAG_PERMISSION_",
+ flagValues.toLong()
+ )
val callingUidName = packageManagerInternal.getNameForUid(callingUid)
Slog.i(
- LOG_TAG, "updatePermissionFlags(packageName = $packageName," +
+ LOG_TAG,
+ "updatePermissionFlags(packageName = $packageName," +
" permissionName = $permissionName, flagMask = $flagMaskString," +
" flagValues = $flagValuesString, userId = $userId," +
- " callingUid = $callingUidName ($callingUid))", RuntimeException()
+ " callingUid = $callingUidName ($callingUid))",
+ RuntimeException()
)
}
@@ -1167,11 +1263,14 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = true, enforceShellRestriction = true,
+ userId,
+ enforceFullPermission = true,
+ enforceShellRestriction = true,
"updatePermissionFlags"
)
enforceCallingOrSelfAnyPermission(
- "updatePermissionFlags", Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
+ "updatePermissionFlags",
+ Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
Manifest.permission.REVOKE_RUNTIME_PERMISSIONS
)
@@ -1208,8 +1307,10 @@
// Different from the old implementation, which returns when package doesn't exist but
// throws when package exists but isn't visible, we now return in both cases to avoid
// leaking the package existence.
- if (androidPackage == null ||
- packageManagerInternal.filterAppAccess(packageName, callingUid, userId, false)) {
+ if (
+ androidPackage == null ||
+ packageManagerInternal.filterAppAccess(packageName, callingUid, userId, false)
+ ) {
Slog.w(LOG_TAG, "updatePermissionFlags: Unknown package $packageName")
return
}
@@ -1219,26 +1320,35 @@
// permissions.
val canUpdateSystemFlags = isRootOrSystemUid(callingUid)
- val isPermissionRequested = if (permissionName in androidPackage.requestedPermissions) {
- // Fast path, the current package has requested the permission.
- true
- } else {
- // Slow path, go through all shared user packages.
- val sharedUserPackageNames =
- packageManagerInternal.getSharedUserPackagesForPackage(packageName, userId)
- sharedUserPackageNames.any { sharedUserPackageName ->
- val sharedUserPackage = packageManagerInternal.getPackage(sharedUserPackageName)
- sharedUserPackage != null &&
- permissionName in sharedUserPackage.requestedPermissions
+ val isPermissionRequested =
+ if (permissionName in androidPackage.requestedPermissions) {
+ // Fast path, the current package has requested the permission.
+ true
+ } else {
+ // Slow path, go through all shared user packages.
+ val sharedUserPackageNames =
+ packageManagerInternal.getSharedUserPackagesForPackage(packageName, userId)
+ sharedUserPackageNames.any { sharedUserPackageName ->
+ val sharedUserPackage = packageManagerInternal.getPackage(sharedUserPackageName)
+ sharedUserPackage != null &&
+ permissionName in sharedUserPackage.requestedPermissions
+ }
}
- }
val appId = packageState.appId
service.mutateState {
updatePermissionFlags(
- appId, userId, permissionName, deviceId, flagMask, flagValues, canUpdateSystemFlags,
- reportErrorForUnknownPermission = true, isPermissionRequested,
- "updatePermissionFlags", packageName
+ appId,
+ userId,
+ permissionName,
+ deviceId,
+ flagMask,
+ flagValues,
+ canUpdateSystemFlags,
+ reportErrorForUnknownPermission = true,
+ isPermissionRequested,
+ "updatePermissionFlags",
+ packageName
)
}
}
@@ -1246,17 +1356,25 @@
override fun updatePermissionFlagsForAllApps(flagMask: Int, flagValues: Int, userId: Int) {
val callingUid = Binder.getCallingUid()
if (PermissionManager.DEBUG_TRACE_PERMISSION_UPDATES) {
- val flagMaskString = DebugUtils.flagsToString(
- PackageManager::class.java, "FLAG_PERMISSION_", flagMask.toLong()
- )
- val flagValuesString = DebugUtils.flagsToString(
- PackageManager::class.java, "FLAG_PERMISSION_", flagValues.toLong()
- )
+ val flagMaskString =
+ DebugUtils.flagsToString(
+ PackageManager::class.java,
+ "FLAG_PERMISSION_",
+ flagMask.toLong()
+ )
+ val flagValuesString =
+ DebugUtils.flagsToString(
+ PackageManager::class.java,
+ "FLAG_PERMISSION_",
+ flagValues.toLong()
+ )
val callingUidName = packageManagerInternal.getNameForUid(callingUid)
Slog.i(
- LOG_TAG, "updatePermissionFlagsForAllApps(flagMask = $flagMaskString," +
+ LOG_TAG,
+ "updatePermissionFlagsForAllApps(flagMask = $flagMaskString," +
" flagValues = $flagValuesString, userId = $userId," +
- " callingUid = $callingUidName ($callingUid))", RuntimeException()
+ " callingUid = $callingUidName ($callingUid))",
+ RuntimeException()
)
}
@@ -1266,11 +1384,14 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = true, enforceShellRestriction = true,
+ userId,
+ enforceFullPermission = true,
+ enforceShellRestriction = true,
"updatePermissionFlagsForAllApps"
)
enforceCallingOrSelfAnyPermission(
- "updatePermissionFlagsForAllApps", Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
+ "updatePermissionFlagsForAllApps",
+ Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
Manifest.permission.REVOKE_RUNTIME_PERMISSIONS
)
@@ -1278,26 +1399,30 @@
// flag, we now properly sanitize all flags as in updatePermissionFlags().
val canUpdateSystemFlags = isRootOrSystemUid(callingUid)
- val packageStates = packageManagerLocal.withUnfilteredSnapshot()
- .use { it.packageStates }
+ val packageStates = packageManagerLocal.withUnfilteredSnapshot().use { it.packageStates }
service.mutateState {
packageStates.forEach { (packageName, packageState) ->
val androidPackage = packageState.androidPackage ?: return@forEach
androidPackage.requestedPermissions.forEach { permissionName ->
updatePermissionFlags(
- packageState.appId, userId, permissionName, Context.DEVICE_ID_DEFAULT,
- flagMask, flagValues, canUpdateSystemFlags,
+ packageState.appId,
+ userId,
+ permissionName,
+ Context.DEVICE_ID_DEFAULT,
+ flagMask,
+ flagValues,
+ canUpdateSystemFlags,
reportErrorForUnknownPermission = false,
- isPermissionRequested = true, "updatePermissionFlagsForAllApps", packageName
+ isPermissionRequested = true,
+ "updatePermissionFlagsForAllApps",
+ packageName
)
}
}
}
}
- /**
- * Update flags for a permission, without any validation on caller.
- */
+ /** Update flags for a permission, without any validation on caller. */
private fun MutateStateScope.updatePermissionFlags(
appId: Int,
userId: Int,
@@ -1311,20 +1436,19 @@
methodName: String,
packageName: String
) {
- @Suppress("NAME_SHADOWING")
- var flagMask = flagMask
- @Suppress("NAME_SHADOWING")
- var flagValues = flagValues
+ @Suppress("NAME_SHADOWING") var flagMask = flagMask
+ @Suppress("NAME_SHADOWING") var flagValues = flagValues
// Only the system can change these flags and nothing else.
if (!canUpdateSystemFlags) {
// Different from the old implementation, which allowed non-system UIDs to remove (but
// not add) permission restriction flags, we now consistently ignore them altogether.
