@EnforcePermission migrations
Migrates call sites to use the @EnforcePermission annotation
instead of manually checking permissions.
These are fully behavior-preserving changes that can be identified by
Android Lint (see SimpleManualPermissionEnforcementDetector)
Bug: 232058525
Test: TH
Change-Id: Ic654ed1de23462b982ec2ea9853f9a22e3c03dd7
diff --git a/core/java/android/app/INotificationManager.aidl b/core/java/android/app/INotificationManager.aidl
index ef9de18..5ba9e1d 100644
--- a/core/java/android/app/INotificationManager.aidl
+++ b/core/java/android/app/INotificationManager.aidl
@@ -127,13 +127,16 @@
// INotificationListener method.
@UnsupportedAppUsage
StatusBarNotification[] getActiveNotifications(String callingPkg);
+ @EnforcePermission("ACCESS_NOTIFICATIONS")
StatusBarNotification[] getActiveNotificationsWithAttribution(String callingPkg,
String callingAttributionTag);
@UnsupportedAppUsage(maxTargetSdk = 30, trackingBug = 170729553)
StatusBarNotification[] getHistoricalNotifications(String callingPkg, int count, boolean includeSnoozed);
+ @EnforcePermission("ACCESS_NOTIFICATIONS")
StatusBarNotification[] getHistoricalNotificationsWithAttribution(String callingPkg,
String callingAttributionTag, int count, boolean includeSnoozed);
+ @EnforcePermission("ACCESS_NOTIFICATIONS")
NotificationHistory getNotificationHistory(String callingPkg, String callingAttributionTag);
void registerListener(in INotificationListener listener, in ComponentName component, int userid);
diff --git a/core/java/android/app/ambientcontext/IAmbientContextManager.aidl b/core/java/android/app/ambientcontext/IAmbientContextManager.aidl
index 8f06e76..a06bdd3 100644
--- a/core/java/android/app/ambientcontext/IAmbientContextManager.aidl
+++ b/core/java/android/app/ambientcontext/IAmbientContextManager.aidl
@@ -35,6 +35,7 @@
void registerObserverWithCallback(in AmbientContextEventRequest request,
String packageName,
in IAmbientContextObserver observer);
+ @EnforcePermission("ACCESS_AMBIENT_CONTEXT_EVENT")
void unregisterObserver(in String callingPackage);
void queryServiceStatus(in int[] eventTypes, in String callingPackage,
in RemoteCallback statusCallback);
diff --git a/core/java/android/content/IClipboard.aidl b/core/java/android/content/IClipboard.aidl
index fe7798f..e0fba1d 100644
--- a/core/java/android/content/IClipboard.aidl
+++ b/core/java/android/content/IClipboard.aidl
@@ -28,6 +28,7 @@
interface IClipboard {
void setPrimaryClip(in ClipData clip, String callingPackage, String attributionTag, int userId,
int deviceId);
+ @EnforcePermission("SET_CLIP_SOURCE")
void setPrimaryClipAsPackage(in ClipData clip, String callingPackage, String attributionTag,
int userId, int deviceId, String sourcePackage);
void clearPrimaryClip(String callingPackage, String attributionTag, int userId, int deviceId);
@@ -46,6 +47,7 @@
boolean hasClipboardText(String callingPackage, String attributionTag, int userId,
int deviceId);
+ @EnforcePermission("SET_CLIP_SOURCE")
String getPrimaryClipSource(String callingPackage, String attributionTag, int userId,
int deviceId);
diff --git a/core/java/android/content/IContentService.aidl b/core/java/android/content/IContentService.aidl
index 127466d..0d11c78 100644
--- a/core/java/android/content/IContentService.aidl
+++ b/core/java/android/content/IContentService.aidl
@@ -160,6 +160,7 @@
* @param cname component to identify sync service, must be null if account/providerName are
* non-null.
*/
+ @EnforcePermission("READ_SYNC_STATS")
@UnsupportedAppUsage(maxTargetSdk = 30, trackingBug = 170729553)
boolean isSyncActive(in Account account, String authority, in ComponentName cname);
@@ -183,6 +184,7 @@
* non-null.