- val ignoredMask = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED or
- PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT or
- PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT or
- PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT or
- PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT or
- PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION
+ val ignoredMask =
+ PackageManager.FLAG_PERMISSION_SYSTEM_FIXED or
+ PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT or
+ PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT or
+ PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT or
+ PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT or
+ PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION
flagMask = flagMask andInv ignoredMask
flagValues = flagValues andInv ignoredMask
}
@@ -1340,7 +1464,8 @@
val oldFlags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId)
if (!isPermissionRequested && oldFlags == 0) {
Slog.w(
- LOG_TAG, "$methodName: Permission $permissionName isn't requested by package" +
+ LOG_TAG,
+ "$methodName: Permission $permissionName isn't requested by package" +
" $packageName"
)
return
@@ -1365,21 +1490,29 @@
}
enforceCallingOrSelfCrossUserPermission(
- userId, enforceFullPermission = false, enforceShellRestriction = false,
+ userId,
+ enforceFullPermission = false,
+ enforceShellRestriction = false,
"getAllowlistedRestrictedPermissions"
)
val callingUid = Binder.getCallingUid()
- val packageState = packageManagerLocal.withFilteredSnapshot(callingUid, userId)
- .use { it.getPackageState(packageName) } ?: return null
+ val packageState =
+ packageManagerLocal.withFilteredSnapshot(callingUid, userId).use {
+ it.getPackageState(packageName)
+ }
+ ?: return null
val androidPackage = packageState.androidPackage ?: return null
- val isCallerPrivileged = context.checkCallingOrSelfPermission(
- Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
- ) == PackageManager.PERMISSION_GRANTED
+ val isCallerPrivileged =
+ context.checkCallingOrSelfPermission(
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
+ ) == PackageManager.PERMISSION_GRANTED
- if (allowlistedFlags.hasBits(PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM) &&
- !isCallerPrivileged) {
+ if (
+ allowlistedFlags.hasBits(PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM) &&
+ !isCallerPrivileged
+ ) {
throw SecurityException(
"Querying system allowlist requires " +
Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
@@ -1389,8 +1522,12 @@
val isCallerInstallerOnRecord =
packageManagerInternal.isCallerInstallerOfRecord(androidPackage, callingUid)
- if (allowlistedFlags.hasAnyBit(PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE or
- PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER)) {
+ if (
+ allowlistedFlags.hasAnyBit(
+ PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE or
+ PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER
+ )
+ ) {
if (!isCallerPrivileged && !isCallerInstallerOnRecord) {
throw SecurityException(
"Querying upgrade or installer allowlist requires being installer on record" +
@@ -1400,7 +1537,9 @@
}
return getAllowlistedRestrictedPermissionsUnchecked(
- packageState.appId, allowlistedFlags, userId
+ packageState.appId,
+ allowlistedFlags,
+ userId
)
}
@@ -1414,8 +1553,11 @@
with(policy) { getPermissionFlags(appId, userId, permissionName) }
} else {
if (permissionName !in DevicePermissionPolicy.DEVICE_AWARE_PERMISSIONS) {
- Slog.i(LOG_TAG, "$permissionName is not device aware permission, " +
- " get the flags for default device.")
+ Slog.i(
+ LOG_TAG,
+ "$permissionName is not device aware permission, " +
+ " get the flags for default device."
+ )
return with(policy) { getPermissionFlags(appId, userId, permissionName) }
}
val virtualDeviceManagerInternal = virtualDeviceManagerInternal
@@ -1423,8 +1565,7 @@
Slog.e(LOG_TAG, "Virtual device manager service is not available.")
return 0
}
- val persistentDeviceId =
- virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId)
+ val persistentDeviceId = virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId)
if (persistentDeviceId != null) {
with(devicePolicy) {
getPermissionFlags(appId, persistentDeviceId, userId, permissionName)
@@ -1444,13 +1585,14 @@
flags: Int
): Boolean {
return if (!Flags.deviceAwarePermissionApis() || deviceId == Context.DEVICE_ID_DEFAULT) {
- with(policy) {
- setPermissionFlags(appId, userId, permissionName, flags)
- }
+ with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
} else {
if (permissionName !in DevicePermissionPolicy.DEVICE_AWARE_PERMISSIONS) {
- Slog.i(LOG_TAG, "$permissionName is not device aware permission, " +
- " set the flags for default device.")
+ Slog.i(
+ LOG_TAG,
+ "$permissionName is not device aware permission, " +
+ " set the flags for default device."
+ )
return with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
}
@@ -1459,8 +1601,7 @@
Slog.e(LOG_TAG, "Virtual device manager service is not available.")
return false
}
- val persistentDeviceId =
- virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId)
+ val persistentDeviceId = virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId)
if (persistentDeviceId != null) {
with(devicePolicy) {
setPermissionFlags(appId, persistentDeviceId, userId, permissionName, flags)
@@ -1473,17 +1614,17 @@
}
/**
- * This method does not enforce checks on the caller, should only be called after
- * required checks.
+ * This method does not enforce checks on the caller, should only be called after required
+ * checks.
*/
private fun getAllowlistedRestrictedPermissionsUnchecked(
appId: Int,
allowlistedFlags: Int,
userId: Int
): ArrayList<String>? {
- val permissionFlags = service.getState {
- with(policy) { getUidPermissionFlags(appId, userId) }
- } ?: return null
+ val permissionFlags =
+ service.getState { with(policy) { getUidPermissionFlags(appId, userId) } }
+ ?: return null
var queryFlags = 0
if (allowlistedFlags.hasBits(PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM)) {
@@ -1512,14 +1653,18 @@
return false
}
- val permissionNames = getAllowlistedRestrictedPermissions(
- packageName, allowlistedFlags, userId
- ) ?: ArrayList(1)
+ val permissionNames =
+ getAllowlistedRestrictedPermissions(packageName, allowlistedFlags, userId)
+ ?: ArrayList(1)
if (permissionName !in permissionNames) {
permissionNames += permissionName
return setAllowlistedRestrictedPermissions(
- packageName, permissionNames, allowlistedFlags, userId, isAddingPermission = true
+ packageName,
+ permissionNames,
+ allowlistedFlags,
+ userId,
+ isAddingPermission = true
)
}
return false
@@ -1531,14 +1676,22 @@
permissionNames: List<String>,
userId: Int
) {
- val newPermissionNames = getAllowlistedRestrictedPermissionsUnchecked(appId,
- PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER, userId
- )?.let {
- ArraySet(permissionNames).apply { this += it }.toList()
- } ?: permissionNames
+ val newPermissionNames =
+ getAllowlistedRestrictedPermissionsUnchecked(
+ appId,
+ PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER,
+ userId
+ )
+ ?.let { ArraySet(permissionNames).apply { this += it }.toList() }
+ ?: permissionNames
- setAllowlistedRestrictedPermissionsUnchecked(androidPackage, appId, newPermissionNames,
- PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER, userId)
+ setAllowlistedRestrictedPermissionsUnchecked(
+ androidPackage,
+ appId,
+ newPermissionNames,
+ PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER,
+ userId
+ )
}
override fun removeAllowlistedRestrictedPermission(
@@ -1552,13 +1705,17 @@
return false
}
- val permissions = getAllowlistedRestrictedPermissions(
- packageName, allowlistedFlags, userId
- ) ?: return false
+ val permissions =
+ getAllowlistedRestrictedPermissions(packageName, allowlistedFlags, userId)
+ ?: return false
if (permissions.remove(permissionName)) {
return setAllowlistedRestrictedPermissions(
- packageName, permissions, allowlistedFlags, userId, isAddingPermission = false
+ packageName,
+ permissions,
+ allowlistedFlags,
+ userId,
+ isAddingPermission = false
)
}
@@ -1572,16 +1729,22 @@
return false
}
- if (packageManagerLocal.withFilteredSnapshot()
- .use { it.getPackageState(permission.packageName) } == null) {
+ if (
+ packageManagerLocal.withFilteredSnapshot().use {
+ it.getPackageState(permission.packageName)
+ } == null
+ ) {
return false
}
val isImmutablyRestrictedPermission =
permission.isHardOrSoftRestricted && permission.isImmutablyRestricted
- if (isImmutablyRestrictedPermission && context.checkCallingOrSelfPermission(
- Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
- ) != PackageManager.PERMISSION_GRANTED) {
+ if (
+ isImmutablyRestrictedPermission &&
+ context.checkCallingOrSelfPermission(
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
+ ) != PackageManager.PERMISSION_GRANTED
+ ) {
throw SecurityException(
"Cannot modify allowlist of an immutably restricted permission: ${permission.name}"
)
@@ -1599,13 +1762,16 @@
): Boolean {
Preconditions.checkArgument(allowlistedFlags.countOneBits() == 1)
- val isCallerPrivileged = context.checkCallingOrSelfPermission(
- Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
- ) == PackageManager.PERMISSION_GRANTED
+ val isCallerPrivileged =
+ context.checkCallingOrSelfPermission(
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS
+ ) == PackageManager.PERMISSION_GRANTED
val callingUid = Binder.getCallingUid()
- val packageState = packageManagerLocal.withFilteredSnapshot(callingUid, userId)
- .use { snapshot -> snapshot.packageStates[packageName] ?: return false }
+ val packageState =
+ packageManagerLocal.withFilteredSnapshot(callingUid, userId).use { snapshot ->
+ snapshot.packageStates[packageName] ?: return false
+ }
val androidPackage = packageState.androidPackage ?: return false
val isCallerInstallerOnRecord =
@@ -1627,15 +1793,19 @@
}
setAllowlistedRestrictedPermissionsUnchecked(
- androidPackage, packageState.appId, permissionNames, allowlistedFlags, userId
+ androidPackage,
+ packageState.appId,
+ permissionNames,
+ allowlistedFlags,
+ userId
)
return true
}
/**
- * This method does not enforce checks on the caller, should only be called after
- * required checks.
+ * This method does not enforce checks on the caller, should only be called after required
+ * checks.
*/
private fun setAllowlistedRestrictedPermissionsUnchecked(
androidPackage: AndroidPackage,
@@ -1712,22 +1882,24 @@
}
}
- newFlags = if (permission.isHardRestricted && !isExempt) {
- newFlags or PermissionFlags.RESTRICTION_REVOKED
- } else {
- newFlags andInv PermissionFlags.RESTRICTION_REVOKED
- }
- newFlags = if (permission.isSoftRestricted && !isExempt) {
- newFlags or PermissionFlags.SOFT_RESTRICTED
- } else {
- newFlags andInv PermissionFlags.SOFT_RESTRICTED
- }
- mask = mask or PermissionFlags.RESTRICTION_REVOKED or
- PermissionFlags.SOFT_RESTRICTED
+ newFlags =
+ if (permission.isHardRestricted && !isExempt) {
+ newFlags or PermissionFlags.RESTRICTION_REVOKED
+ } else {
+ newFlags andInv PermissionFlags.RESTRICTION_REVOKED
+ }
+ newFlags =
+ if (permission.isSoftRestricted && !isExempt) {
+ newFlags or PermissionFlags.SOFT_RESTRICTED
+ } else {
+ newFlags andInv PermissionFlags.SOFT_RESTRICTED
+ }
+ mask =
+ mask or
+ PermissionFlags.RESTRICTION_REVOKED or
+ PermissionFlags.SOFT_RESTRICTED
- updatePermissionFlags(
- appId, userId, requestedPermission, mask, newFlags
- )
+ updatePermissionFlags(appId, userId, requestedPermission, mask, newFlags)
}
}
}
@@ -1735,12 +1907,8 @@
override fun resetRuntimePermissions(androidPackage: AndroidPackage, userId: Int) {
service.mutateState {
- with(policy) {
- resetRuntimePermissions(androidPackage.packageName, userId)
- }
- with(devicePolicy) {
- resetRuntimePermissions(androidPackage.packageName, userId)
- }
+ with(policy) { resetRuntimePermissions(androidPackage.packageName, userId) }
+ with(devicePolicy) { resetRuntimePermissions(androidPackage.packageName, userId) }
}
}
@@ -1748,12 +1916,8 @@
packageManagerLocal.withUnfilteredSnapshot().use { snapshot ->
service.mutateState {
snapshot.packageStates.forEach { (_, packageState) ->
- with(policy) {
- resetRuntimePermissions(packageState.packageName, userId)
- }
- with(devicePolicy) {
- resetRuntimePermissions(packageState.packageName, userId)
- }
+ with(policy) { resetRuntimePermissions(packageState.packageName, userId) }
+ with(devicePolicy) { resetRuntimePermissions(packageState.packageName, userId) }
}
}
}
@@ -1761,7 +1925,8 @@
override fun addOnPermissionsChangeListener(listener: IOnPermissionsChangeListener) {
context.enforceCallingOrSelfPermission(
- Manifest.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS, "addOnPermissionsChangeListener"
+ Manifest.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS,
+ "addOnPermissionsChangeListener"
)
onPermissionsChangeListeners.addListener(listener)
@@ -1786,9 +1951,7 @@
requireNotNull(permissionName) { "permissionName cannot be null" }
val packageNames = ArraySet<String>()
- val permission = service.getState {
- with(policy) { getPermissions()[permissionName] }
- }
+ val permission = service.getState { with(policy) { getPermissions()[permissionName] } }
if (permission == null || !permission.isAppOp) {
packageNames.toTypedArray()
}
@@ -1814,8 +1977,8 @@
androidPackage.requestedPermissions.forEach requestedPermissions@{ permissionName ->
val permission = permissions[permissionName] ?: return@requestedPermissions
if (permission.isAppOp) {
- val packageNames = appOpPermissionPackageNames
- .getOrPut(permissionName) { ArraySet() }
+ val packageNames =
+ appOpPermissionPackageNames.getOrPut(permissionName) { ArraySet() }
packageNames += androidPackage.packageName
}
}
@@ -1828,14 +1991,18 @@
Preconditions.checkArgumentNonnegative(userId, "userId cannot be null")
val backup = CompletableFuture<ByteArray>()
permissionControllerManager.getRuntimePermissionBackup(
- UserHandle.of(userId), PermissionThread.getExecutor(), backup::complete
+ UserHandle.of(userId),
+ PermissionThread.getExecutor(),
+ backup::complete
)
return try {
backup.get(BACKUP_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS)
} catch (e: Exception) {
when (e) {
- is TimeoutException, is InterruptedException, is ExecutionException -> {
+ is TimeoutException,
+ is InterruptedException,
+ is ExecutionException -> {
Slog.e(LOG_TAG, "Cannot create permission backup for user $userId", e)