*/
boolean isSyncPending(in Account account, String authority, in ComponentName cname);
+ @EnforcePermission("READ_SYNC_STATS")
boolean isSyncPendingAsUser(in Account account, String authority, in ComponentName cname,
int userId);
diff --git a/core/java/android/content/pm/IPackageInstaller.aidl b/core/java/android/content/pm/IPackageInstaller.aidl
index e3016a4..ebe2aa3 100644
--- a/core/java/android/content/pm/IPackageInstaller.aidl
+++ b/core/java/android/content/pm/IPackageInstaller.aidl
@@ -59,6 +59,7 @@
void installExistingPackage(String packageName, int installFlags, int installReason,
in IntentSender statusReceiver, int userId, in List<String> whiteListedPermissions);
+ @EnforcePermission("INSTALL_PACKAGES")
void setPermissionsResult(int sessionId, boolean accepted);
void bypassNextStagedInstallerCheck(boolean value);
diff --git a/core/java/android/content/pm/IPackageInstallerSession.aidl b/core/java/android/content/pm/IPackageInstallerSession.aidl
index 081f263..ea69a2b 100644
--- a/core/java/android/content/pm/IPackageInstallerSession.aidl
+++ b/core/java/android/content/pm/IPackageInstallerSession.aidl
@@ -49,8 +49,11 @@
void seal();
List<String> fetchPackageNames();
+ @EnforcePermission("USE_INSTALLER_V2")
DataLoaderParamsParcel getDataLoaderParams();
+ @EnforcePermission("USE_INSTALLER_V2")
void addFile(int location, String name, long lengthBytes, in byte[] metadata, in byte[] signature);
+ @EnforcePermission("USE_INSTALLER_V2")
void removeFile(int location, String name);
boolean isMultiPackage();
diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl
index 410994d..5749128 100644
--- a/core/java/android/content/pm/IPackageManager.aidl
+++ b/core/java/android/content/pm/IPackageManager.aidl
@@ -159,6 +159,7 @@
*/
ParceledListSlice getInstalledPackages(long flags, in int userId);
+ @EnforcePermission("GET_APP_METADATA")
@nullable ParcelFileDescriptor getAppMetadataFd(String packageName,
int userId);
@@ -282,9 +283,11 @@
void addCrossProfileIntentFilter(in IntentFilter intentFilter, String ownerPackage,
int sourceUserId, int targetUserId, int flags);
+ @EnforcePermission("INTERACT_ACROSS_USERS_FULL")
boolean removeCrossProfileIntentFilter(in IntentFilter intentFilter, String ownerPackage,
int sourceUserId, int targetUserId, int flags);
+ @EnforcePermission("INTERACT_ACROSS_USERS_FULL")
void clearCrossProfileIntentFilters(int sourceUserId, String ownerPackage);
String[] setDistractingPackageRestrictionsAsUser(in String[] packageNames, int restrictionFlags,
@@ -416,6 +419,7 @@
* @param observer call back used to notify when
* the operation is completed
*/
+ @EnforcePermission("CLEAR_APP_CACHE")
void freeStorageAndNotify(in String volumeUuid, in long freeStorageSize,
int storageFlags, IPackageDataObserver observer);
@@ -440,6 +444,7 @@
* notify when the operation is completed.May be null
* to indicate that no call back is desired.
*/
+ @EnforcePermission("CLEAR_APP_CACHE")
void freeStorage(in String volumeUuid, in long freeStorageSize,
int storageFlags, in IntentSender pi);
@@ -467,6 +472,7 @@
* files need to be deleted
* @param observer a callback used to notify when the operation is completed.
*/
+ @EnforcePermission("CLEAR_APP_USER_DATA")
void clearApplicationUserData(in String packageName, IPackageDataObserver observer, int userId);
/**
@@ -576,14 +582,20 @@
boolean performDexOptSecondary(String packageName,
String targetCompilerFilter, boolean force);
+ @EnforcePermission("MOUNT_UNMOUNT_FILESYSTEMS")
int getMoveStatus(int moveId);
+ @EnforcePermission("MOUNT_UNMOUNT_FILESYSTEMS")
void registerMoveCallback(in IPackageMoveObserver callback);
+ @EnforcePermission("MOUNT_UNMOUNT_FILESYSTEMS")
void unregisterMoveCallback(in IPackageMoveObserver callback);
+ @EnforcePermission("MOVE_PACKAGE")
int movePackage(in String packageName, in String volumeUuid);
+ @EnforcePermission("MOVE_PACKAGE")
int movePrimaryStorage(in String volumeUuid);
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
boolean setInstallLocation(int loc);
@UnsupportedAppUsage
int getInstallLocation();
@@ -604,6 +616,7 @@
ParceledListSlice getIntentFilterVerifications(String packageName);
ParceledListSlice getAllIntentFilters(String packageName);
+ @EnforcePermission("PACKAGE_VERIFICATION_AGENT")
VerifierDeviceIdentity getVerifierDeviceIdentity();
boolean isFirstBoot();
@@ -613,6 +626,7 @@
@UnsupportedAppUsage
boolean isStorageLow();
+ @EnforcePermission("MANAGE_USERS")
@UnsupportedAppUsage
boolean setApplicationHiddenSettingAsUser(String packageName, boolean hidden, int userId);
boolean getApplicationHiddenSettingAsUser(String packageName, int userId);
@@ -623,6 +637,7 @@
@UnsupportedAppUsage(maxTargetSdk = 30, trackingBug = 170729553)
IPackageInstaller getPackageInstaller();
+ @EnforcePermission("DELETE_PACKAGES")
boolean setBlockUninstallForUser(String packageName, boolean blockUninstall, int userId);
@UnsupportedAppUsage
boolean getBlockUninstallForUser(String packageName, int userId);
@@ -648,6 +663,7 @@
* Sets whether or not an update is available. Ostensibly for instant apps
* to force exteranl resolution.