null
}
@@ -1852,7 +2019,8 @@
isDelayedPermissionBackupFinished -= userId
}
permissionControllerManager.stageAndApplyRuntimePermissionsBackup(
- backup, UserHandle.of(userId)
+ backup,
+ UserHandle.of(userId)
)
}
@@ -1866,7 +2034,9 @@
}
}
permissionControllerManager.applyStagedRuntimePermissionBackup(
- packageName, UserHandle.of(userId), PermissionThread.getExecutor()
+ packageName,
+ UserHandle.of(userId),
+ PermissionThread.getExecutor()
) { hasMoreBackup ->
if (hasMoreBackup) {
return@applyStagedRuntimePermissionBackup
@@ -1913,21 +2083,15 @@
): IndexedMap<Int, MutableIndexedSet<String>> {
val appIds = MutableIndexedSet<Int>()
- val packageStates = packageManagerLocal.withUnfilteredSnapshot().use {
- it.packageStates
- }
+ val packageStates = packageManagerLocal.withUnfilteredSnapshot().use { it.packageStates }
state.userStates.forEachIndexed { _, _, userState ->
- userState.appIdPermissionFlags.forEachIndexed { _, appId, _ ->
- appIds.add(appId)
- }
- userState.appIdAppOpModes.forEachIndexed { _, appId, _ ->
- appIds.add(appId)
- }
- userState.packageVersions.forEachIndexed packageVersions@ { _, packageName, _ ->
+ userState.appIdPermissionFlags.forEachIndexed { _, appId, _ -> appIds.add(appId) }
+ userState.appIdAppOpModes.forEachIndexed { _, appId, _ -> appIds.add(appId) }
+ userState.packageVersions.forEachIndexed packageVersions@{ _, packageName, _ ->
val appId = packageStates[packageName]?.appId ?: return@packageVersions
appIds.add(appId)
}
- userState.packageAppOpModes.forEachIndexed packageAppOpModes@ { _, packageName, _ ->
+ userState.packageAppOpModes.forEachIndexed packageAppOpModes@{ _, packageName, _ ->
val appId = packageStates[packageName]?.appId ?: return@packageAppOpModes
appIds.add(appId)
}
@@ -1935,7 +2099,8 @@
val appIdPackageNames = MutableIndexedMap<Int, MutableIndexedSet<String>>()
packageStates.forEach { (_, packageState) ->
- appIdPackageNames.getOrPut(packageState.appId) { MutableIndexedSet() }
+ appIdPackageNames
+ .getOrPut(packageState.appId) { MutableIndexedSet() }
.add(packageState.packageName)
}
// add non-package app IDs which might not be reported by package manager.
@@ -1966,10 +2131,7 @@
println("Permission groups:")
withIndent {
state.systemState.permissionGroups.forEachIndexed { _, _, permissionGroup ->
- println(
- "${permissionGroup.name}: " +
- "packageName=${permissionGroup.packageName}"
- )
+ println("${permissionGroup.name}: " + "packageName=${permissionGroup.packageName}")
}
}
@@ -1998,7 +2160,9 @@
println("Permissions:")
withIndent {
userState.appIdPermissionFlags[appId]?.forEachIndexed {
- _, permissionName, flags ->
+ _,
+ permissionName,
+ flags ->
val isGranted = PermissionFlags.isPermissionGranted(flags)
println(
"$permissionName: granted=$isGranted, flags=" +
@@ -2008,7 +2172,9 @@
}
userState.appIdDevicePermissionFlags[appId]?.forEachIndexed {
- _, deviceId, devicePermissionFlags ->
+ _,
+ deviceId,
+ devicePermissionFlags ->
println("Permissions (Device $deviceId):")
withIndent {
devicePermissionFlags.forEachIndexed { _, permissionName, flags ->
@@ -2023,7 +2189,8 @@
println("App ops:")
withIndent {
- userState.appIdAppOpModes[appId]?.forEachIndexed {_, appOpName, appOpMode ->
+ userState.appIdAppOpModes[appId]?.forEachIndexed { _, appOpName, appOpMode
+ ->
println("$appOpName: mode=${AppOpsManager.modeToName(appOpMode)}")
}
}
@@ -2035,7 +2202,9 @@
println("App ops:")
withIndent {
userState.packageAppOpModes[packageName]?.forEachIndexed {
- _, appOpName, appOpMode ->
+ _,
+ appOpName,
+ appOpMode ->
val modeName = AppOpsManager.modeToName(appOpMode)
println("$appOpName: mode=$modeName")
}
@@ -2054,24 +2223,30 @@
}
override fun getPermissionTEMP(permissionName: String): LegacyPermission2? {
- val permission = service.getState {
- with(policy) { getPermissions()[permissionName] }
- } ?: return null
+ val permission =
+ service.getState { with(policy) { getPermissions()[permissionName] } } ?: return null
return LegacyPermission2(
- permission.permissionInfo, permission.type, permission.isReconciled, permission.appId,
- permission.gids, permission.areGidsPerUser
+ permission.permissionInfo,
+ permission.type,
+ permission.isReconciled,
+ permission.appId,
+ permission.gids,
+ permission.areGidsPerUser
)
}
override fun getLegacyPermissions(): List<LegacyPermission> =
- service.getState {
- with(policy) { getPermissions() }
- }.mapIndexedTo(ArrayList()) { _, _, permission ->
- LegacyPermission(
- permission.permissionInfo, permission.type, permission.appId, permission.gids
- )
- }
+ service
+ .getState { with(policy) { getPermissions() } }
+ .mapIndexedTo(ArrayList()) { _, _, permission ->
+ LegacyPermission(
+ permission.permissionInfo,
+ permission.type,
+ permission.appId,
+ permission.gids
+ )
+ }
override fun readLegacyPermissionsTEMP(legacyPermissionSettings: LegacyPermissionSettings) {
// Package settings has been read when this method is called.
@@ -2092,9 +2267,7 @@
): List<LegacyPermission> =
permissions.mapIndexedTo(ArrayList()) { _, _, permission ->
// We don't need to provide UID and GIDs, which are only retrieved when dumping.
- LegacyPermission(
- permission.permissionInfo, permission.type, 0, EmptyArray.INT
- )
+ LegacyPermission(permission.permissionInfo, permission.type, 0, EmptyArray.INT)
}
override fun getLegacyPermissionState(appId: Int): LegacyPermissionState {
@@ -2103,17 +2276,18 @@
service.getState {
val permissions = with(policy) { getPermissions() }
userIds.forEachIndexed { _, userId ->
- val permissionFlags = with(policy) { getUidPermissionFlags(appId, userId) }
- ?: return@forEachIndexed
+ val permissionFlags =
+ with(policy) { getUidPermissionFlags(appId, userId) } ?: return@forEachIndexed
permissionFlags.forEachIndexed permissionFlags@{ _, permissionName, flags ->
val permission = permissions[permissionName] ?: return@permissionFlags
- val legacyPermissionState = LegacyPermissionState.PermissionState(
- permissionName,
- permission.isRuntime,
- PermissionFlags.isPermissionGranted(flags),
- PermissionFlags.toApiFlags(flags)
- )
+ val legacyPermissionState =
+ LegacyPermissionState.PermissionState(
+ permissionName,
+ permission.isRuntime,
+ PermissionFlags.isPermissionGranted(flags),
+ PermissionFlags.toApiFlags(flags)
+ )
legacyState.putPermissionState(legacyPermissionState, userId)
}
}
@@ -2137,16 +2311,13 @@
override fun onSystemReady() {
service.onSystemReady()
virtualDeviceManagerInternal =
- LocalServices.getService(VirtualDeviceManagerInternal::class.java)
- permissionControllerManager = PermissionControllerManager(
- context, PermissionThread.getHandler()
- )
+ LocalServices.getService(VirtualDeviceManagerInternal::class.java)
+ permissionControllerManager =
+ PermissionControllerManager(context, PermissionThread.getHandler())
}
override fun onUserCreated(userId: Int) {
- withCorkedPackageInfoCache {
- service.onUserAdded(userId)
- }
+ withCorkedPackageInfoCache { service.onUserAdded(userId) }
}
override fun onUserRemoved(userId: Int) {
@@ -2176,9 +2347,8 @@
// of onPackageAdded() and reuse this order in onStorageVolumeAdded(). We need the
// packages to be iterated in onStorageVolumeAdded() in the same order so that the
// ownership of permissions is consistent.