*/
+ @EnforcePermission("INSTALL_PACKAGES")
void setUpdateAvailable(String packageName, boolean updateAvaialble);
@UnsupportedAppUsage(maxTargetSdk = 30, trackingBug = 170729553)
@@ -675,6 +691,7 @@
ComponentName getInstantAppInstallerComponent();
+ @EnforcePermission("ACCESS_INSTANT_APPS")
String getInstantAppAndroidId(String packageName, int userId);
IArtManager getArtManager();
@@ -773,6 +790,7 @@
void makeProviderVisible(int recipientAppId, String visibleAuthority);
+ @EnforcePermission("MAKE_UID_VISIBLE")
@JavaPassthrough(annotation = "@android.annotation.RequiresPermission(android.Manifest"
+ ".permission.MAKE_UID_VISIBLE)")
void makeUidVisible(int recipientAppId, int visibleUid);
diff --git a/core/java/android/hardware/devicestate/IDeviceStateManager.aidl b/core/java/android/hardware/devicestate/IDeviceStateManager.aidl
index 0993160..0d73a11 100644
--- a/core/java/android/hardware/devicestate/IDeviceStateManager.aidl
+++ b/core/java/android/hardware/devicestate/IDeviceStateManager.aidl
@@ -111,6 +111,7 @@
*
* This should only be called from the overlay itself.
*/
+ @EnforcePermission("CONTROL_DEVICE_STATE")
@JavaPassthrough(annotation=
"@android.annotation.RequiresPermission(android.Manifest.permission.CONTROL_DEVICE_STATE)")
void onStateRequestOverlayDismissed(boolean shouldCancelRequest);
diff --git a/core/java/android/hardware/display/IColorDisplayManager.aidl b/core/java/android/hardware/display/IColorDisplayManager.aidl
index 200cf736..77dfb47 100644
--- a/core/java/android/hardware/display/IColorDisplayManager.aidl
+++ b/core/java/android/hardware/display/IColorDisplayManager.aidl
@@ -32,26 +32,36 @@
int getTransformCapabilities();
boolean isNightDisplayActivated();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setNightDisplayActivated(boolean activated);
int getNightDisplayColorTemperature();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setNightDisplayColorTemperature(int temperature);
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
int getNightDisplayAutoMode();
int getNightDisplayAutoModeRaw();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setNightDisplayAutoMode(int autoMode);
Time getNightDisplayCustomStartTime();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setNightDisplayCustomStartTime(in Time time);
Time getNightDisplayCustomEndTime();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setNightDisplayCustomEndTime(in Time time);
int getColorMode();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
void setColorMode(int colorMode);
boolean isDisplayWhiteBalanceEnabled();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setDisplayWhiteBalanceEnabled(boolean enabled);
boolean isReduceBrightColorsActivated();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setReduceBrightColorsActivated(boolean activated);
int getReduceBrightColorsStrength();
+ @EnforcePermission("CONTROL_DISPLAY_COLOR_TRANSFORMS")
boolean setReduceBrightColorsStrength(int strength);
float getReduceBrightColorsOffsetFactor();
}
\ No newline at end of file
diff --git a/core/java/android/hardware/display/IDisplayManager.aidl b/core/java/android/hardware/display/IDisplayManager.aidl
index a3b7b51..18edbdb 100644
--- a/core/java/android/hardware/display/IDisplayManager.aidl
+++ b/core/java/android/hardware/display/IDisplayManager.aidl
@@ -47,9 +47,11 @@
// Requires CONFIGURE_WIFI_DISPLAY permission.
// The process must have previously registered a callback.
+ @EnforcePermission("CONFIGURE_WIFI_DISPLAY")
void startWifiDisplayScan();
// Requires CONFIGURE_WIFI_DISPLAY permission.
+ @EnforcePermission("CONFIGURE_WIFI_DISPLAY")
void stopWifiDisplayScan();
// Requires CONFIGURE_WIFI_DISPLAY permission.
@@ -65,18 +67,22 @@
void forgetWifiDisplay(String address);
// Requires CONFIGURE_WIFI_DISPLAY permission.
+ @EnforcePermission("CONFIGURE_WIFI_DISPLAY")
void pauseWifiDisplay();
// Requires CONFIGURE_WIFI_DISPLAY permission.
+ @EnforcePermission("CONFIGURE_WIFI_DISPLAY")
void resumeWifiDisplay();
// No permissions required.
WifiDisplayStatus getWifiDisplayStatus();
// Requires WRITE_SECURE_SETTINGS permission.
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void setUserDisabledHdrTypes(in int[] userDisabledTypes);
// Requires WRITE_SECURE_SETTINGS permission.
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void setAreUserDisabledHdrTypesAllowed(boolean areUserDisabledHdrTypesAllowed);
// No permissions required.
@@ -89,6 +95,7 @@
void overrideHdrTypes(int displayId, in int[] modes);
// Requires CONFIGURE_DISPLAY_COLOR_MODE
+ @EnforcePermission("CONFIGURE_DISPLAY_COLOR_MODE")
void requestColorMode(int displayId, int colorMode);
// Requires CAPTURE_VIDEO_OUTPUT, CAPTURE_SECURE_VIDEO_OUTPUT, or an appropriate
@@ -114,24 +121,29 @@
Point getStableDisplaySize();
// Requires BRIGHTNESS_SLIDER_USAGE permission.