- storageVolumePackageNames.getOrPut(packageState.volumeUuid) {
- mutableListOf()
- } += packageState.packageName
+ storageVolumePackageNames.getOrPut(packageState.volumeUuid) { mutableListOf() } +=
+ packageState.packageName
if (packageState.volumeUuid !in mountedStorageVolumes) {
// Wait for the storage volume to be mounted and batch the state mutation there.
return
@@ -2218,23 +2388,26 @@
return
}
}
- val userIds = if (userId == UserHandle.USER_ALL) {
- userManagerService.userIdsIncludingPreCreated
- } else {
- intArrayOf(userId)
- }
+ val userIds =
+ if (userId == UserHandle.USER_ALL) {
+ userManagerService.userIdsIncludingPreCreated
+ } else {
+ intArrayOf(userId)
+ }
@Suppress("NAME_SHADOWING")
- userIds.forEach { userId ->
- service.onPackageInstalled(androidPackage.packageName, userId)
- }
+ userIds.forEach { userId -> service.onPackageInstalled(androidPackage.packageName, userId) }
@Suppress("NAME_SHADOWING")
userIds.forEach { userId ->
// TODO: Remove when this callback receives packageState directly.
val packageState =
packageManagerInternal.getPackageStateInternal(androidPackage.packageName)!!
- addAllowlistedRestrictedPermissionsUnchecked(androidPackage, packageState.appId,
- params.allowlistedRestrictedPermissions, userId)
+ addAllowlistedRestrictedPermissionsUnchecked(
+ androidPackage,
+ packageState.appId,
+ params.allowlistedRestrictedPermissions,
+ userId
+ )
setRequestedPermissionStates(packageState, userId, params.permissionStates)
}
}
@@ -2247,11 +2420,12 @@
sharedUserPkgs: List<AndroidPackage>,
userId: Int
) {
- val userIds = if (userId == UserHandle.USER_ALL) {
- userManagerService.userIdsIncludingPreCreated
- } else {
- intArrayOf(userId)
- }
+ val userIds =
+ if (userId == UserHandle.USER_ALL) {
+ userManagerService.userIdsIncludingPreCreated
+ } else {
+ intArrayOf(userId)
+ }
userIds.forEach { service.onPackageUninstalled(packageName, appId, it) }
val packageState = packageManagerInternal.packageStates[packageName]
if (packageState == null) {
@@ -2268,31 +2442,26 @@
}
}
- /**
- * Check whether a UID is root or system UID.
- */
+ /** Check whether a UID is root or system UID. */
private fun isRootOrSystemUid(uid: Int) =
when (UserHandle.getAppId(uid)) {
- Process.ROOT_UID, Process.SYSTEM_UID -> true
+ Process.ROOT_UID,
+ Process.SYSTEM_UID -> true
else -> false
}
- /**
- * Check whether a UID is shell UID.
- */
+ /** Check whether a UID is shell UID. */
private fun isShellUid(uid: Int) = UserHandle.getAppId(uid) == Process.SHELL_UID
- /**
- * Check whether a UID is root, system or shell UID.
- */
+ /** Check whether a UID is root, system or shell UID. */
private fun isRootOrSystemOrShellUid(uid: Int) = isRootOrSystemUid(uid) || isShellUid(uid)
/**
* This method should typically only be used when granting or revoking permissions, since the
* app may immediately restart after this call.
*
- * If you're doing surgery on app code/data, use [PackageFreezer] to guard your work against
- * the app being relaunched.
+ * If you're doing surgery on app code/data, use [PackageFreezer] to guard your work against the
+ * app being relaunched.
*/
private fun killUid(uid: Int, reason: String) {
val activityManager = ActivityManager.getService()
@@ -2309,9 +2478,7 @@
}
}
- /**
- * @see PackageManagerLocal.withFilteredSnapshot
- */
+ /** @see PackageManagerLocal.withFilteredSnapshot */
private fun PackageManagerLocal.withFilteredSnapshot(
callingUid: Int,
userId: Int
@@ -2329,35 +2496,27 @@
packageName: String
): PackageState? = packageStates[packageName]
- /**
- * Check whether a UID belongs to an instant app.
- */
+ /** Check whether a UID belongs to an instant app. */
private fun PackageManagerLocal.UnfilteredSnapshot.isUidInstantApp(uid: Int): Boolean =
// Unfortunately we don't have the API for getting the owner UID of an isolated UID or the
// API for getting the SharedUserApi object for an app ID yet, so for now we just keep
// calling the old API.
packageManagerInternal.getInstantAppPackageName(uid) != null
- /**
- * Check whether a package is visible to a UID within the same user as the UID.
- */
+ /** Check whether a package is visible to a UID within the same user as the UID. */
private fun PackageManagerLocal.UnfilteredSnapshot.isPackageVisibleToUid(
packageName: String,
uid: Int
): Boolean = isPackageVisibleToUid(packageName, UserHandle.getUserId(uid), uid)
- /**
- * Check whether a package in a particular user is visible to a UID.
- */
+ /** Check whether a package in a particular user is visible to a UID. */
private fun PackageManagerLocal.UnfilteredSnapshot.isPackageVisibleToUid(
packageName: String,
userId: Int,
uid: Int
): Boolean = filtered(uid, userId).use { it.getPackageState(packageName) != null }
- /**
- * @see PackageManagerLocal.UnfilteredSnapshot.filtered
- */
+ /** @see PackageManagerLocal.UnfilteredSnapshot.filtered */
private fun PackageManagerLocal.UnfilteredSnapshot.filtered(
callingUid: Int,
userId: Int
@@ -2380,13 +2539,16 @@
val callingUid = Binder.getCallingUid()
val callingUserId = UserHandle.getUserId(callingUid)
if (userId != callingUserId) {
- val permissionName = if (enforceFullPermission) {
- Manifest.permission.INTERACT_ACROSS_USERS_FULL
- } else {
- Manifest.permission.INTERACT_ACROSS_USERS
- }
- if (context.checkCallingOrSelfPermission(permissionName) !=
- PackageManager.PERMISSION_GRANTED) {
+ val permissionName =
+ if (enforceFullPermission) {
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL
+ } else {
+ Manifest.permission.INTERACT_ACROSS_USERS
+ }
+ if (
+ context.checkCallingOrSelfPermission(permissionName) !=
+ PackageManager.PERMISSION_GRANTED
+ ) {
val exceptionMessage = buildString {
if (message != null) {
append(message)
@@ -2403,9 +2565,11 @@
}
}
if (enforceShellRestriction && isShellUid(callingUid)) {
- val isShellRestricted = userManagerInternal.hasUserRestriction(
- UserManager.DISALLOW_DEBUGGING_FEATURES, userId
- )
+ val isShellRestricted =
+ userManagerInternal.hasUserRestriction(
+ UserManager.DISALLOW_DEBUGGING_FEATURES,
+ userId
+ )
if (isShellRestricted) {
val exceptionMessage = buildString {
if (message != null) {
@@ -2430,10 +2594,11 @@
message: String?,
vararg permissionNames: String
) {
- val hasAnyPermission = permissionNames.any { permissionName ->
- context.checkCallingOrSelfPermission(permissionName) ==
- PackageManager.PERMISSION_GRANTED
- }
+ val hasAnyPermission =
+ permissionNames.any { permissionName ->
+ context.checkCallingOrSelfPermission(permissionName) ==
+ PackageManager.PERMISSION_GRANTED
+ }
if (!hasAnyPermission) {
val exceptionMessage = buildString {
if (message != null) {
@@ -2449,9 +2614,7 @@
}
}
- /**
- * Callback invoked when interesting actions have been taken on a permission.