+ @EnforcePermission("BRIGHTNESS_SLIDER_USAGE")
ParceledListSlice getBrightnessEvents(String callingPackage);
// Requires ACCESS_AMBIENT_LIGHT_STATS permission.
+ @EnforcePermission("ACCESS_AMBIENT_LIGHT_STATS")
ParceledListSlice getAmbientBrightnessStats();
// Sets the global brightness configuration for a given user. Requires
// CONFIGURE_DISPLAY_BRIGHTNESS, and INTERACT_ACROSS_USER if the user being configured is not
// the same as the calling user.
+ @EnforcePermission("CONFIGURE_DISPLAY_BRIGHTNESS")
void setBrightnessConfigurationForUser(in BrightnessConfiguration c, int userId,
String packageName);
// Sets the global brightness configuration for a given display. Requires
// CONFIGURE_DISPLAY_BRIGHTNESS.
+ @EnforcePermission("CONFIGURE_DISPLAY_BRIGHTNESS")
void setBrightnessConfigurationForDisplay(in BrightnessConfiguration c, String uniqueDisplayId,
int userId, String packageName);
// Gets the brightness configuration for a given display. Requires
// CONFIGURE_DISPLAY_BRIGHTNESS.
+ @EnforcePermission("CONFIGURE_DISPLAY_BRIGHTNESS")
BrightnessConfiguration getBrightnessConfigurationForDisplay(String uniqueDisplayId,
int userId);
@@ -141,27 +153,32 @@
BrightnessConfiguration getBrightnessConfigurationForUser(int userId);
// Gets the default brightness configuration if configured.
+ @EnforcePermission("CONFIGURE_DISPLAY_BRIGHTNESS")
BrightnessConfiguration getDefaultBrightnessConfiguration();
// Gets the last requested minimal post processing settings for display with displayId.
boolean isMinimalPostProcessingRequested(int displayId);
// Temporarily sets the display brightness.
+ @EnforcePermission("CONTROL_DISPLAY_BRIGHTNESS")
void setTemporaryBrightness(int displayId, float brightness);
// Saves the display brightness.
+ @EnforcePermission("CONTROL_DISPLAY_BRIGHTNESS")
void setBrightness(int displayId, float brightness);
// Retrieves the display brightness.
float getBrightness(int displayId);
// Temporarily sets the auto brightness adjustment factor.
+ @EnforcePermission("CONTROL_DISPLAY_BRIGHTNESS")
void setTemporaryAutoBrightnessAdjustment(float adjustment);
// Get the minimum brightness curve.
Curve getMinimumBrightnessCurve();
// Get Brightness Information for the specified display.
+ @EnforcePermission("CONTROL_DISPLAY_BRIGHTNESS")
BrightnessInfo getBrightnessInfo(int displayId);
// Gets the id of the preferred wide gamut color space for all displays.
@@ -171,6 +188,7 @@
// Sets the user preferred display mode.
// Requires MODIFY_USER_PREFERRED_DISPLAY_MODE permission.
+ @EnforcePermission("MODIFY_USER_PREFERRED_DISPLAY_MODE")
void setUserPreferredDisplayMode(int displayId, in Mode mode);
Mode getUserPreferredDisplayMode(int displayId);
Mode getSystemPreferredDisplayMode(int displayId);
@@ -187,10 +205,13 @@
// When enabled the app requested display resolution and refresh rate is always selected
// in DisplayModeDirector regardless of user settings and policies for low brightness, low
// battery etc.
+ @EnforcePermission("OVERRIDE_DISPLAY_MODE_REQUESTS")
void setShouldAlwaysRespectAppRequestedMode(boolean enabled);
+ @EnforcePermission("OVERRIDE_DISPLAY_MODE_REQUESTS")
boolean shouldAlwaysRespectAppRequestedMode();
// Sets the refresh rate switching type.
+ @EnforcePermission("MODIFY_REFRESH_RATE_SWITCHING_TYPE")
void setRefreshRateSwitchingType(int newValue);
// Returns the refresh rate switching type.
diff --git a/core/java/android/os/IRecoverySystem.aidl b/core/java/android/os/IRecoverySystem.aidl
index 88bdb7f..b3628ff 100644
--- a/core/java/android/os/IRecoverySystem.aidl
+++ b/core/java/android/os/IRecoverySystem.aidl
@@ -23,6 +23,7 @@
/** @hide */
interface IRecoverySystem {
+ @EnforcePermission("RECOVERY")
boolean allocateSpaceForUpdate(in String packageFilePath);
boolean uncrypt(in String packageFile, IRecoverySystemProgressListener listener);
boolean setupBcb(in String command);
@@ -31,6 +32,7 @@
boolean requestLskf(in String packageName, in IntentSender sender);
boolean clearLskf(in String packageName);
boolean isLskfCaptured(in String packageName);
+ @EnforcePermission("RECOVERY")
int rebootWithLskfAssumeSlotSwitch(in String packageName, in String reason);
int rebootWithLskf(in String packageName, in String reason, in boolean slotSwitch);
}
diff --git a/core/java/android/os/ISystemUpdateManager.aidl b/core/java/android/os/ISystemUpdateManager.aidl
index f7f5079..cda2fa1 100644
--- a/core/java/android/os/ISystemUpdateManager.aidl
+++ b/core/java/android/os/ISystemUpdateManager.aidl
@@ -23,5 +23,6 @@
/** @hide */
interface ISystemUpdateManager {
Bundle retrieveSystemUpdateInfo();
+ @EnforcePermission("RECOVERY")
void updateSystemUpdateInfo(in PersistableBundle data);
}
diff --git a/core/java/android/os/IVibratorManagerService.aidl b/core/java/android/os/IVibratorManagerService.aidl
index fb9752f..6275352 100644
--- a/core/java/android/os/IVibratorManagerService.aidl
+++ b/core/java/android/os/IVibratorManagerService.aidl
@@ -25,8 +25,11 @@
interface IVibratorManagerService {
int[] getVibratorIds();
VibratorInfo getVibratorInfo(int vibratorId);
+ @EnforcePermission("ACCESS_VIBRATOR_STATE")
boolean isVibrating(int vibratorId);
+ @EnforcePermission("ACCESS_VIBRATOR_STATE")
boolean registerVibratorStateListener(int vibratorId, in IVibratorStateListener listener);
+ @EnforcePermission("ACCESS_VIBRATOR_STATE")
boolean unregisterVibratorStateListener(int vibratorId, in IVibratorStateListener listener);
boolean setAlwaysOnEffect(int uid, String opPkg, int alwaysOnId,
in CombinedVibration vibration, in VibrationAttributes attributes);
diff --git a/core/java/android/permission/IPermissionManager.aidl b/core/java/android/permission/IPermissionManager.aidl
index 16ae3bc..d19fd8f 100644
--- a/core/java/android/permission/IPermissionManager.aidl
+++ b/core/java/android/permission/IPermissionManager.aidl
@@ -76,6 +76,7 @@
List<SplitPermissionInfoParcelable> getSplitPermissions();
+ @EnforcePermission("MANAGE_ONE_TIME_PERMISSION_SESSIONS")
void startOneTimePermissionSession(String packageName, int userId, long timeout,
long revokeAfterKilledDelay);
diff --git a/core/java/android/view/IWindowManager.aidl b/core/java/android/view/IWindowManager.aidl
index 209729b..48ae59b 100644
--- a/core/java/android/view/IWindowManager.aidl
+++ b/core/java/android/view/IWindowManager.aidl
@@ -112,14 +112,19 @@
void getInitialDisplaySize(int displayId, out Point size);
@UnsupportedAppUsage
void getBaseDisplaySize(int displayId, out Point size);
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void setForcedDisplaySize(int displayId, int width, int height);
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void clearForcedDisplaySize(int displayId);
@UnsupportedAppUsage
int getInitialDisplayDensity(int displayId);
int getBaseDisplayDensity(int displayId);
int getDisplayIdByUniqueId(String uniqueId);
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void setForcedDisplayDensityForUser(int displayId, int density, int userId);
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void clearForcedDisplayDensityForUser(int displayId, int userId);
+ @EnforcePermission("WRITE_SECURE_SETTINGS")
void setForcedDisplayScalingMode(int displayId, int mode); // 0 = auto, 1 = disable
// These can only be called when holding the MANAGE_APP_TOKENS permission.
@@ -159,6 +164,7 @@
* @param shellRootLayer The container's layer. See WindowManager#ShellRootLayer.
* @return a SurfaceControl to add things to.
*/
+ @EnforcePermission("MANAGE_APP_TOKENS")
SurfaceControl addShellRoot(int displayId, IWindow client, int shellRootLayer);
/**
@@ -167,6 +173,7 @@
*
* @param target The IWindow that accessibility service interfaces with.
*/
+ @EnforcePermission("MANAGE_APP_TOKENS")
void setShellRootAccessibilityWindow(int displayId, int shellRootLayer, IWindow target);
/**
@@ -197,6 +204,7 @@
void disableKeyguard(IBinder token, String tag, int userId);
/** @deprecated use Activity.setShowWhenLocked instead. */
void reenableKeyguard(IBinder token, int userId);
+ @EnforcePermission("DISABLE_KEYGUARD")
void exitKeyguardSecurely(IOnKeyguardExitResult callback);
@UnsupportedAppUsage
boolean isKeyguardLocked();
@@ -417,6 +425,7 @@
/**
* Called by System UI to enable or disable haptic feedback on the navigation bar buttons.
*/
+ @EnforcePermission("STATUS_BAR")
@UnsupportedAppUsage
void setNavBarVirtualKeyHapticFeedbackEnabled(boolean enabled);
@@ -504,6 +513,7 @@
/**
* Return the touch region for the current IME window, or an empty region if there is none.
*/
+ @EnforcePermission("RESTRICTED_VR_ACCESS")
Region getCurrentImeTouchRegion();
/**
@@ -713,6 +723,7 @@
* When in multi-window mode, the provided displayWindowInsetsController will control insets
* animations.
*/
+ @EnforcePermission("MANAGE_APP_TOKENS")
void setDisplayWindowInsetsController(
int displayId, in IDisplayWindowInsetsController displayWindowInsetsController);
@@ -720,6 +731,7 @@
* Called when a remote process updates the requested visibilities of insets on a display window
* container.