- */
+ /** Callback invoked when interesting actions have been taken on a permission. */
private inner class OnPermissionFlagsChangedListener :
AppIdPermissionPolicy.OnPermissionFlagsChangedListener() {
private var isPermissionFlagsChanged = false
@@ -2482,9 +2645,8 @@
isPermissionFlagsChanged = true
val uid = UserHandle.getUid(userId, appId)
- val permission = service.getState {
- with(policy) { getPermissions()[permissionName] }
- } ?: return
+ val permission =
+ service.getState { with(policy) { getPermissions()[permissionName] } } ?: return
val wasPermissionGranted = PermissionFlags.isPermissionGranted(oldFlags)
val isPermissionGranted = PermissionFlags.isPermissionGranted(newFlags)
@@ -2518,16 +2680,20 @@
runtimePermissionChangedUids.clear()
if (!isKillRuntimePermissionRevokedUidsSkipped) {
- val reason = if (killRuntimePermissionRevokedUidsReasons.isNotEmpty()) {
- killRuntimePermissionRevokedUidsReasons.joinToString(", ")
- } else {
- PermissionManager.KILL_APP_REASON_PERMISSIONS_REVOKED
- }
+ val reason =
+ if (killRuntimePermissionRevokedUidsReasons.isNotEmpty()) {
+ killRuntimePermissionRevokedUidsReasons.joinToString(", ")
+ } else {
+ PermissionManager.KILL_APP_REASON_PERMISSIONS_REVOKED
+ }
runtimePermissionRevokedUids.forEachIndexed {
- _, uid, areOnlyNotificationsPermissionsRevoked ->
+ _,
+ uid,
+ areOnlyNotificationsPermissionsRevoked ->
handler.post {
- if (areOnlyNotificationsPermissionsRevoked &&
- isAppBackupAndRestoreRunning(uid)
+ if (
+ areOnlyNotificationsPermissionsRevoked &&
+ isAppBackupAndRestoreRunning(uid)
) {
return@post
}
@@ -2547,19 +2713,27 @@
}
private fun isAppBackupAndRestoreRunning(uid: Int): Boolean {
- if (checkUidPermission(uid, Manifest.permission.BACKUP, Context.DEVICE_ID_DEFAULT) !=
- PackageManager.PERMISSION_GRANTED) {
+ if (
+ checkUidPermission(uid, Manifest.permission.BACKUP, Context.DEVICE_ID_DEFAULT) !=
+ PackageManager.PERMISSION_GRANTED
+ ) {
return false
}
return try {
val contentResolver = context.contentResolver
val userId = UserHandle.getUserId(uid)
- val isInSetup = Settings.Secure.getIntForUser(
- contentResolver, Settings.Secure.USER_SETUP_COMPLETE, userId
- ) == 0
- val isInDeferredSetup = Settings.Secure.getIntForUser(
- contentResolver, Settings.Secure.USER_SETUP_PERSONALIZATION_STATE, userId
- ) == Settings.Secure.USER_SETUP_PERSONALIZATION_STARTED
+ val isInSetup =
+ Settings.Secure.getIntForUser(
+ contentResolver,
+ Settings.Secure.USER_SETUP_COMPLETE,
+ userId
+ ) == 0
+ val isInDeferredSetup =
+ Settings.Secure.getIntForUser(
+ contentResolver,
+ Settings.Secure.USER_SETUP_PERSONALIZATION_STATE,
+ userId
+ ) == Settings.Secure.USER_SETUP_PERSONALIZATION_STARTED
isInSetup || isInDeferredSetup
} catch (e: Settings.SettingNotFoundException) {
Slog.w(LOG_TAG, "Failed to check if the user is in restore: $e")
@@ -2620,31 +2794,34 @@
@EnabledAfter(targetSdkVersion = Build.VERSION_CODES.Q)
private val BACKGROUND_RATIONALE_CHANGE_ID = 147316723L
- private val FULLER_PERMISSIONS = ArrayMap<String, String>().apply {
- this[Manifest.permission.ACCESS_COARSE_LOCATION] =
- Manifest.permission.ACCESS_FINE_LOCATION
- this[Manifest.permission.INTERACT_ACROSS_USERS] =
- Manifest.permission.INTERACT_ACROSS_USERS_FULL
- }
+ private val FULLER_PERMISSIONS =
+ ArrayMap<String, String>().apply {
+ this[Manifest.permission.ACCESS_COARSE_LOCATION] =
+ Manifest.permission.ACCESS_FINE_LOCATION
+ this[Manifest.permission.INTERACT_ACROSS_USERS] =
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL
+ }
- private val NOTIFICATIONS_PERMISSIONS = arraySetOf(
- Manifest.permission.POST_NOTIFICATIONS
- )
+ private val NOTIFICATIONS_PERMISSIONS = arraySetOf(Manifest.permission.POST_NOTIFICATIONS)
- private const val REVIEW_REQUIRED_FLAGS = PermissionFlags.LEGACY_GRANTED or
- PermissionFlags.IMPLICIT
- private const val UNREQUESTABLE_MASK = PermissionFlags.RESTRICTION_REVOKED or
- PermissionFlags.SYSTEM_FIXED or PermissionFlags.POLICY_FIXED or
- PermissionFlags.USER_FIXED
+ private const val REVIEW_REQUIRED_FLAGS =
+ PermissionFlags.LEGACY_GRANTED or PermissionFlags.IMPLICIT
+ private const val UNREQUESTABLE_MASK =
+ PermissionFlags.RESTRICTION_REVOKED or
+ PermissionFlags.SYSTEM_FIXED or
+ PermissionFlags.POLICY_FIXED or
+ PermissionFlags.USER_FIXED
private val BACKUP_TIMEOUT_MILLIS = TimeUnit.SECONDS.toMillis(60)
- /** Cap the size of permission trees that 3rd party apps can define; in characters of text */
+ /**
+ * Cap the size of permission trees that 3rd party apps can define; in characters of text
+ */
private const val MAX_PERMISSION_TREE_FOOTPRINT = 32768
private const val PERMISSION_ALLOWLIST_MASK =
PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE or
- PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM or
- PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER
+ PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM or
+ PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER
}
}
diff --git a/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt b/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt
index bd82935..6b20ef1 100644
--- a/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt
@@ -25,9 +25,7 @@
import java.io.FileOutputStream
import java.io.IOException
-/**
- * Read from an [AtomicFile], fallback to reserve file to read the data.