*/
+ @EnforcePermission("MANAGE_APP_TOKENS")
void updateDisplayWindowRequestedVisibleTypes(int displayId, int requestedVisibleTypes);
/**
diff --git a/core/java/com/android/internal/app/IAppOpsService.aidl b/core/java/com/android/internal/app/IAppOpsService.aidl
index 88447da..d63611f 100644
--- a/core/java/com/android/internal/app/IAppOpsService.aidl
+++ b/core/java/com/android/internal/app/IAppOpsService.aidl
@@ -81,12 +81,19 @@
void getHistoricalOpsFromDiskRaw(int uid, String packageName, String attributionTag,
in List<String> ops, int historyFlags, int filter, long beginTimeMillis,
long endTimeMillis, int flags, in RemoteCallback callback);
+ @EnforcePermission("MANAGE_APPOPS")
void offsetHistory(long duration);
+ @EnforcePermission("MANAGE_APPOPS")
void setHistoryParameters(int mode, long baseSnapshotInterval, int compressionStep);
+ @EnforcePermission("MANAGE_APPOPS")
void addHistoricalOps(in AppOpsManager.HistoricalOps ops);
+ @EnforcePermission("MANAGE_APPOPS")
void resetHistoryParameters();
+ @EnforcePermission("MANAGE_APPOPS")
void resetPackageOpsNoHistory(String packageName);
+ @EnforcePermission("MANAGE_APPOPS")
void clearHistory();
+ @EnforcePermission("MANAGE_APPOPS")
void rebootHistory(long offlineDurationMillis);
List<AppOpsManager.PackageOps> getUidOps(int uid, in int[] ops);
void setUidMode(int code, int uid, int mode);
diff --git a/location/java/android/location/ILocationManager.aidl b/location/java/android/location/ILocationManager.aidl
index 42b72d4..72761ef 100644
--- a/location/java/android/location/ILocationManager.aidl
+++ b/location/java/android/location/ILocationManager.aidl
@@ -98,12 +98,16 @@
void addGnssAntennaInfoListener(in IGnssAntennaInfoListener listener, String packageName, @nullable String attributionTag, String listenerId);
void removeGnssAntennaInfoListener(in IGnssAntennaInfoListener listener);
+ @EnforcePermission("INTERACT_ACROSS_USERS")
void addProviderRequestListener(in IProviderRequestListener listener);
void removeProviderRequestListener(in IProviderRequestListener listener);
int getGnssBatchSize();
+ @EnforcePermission("LOCATION_HARDWARE")
void startGnssBatch(long periodNanos, in ILocationListener listener, String packageName, @nullable String attributionTag, String listenerId);
+ @EnforcePermission("LOCATION_HARDWARE")
void flushGnssBatch();
+ @EnforcePermission("LOCATION_HARDWARE")
void stopGnssBatch();
boolean hasProvider(String provider);
@@ -111,7 +115,9 @@
List<String> getProviders(in Criteria criteria, boolean enabledOnly);
String getBestProvider(in Criteria criteria, boolean enabledOnly);
ProviderProperties getProviderProperties(String provider);
+ @EnforcePermission("READ_DEVICE_CONFIG")
boolean isProviderPackage(@nullable String provider, String packageName, @nullable String attributionTag);
+ @EnforcePermission("READ_DEVICE_CONFIG")
List<String> getProviderPackages(String provider);
@EnforcePermission("LOCATION_HARDWARE")
diff --git a/media/java/android/media/IAudioService.aidl b/media/java/android/media/IAudioService.aidl
index f9d4efe..b251468 100644
--- a/media/java/android/media/IAudioService.aidl
+++ b/media/java/android/media/IAudioService.aidl
@@ -221,6 +221,7 @@
boolean isSurroundFormatEnabled(int audioFormat);
+ @EnforcePermission("WRITE_SETTINGS")
boolean setEncodedSurroundMode(int mode);
int getEncodedSurroundMode(int targetSdkVersion);
@@ -254,6 +255,7 @@
void forceVolumeControlStream(int streamType, IBinder cb);
+ @EnforcePermission("REMOTE_AUDIO_PLAYBACK")
void setRingtonePlayer(IRingtonePlayer player);
IRingtonePlayer getRingtonePlayer();
int getUiSoundsStreamType();
@@ -358,6 +360,7 @@
oneway void playerHasOpPlayAudio(in int piid, in boolean hasOpPlayAudio);
+ @EnforcePermission("BLUETOOTH_STACK")
void handleBluetoothActiveDeviceChanged(in BluetoothDevice newDevice,
in BluetoothDevice previousDevice, in BluetoothProfileConnectionInfo info);
diff --git a/media/java/android/media/projection/IMediaProjectionManager.aidl b/media/java/android/media/projection/IMediaProjectionManager.aidl
index c259f9a..97e3ec1 100644
--- a/media/java/android/media/projection/IMediaProjectionManager.aidl
+++ b/media/java/android/media/projection/IMediaProjectionManager.aidl
@@ -39,14 +39,17 @@
+ ".permission.MANAGE_MEDIA_PROJECTION)")
MediaProjectionInfo getActiveProjectionInfo();
+ @EnforcePermission("MANAGE_MEDIA_PROJECTION")
@JavaPassthrough(annotation = "@android.annotation.RequiresPermission(android.Manifest"
+ ".permission.MANAGE_MEDIA_PROJECTION)")
void stopActiveProjection();
+ @EnforcePermission("MANAGE_MEDIA_PROJECTION")
@JavaPassthrough(annotation = "@android.annotation.RequiresPermission(android.Manifest"
+ ".permission.MANAGE_MEDIA_PROJECTION)")
void notifyActiveProjectionCapturedContentResized(int width, int height);
+ @EnforcePermission("MANAGE_MEDIA_PROJECTION")
@JavaPassthrough(annotation = "@android.annotation.RequiresPermission(android.Manifest"
+ ".permission.MANAGE_MEDIA_PROJECTION)")
void notifyActiveProjectionCapturedContentVisibilityChanged(boolean isVisible);
diff --git a/services/core/java/com/android/server/SystemUpdateManagerService.java b/services/core/java/com/android/server/SystemUpdateManagerService.java
index 811a780..d5e7be5 100644
--- a/services/core/java/com/android/server/SystemUpdateManagerService.java
+++ b/services/core/java/com/android/server/SystemUpdateManagerService.java
@@ -86,9 +86,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.RECOVERY)
@Override
public void updateSystemUpdateInfo(PersistableBundle infoBundle) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, TAG);
+ updateSystemUpdateInfo_enforcePermission();
int status = infoBundle.getInt(KEY_STATUS, STATUS_UNKNOWN);
if (status == STATUS_UNKNOWN) {
diff --git a/services/core/java/com/android/server/ambientcontext/AmbientContextManagerService.java b/services/core/java/com/android/server/ambientcontext/AmbientContextManagerService.java
index d7c3100..46e6001 100644
--- a/services/core/java/com/android/server/ambientcontext/AmbientContextManagerService.java
+++ b/services/core/java/com/android/server/ambientcontext/AmbientContextManagerService.java
@@ -594,10 +594,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_AMBIENT_CONTEXT_EVENT)
@Override
public void unregisterObserver(String callingPackage) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.ACCESS_AMBIENT_CONTEXT_EVENT, TAG);
+ unregisterObserver_enforcePermission();
assertCalledByPackageOwner(callingPackage);
synchronized (mLock) {
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index fc22935..9bd5d6a 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -5611,10 +5611,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void resetPackageOpsNoHistory(@NonNull String packageName) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "resetPackageOpsNoHistory");
+ resetPackageOpsNoHistory_enforcePermission();
synchronized (AppOpsService.this) {
final int uid = mPackageManagerInternal.getPackageUid(packageName, 0,
UserHandle.getCallingUserId());
@@ -5633,52 +5633,52 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void setHistoryParameters(@AppOpsManager.HistoricalMode int mode,
long baseSnapshotInterval, int compressionStep) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "setHistoryParameters");
+ setHistoryParameters_enforcePermission();
// Must not hold the appops lock
mHistoricalRegistry.setHistoryParameters(mode, baseSnapshotInterval, compressionStep);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void offsetHistory(long offsetMillis) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "offsetHistory");
+ offsetHistory_enforcePermission();
// Must not hold the appops lock
mHistoricalRegistry.offsetHistory(offsetMillis);
mHistoricalRegistry.offsetDiscreteHistory(offsetMillis);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void addHistoricalOps(HistoricalOps ops) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "addHistoricalOps");
+ addHistoricalOps_enforcePermission();
// Must not hold the appops lock
mHistoricalRegistry.addHistoricalOps(ops);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void resetHistoryParameters() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "resetHistoryParameters");
+ resetHistoryParameters_enforcePermission();
// Must not hold the appops lock
mHistoricalRegistry.resetHistoryParameters();
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void clearHistory() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "clearHistory");
+ clearHistory_enforcePermission();
// Must not hold the appops lock
mHistoricalRegistry.clearAllHistory();
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APPOPS)
@Override
public void rebootHistory(long offlineDurationMillis) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_APPOPS,
- "rebootHistory");
+ rebootHistory_enforcePermission();
Preconditions.checkArgument(offlineDurationMillis >= 0);
diff --git a/services/core/java/com/android/server/audio/AudioService.java b/services/core/java/com/android/server/audio/AudioService.java
index 127a9d8b..91fb8cd 100644
--- a/services/core/java/com/android/server/audio/AudioService.java
+++ b/services/core/java/com/android/server/audio/AudioService.java
@@ -2458,13 +2458,11 @@
return true;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SETTINGS)
/** @see AudioManager#setEncodedSurroundMode(int) */
@Override
public boolean setEncodedSurroundMode(@AudioManager.EncodedSurroundOutputMode int mode) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.WRITE_SETTINGS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Missing WRITE_SETTINGS permission");
- }
+ setEncodedSurroundMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
@@ -7475,15 +7473,13 @@
public @interface BtProfile {}
+ @android.annotation.EnforcePermission(android.Manifest.permission.BLUETOOTH_STACK)
/**
* See AudioManager.handleBluetoothActiveDeviceChanged(...)