- */
+/** Read from an [AtomicFile], fallback to reserve file to read the data. */
@Throws(Exception::class)
inline fun AtomicFile.readWithReserveCopy(block: (FileInputStream) -> Unit) {
try {
@@ -46,9 +44,7 @@
}
}
-/**
- * Write to actual file and reserve file.
- */
+/** Write to actual file and reserve file. */
@Throws(IOException::class)
inline fun AtomicFile.writeWithReserveCopy(block: (FileOutputStream) -> Unit) {
val reserveFile = File(baseFile.parentFile, baseFile.name + ".reservecopy")
@@ -66,9 +62,7 @@
}
}
-/**
- * Write to an [AtomicFile] and close everything safely when done.
- */
+/** Write to an [AtomicFile] and close everything safely when done. */
@Throws(IOException::class)
// Renamed to writeInlined() to avoid conflict with the hidden AtomicFile.write() that isn't inline.
inline fun AtomicFile.writeInlined(block: (FileOutputStream) -> Unit) {
diff --git a/services/permission/java/com/android/server/permission/access/util/BinaryXmlPullParserExtensions.kt b/services/permission/java/com/android/server/permission/access/util/BinaryXmlPullParserExtensions.kt
index 1d27aef..6ab73c7 100644
--- a/services/permission/java/com/android/server/permission/access/util/BinaryXmlPullParserExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/util/BinaryXmlPullParserExtensions.kt
@@ -22,9 +22,7 @@
import org.xmlpull.v1.XmlPullParser
import org.xmlpull.v1.XmlPullParserException
-/**
- * Parse content from [InputStream] with [BinaryXmlPullParser].
- */
+/** Parse content from [InputStream] with [BinaryXmlPullParser]. */
@Throws(IOException::class, XmlPullParserException::class)
inline fun InputStream.parseBinaryXml(block: BinaryXmlPullParser.() -> Unit) {
BinaryXmlPullParser().apply {
@@ -35,6 +33,7 @@
/**
* Iterate through child tags of the current tag.
+ *
* <p>
* Attributes for the current tag needs to be accessed before this method is called because this
* method will advance the parser past the start tag of the current tag. The code inspecting each
@@ -50,7 +49,8 @@
inline fun BinaryXmlPullParser.forEachTag(block: BinaryXmlPullParser.() -> Unit) {
when (val eventType = eventType) {
// Document start or start tag of the parent tag.
- XmlPullParser.START_DOCUMENT, XmlPullParser.START_TAG -> nextTagOrEnd()
+ XmlPullParser.START_DOCUMENT,
+ XmlPullParser.START_TAG -> nextTagOrEnd()
else -> throw XmlPullParserException("Unexpected event type $eventType")
}
while (true) {
@@ -90,7 +90,8 @@
nextTagOrEnd()
}
// End tag of the parent tag, or document end.
- XmlPullParser.END_TAG, XmlPullParser.END_DOCUMENT -> break
+ XmlPullParser.END_TAG,
+ XmlPullParser.END_DOCUMENT -> break
else -> throw XmlPullParserException("Unexpected event type $eventType")
}
}
@@ -107,193 +108,146 @@
inline fun BinaryXmlPullParser.nextTagOrEnd(): Int {
while (true) {
when (val eventType = next()) {
- XmlPullParser.START_TAG, XmlPullParser.END_TAG, XmlPullParser.END_DOCUMENT ->
- return eventType
+ XmlPullParser.START_TAG,
+ XmlPullParser.END_TAG,
+ XmlPullParser.END_DOCUMENT -> return eventType
else -> continue
}
}
}
-/**
- * @see BinaryXmlPullParser.getName
- */
+/** @see BinaryXmlPullParser.getName */
inline val BinaryXmlPullParser.tagName: String
get() = name
-/**
- * Check whether an attribute exists for the current tag.
- */
+/** Check whether an attribute exists for the current tag. */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.hasAttribute(name: String): Boolean = getAttributeIndex(name) != -1
-/**
- * @see BinaryXmlPullParser.getAttributeIndex
- */
+/** @see BinaryXmlPullParser.getAttributeIndex */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeIndex(name: String): Int = getAttributeIndex(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeIndexOrThrow
- */
+/** @see BinaryXmlPullParser.getAttributeIndexOrThrow */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeIndexOrThrow(name: String): Int =
getAttributeIndexOrThrow(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeValue
- */
+/** @see BinaryXmlPullParser.getAttributeValue */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeValue(name: String): String? =
getAttributeValue(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeValue
- */
+/** @see BinaryXmlPullParser.getAttributeValue */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeValueOrThrow(name: String): String =
getAttributeValue(getAttributeIndexOrThrow(name))
-/**
- * @see BinaryXmlPullParser.getAttributeBytesHex
- */
+/** @see BinaryXmlPullParser.getAttributeBytesHex */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeBytesHex(name: String): ByteArray? =
getAttributeBytesHex(null, name, null)
-/**
- * @see BinaryXmlPullParser.getAttributeBytesHex
- */
+/** @see BinaryXmlPullParser.getAttributeBytesHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeBytesHexOrThrow(name: String): ByteArray =
getAttributeBytesHex(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeBytesBase64
- */
+/** @see BinaryXmlPullParser.getAttributeBytesBase64 */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeBytesBase64(name: String): ByteArray? =
getAttributeBytesBase64(null, name, null)
-/**
- * @see BinaryXmlPullParser.getAttributeBytesBase64
- */
+/** @see BinaryXmlPullParser.getAttributeBytesBase64 */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeBytesBase64OrThrow(name: String): ByteArray =
getAttributeBytesBase64(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeInt
- */
+/** @see BinaryXmlPullParser.getAttributeInt */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeIntOrDefault(name: String, defaultValue: Int): Int =
getAttributeInt(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeInt
- */
+/** @see BinaryXmlPullParser.getAttributeInt */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeIntOrThrow(name: String): Int =
getAttributeInt(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeIntHex
- */
+/** @see BinaryXmlPullParser.getAttributeIntHex */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeIntHexOrDefault(name: String, defaultValue: Int): Int =
getAttributeIntHex(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeIntHex
- */
+/** @see BinaryXmlPullParser.getAttributeIntHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeIntHexOrThrow(name: String): Int =
getAttributeIntHex(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeLong
- */
+/** @see BinaryXmlPullParser.getAttributeLong */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeLongOrDefault(name: String, defaultValue: Long): Long =
getAttributeLong(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeLong
- */
+/** @see BinaryXmlPullParser.getAttributeLong */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeLongOrThrow(name: String): Long =
getAttributeLong(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeLongHex
- */
+/** @see BinaryXmlPullParser.getAttributeLongHex */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeLongHexOrDefault(
name: String,
defaultValue: Long
): Long = getAttributeLongHex(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeLongHex
- */
+/** @see BinaryXmlPullParser.getAttributeLongHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeLongHexOrThrow(name: String): Long =
getAttributeLongHex(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeFloat
- */
+/** @see BinaryXmlPullParser.getAttributeFloat */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeFloatOrDefault(
name: String,
defaultValue: Float
): Float = getAttributeFloat(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeFloat
- */
+/** @see BinaryXmlPullParser.getAttributeFloat */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeFloatOrThrow(name: String): Float =
getAttributeFloat(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeDouble
- */
+/** @see BinaryXmlPullParser.getAttributeDouble */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeDoubleOrDefault(
name: String,
defaultValue: Double
): Double = getAttributeDouble(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeDouble
- */
+/** @see BinaryXmlPullParser.getAttributeDouble */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeDoubleOrThrow(name: String): Double =
getAttributeDouble(null, name)
-/**
- * @see BinaryXmlPullParser.getAttributeBoolean
- */
+/** @see BinaryXmlPullParser.getAttributeBoolean */
@Suppress("NOTHING_TO_INLINE")
inline fun BinaryXmlPullParser.getAttributeBooleanOrDefault(
name: String,
defaultValue: Boolean
): Boolean = getAttributeBoolean(null, name, defaultValue)
-/**
- * @see BinaryXmlPullParser.getAttributeBoolean
- */
+/** @see BinaryXmlPullParser.getAttributeBoolean */
@Suppress("NOTHING_TO_INLINE")
@Throws(XmlPullParserException::class)
inline fun BinaryXmlPullParser.getAttributeBooleanOrThrow(name: String): Boolean =
diff --git a/services/permission/java/com/android/server/permission/access/util/BinaryXmlSerializerExtensions.kt b/services/permission/java/com/android/server/permission/access/util/BinaryXmlSerializerExtensions.kt
index c8cd586..6500a7d 100644
--- a/services/permission/java/com/android/server/permission/access/util/BinaryXmlSerializerExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/util/BinaryXmlSerializerExtensions.kt
@@ -20,9 +20,7 @@
import java.io.IOException
import java.io.OutputStream
-/**
- * Serialize content into [OutputStream] with [BinaryXmlSerializer].
- */
+/** Serialize content into [OutputStream] with [BinaryXmlSerializer]. */
@Throws(IOException::class)
inline fun OutputStream.serializeBinaryXml(block: BinaryXmlSerializer.() -> Unit) {
BinaryXmlSerializer().apply {
@@ -57,54 +55,42 @@
endTag(null, name)
}
-/**
- * @see BinaryXmlSerializer.attribute
- */
+/** @see BinaryXmlSerializer.attribute */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attribute(name: String, value: String) {
attribute(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeInterned
- */
+/** @see BinaryXmlSerializer.attributeInterned */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeInterned(name: String, value: String) {
attributeInterned(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeBytesHex
- */
+/** @see BinaryXmlSerializer.attributeBytesHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeBytesHex(name: String, value: ByteArray) {
attributeBytesHex(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeBytesBase64
- */
+/** @see BinaryXmlSerializer.attributeBytesBase64 */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeBytesBase64(name: String, value: ByteArray) {
attributeBytesBase64(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeInt
- */
+/** @see BinaryXmlSerializer.attributeInt */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeInt(name: String, value: Int) {
attributeInt(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeInt
- */
+/** @see BinaryXmlSerializer.attributeInt */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeIntWithDefault(
@@ -117,18 +103,14 @@
}
}
-/**
- * @see BinaryXmlSerializer.attributeIntHex
- */
+/** @see BinaryXmlSerializer.attributeIntHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeIntHex(name: String, value: Int) {
attributeIntHex(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeIntHex
- */
+/** @see BinaryXmlSerializer.attributeIntHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeIntHexWithDefault(
@@ -141,18 +123,14 @@
}
}
-/**
- * @see BinaryXmlSerializer.attributeLong
- */
+/** @see BinaryXmlSerializer.attributeLong */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeLong(name: String, value: Long) {
attributeLong(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeLong
- */
+/** @see BinaryXmlSerializer.attributeLong */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeLongWithDefault(
@@ -165,18 +143,14 @@
}
}
-/**
- * @see BinaryXmlSerializer.attributeLongHex
- */
+/** @see BinaryXmlSerializer.attributeLongHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeLongHex(name: String, value: Long) {
attributeLongHex(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeLongHex
- */
+/** @see BinaryXmlSerializer.attributeLongHex */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeLongHexWithDefault(
@@ -189,18 +163,14 @@
}
}
-/**
- * @see BinaryXmlSerializer.attributeFloat
- */
+/** @see BinaryXmlSerializer.attributeFloat */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeFloat(name: String, value: Float) {
attributeFloat(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeFloat
- */
+/** @see BinaryXmlSerializer.attributeFloat */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeFloatWithDefault(
@@ -213,18 +183,14 @@
}
}
-/**
- * @see BinaryXmlSerializer.attributeDouble
- */
+/** @see BinaryXmlSerializer.attributeDouble */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeDouble(name: String, value: Double) {
attributeDouble(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeDouble
- */
+/** @see BinaryXmlSerializer.attributeDouble */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeDoubleWithDefault(
@@ -237,18 +203,14 @@
}
}
-/**
- * @see BinaryXmlSerializer.attributeBoolean
- */
+/** @see BinaryXmlSerializer.attributeBoolean */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeBoolean(name: String, value: Boolean) {
attributeBoolean(null, name, value)
}
-/**
- * @see BinaryXmlSerializer.attributeBoolean
- */
+/** @see BinaryXmlSerializer.attributeBoolean */
@Suppress("NOTHING_TO_INLINE")
@Throws(IOException::class)
inline fun BinaryXmlSerializer.attributeBooleanWithDefault(
diff --git a/services/permission/java/com/android/server/permission/access/util/PackageVersionMigration.kt b/services/permission/java/com/android/server/permission/access/util/PackageVersionMigration.kt
index a61489c..3ef284b 100644
--- a/services/permission/java/com/android/server/permission/access/util/PackageVersionMigration.kt
+++ b/services/permission/java/com/android/server/permission/access/util/PackageVersionMigration.kt
@@ -22,13 +22,13 @@
object PackageVersionMigration {
/**
- * Maps existing permission and app-op version to a unified version during OTA upgrade. The
- * new unified version is used in determining the upgrade steps for a package (for both
- * permission and app-ops).
+ * Maps existing permission and app-op version to a unified version during OTA upgrade. The new
+ * unified version is used in determining the upgrade steps for a package (for both permission
+ * and app-ops).
*
* @return unified permission/app-op version
* @throws IllegalStateException if the method is called when there is nothing to migrate i.e.
- * permission and app-op file does not exist.
+ * permission and app-op file does not exist.
*/
internal fun getVersion(userId: Int): Int {
val permissionMigrationHelper =
diff --git a/services/permission/java/com/android/server/permission/access/util/PermissionApex.kt b/services/permission/java/com/android/server/permission/access/util/PermissionApex.kt
index e6b4e3e..3d835e8 100644
--- a/services/permission/java/com/android/server/permission/access/util/PermissionApex.kt
+++ b/services/permission/java/com/android/server/permission/access/util/PermissionApex.kt
@@ -23,15 +23,11 @@
object PermissionApex {
private const val MODULE_NAME = "com.android.permission"
- /**
- * @see ApexEnvironment.getDeviceProtectedDataDir
- */
+ /** @see ApexEnvironment.getDeviceProtectedDataDir */
val systemDataDirectory: File
get() = apexEnvironment.deviceProtectedDataDir
- /**
- * @see ApexEnvironment.getDeviceProtectedDataDirForUser
- */
+ /** @see ApexEnvironment.getDeviceProtectedDataDirForUser */
fun getUserDataDirectory(userId: Int): File =
apexEnvironment.getDeviceProtectedDataDirForUser(UserHandle.of(userId))