*/
public void handleBluetoothActiveDeviceChanged(BluetoothDevice newDevice,
BluetoothDevice previousDevice, @NonNull BluetoothProfileConnectionInfo info) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.BLUETOOTH_STACK)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Bluetooth is the only caller allowed");
- }
+ handleBluetoothActiveDeviceChanged_enforcePermission();
if (info == null) {
throw new IllegalArgumentException("Illegal null BluetoothProfileConnectionInfo for"
+ " device " + previousDevice + " -> " + newDevice);
@@ -10417,9 +10413,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.REMOTE_AUDIO_PLAYBACK)
@Override
public void setRingtonePlayer(IRingtonePlayer player) {
- mContext.enforceCallingOrSelfPermission(REMOTE_AUDIO_PLAYBACK, null);
+ setRingtonePlayer_enforcePermission();
mRingtonePlayer = player;
}
diff --git a/services/core/java/com/android/server/clipboard/ClipboardService.java b/services/core/java/com/android/server/clipboard/ClipboardService.java
index fab138b..85b4f75 100644
--- a/services/core/java/com/android/server/clipboard/ClipboardService.java
+++ b/services/core/java/com/android/server/clipboard/ClipboardService.java
@@ -470,6 +470,7 @@
callingPackage);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.SET_CLIP_SOURCE)
@Override
public void setPrimaryClipAsPackage(
ClipData clip,
@@ -478,8 +479,7 @@
@UserIdInt int userId,
int deviceId,
String sourcePackage) {
- getContext().enforceCallingOrSelfPermission(Manifest.permission.SET_CLIP_SOURCE,
- "Requires SET_CLIP_SOURCE permission");
+ setPrimaryClipAsPackage_enforcePermission();
checkAndSetPrimaryClip(clip, callingPackage, attributionTag, userId, deviceId,
sourcePackage);
}
@@ -765,11 +765,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.SET_CLIP_SOURCE)
@Override
public String getPrimaryClipSource(
String callingPackage, String attributionTag, int userId, int deviceId) {
- getContext().enforceCallingOrSelfPermission(Manifest.permission.SET_CLIP_SOURCE,
- "Requires SET_CLIP_SOURCE permission");
+ getPrimaryClipSource_enforcePermission();
final int intendingUid = getIntendingUid(callingPackage, userId);
final int intendingUserId = UserHandle.getUserId(intendingUid);
final int intendingDeviceId = getIntendingDeviceId(deviceId, intendingUid);
diff --git a/services/core/java/com/android/server/content/ContentService.java b/services/core/java/com/android/server/content/ContentService.java
index 781920c..1b48e3c 100644
--- a/services/core/java/com/android/server/content/ContentService.java
+++ b/services/core/java/com/android/server/content/ContentService.java
@@ -1150,10 +1150,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.READ_SYNC_STATS)
@Override
public boolean isSyncActive(Account account, String authority, ComponentName cname) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.READ_SYNC_STATS,
- "no permission to read the sync stats");
+ isSyncActive_enforcePermission();
final int callingUid = Binder.getCallingUid();
final int userId = UserHandle.getCallingUserId();
@@ -1254,11 +1254,11 @@
return isSyncPendingAsUser(account, authority, cname, UserHandle.getCallingUserId());
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.READ_SYNC_STATS)
@Override
public boolean isSyncPendingAsUser(Account account, String authority, ComponentName cname,
int userId) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.READ_SYNC_STATS,
- "no permission to read the sync stats");
+ isSyncPendingAsUser_enforcePermission();
enforceCrossUserPermission(userId,
"no permission to retrieve the sync settings for user " + userId);
diff --git a/services/core/java/com/android/server/devicestate/DeviceStateManagerService.java b/services/core/java/com/android/server/devicestate/DeviceStateManagerService.java
index 9645690..8f9a1fd 100644
--- a/services/core/java/com/android/server/devicestate/DeviceStateManagerService.java
+++ b/services/core/java/com/android/server/devicestate/DeviceStateManagerService.java
@@ -1185,12 +1185,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DEVICE_STATE)
@Override // Binder call
public void onStateRequestOverlayDismissed(boolean shouldCancelRequest) {
- getContext().enforceCallingOrSelfPermission(CONTROL_DEVICE_STATE,
- "CONTROL_DEVICE_STATE permission required to control the state request "
- + "overlay");
+ onStateRequestOverlayDismissed_enforcePermission();
final long callingIdentity = Binder.clearCallingIdentity();
try {
diff --git a/services/core/java/com/android/server/display/DisplayManagerService.java b/services/core/java/com/android/server/display/DisplayManagerService.java
index ea157c8..ae207a0 100644
--- a/services/core/java/com/android/server/display/DisplayManagerService.java
+++ b/services/core/java/com/android/server/display/DisplayManagerService.java
@@ -3417,10 +3417,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY)
@Override // Binder call
public void startWifiDisplayScan() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.CONFIGURE_WIFI_DISPLAY,
- "Permission required to start wifi display scans");
+ startWifiDisplayScan_enforcePermission();
final int callingPid = Binder.getCallingPid();
final long token = Binder.clearCallingIdentity();
@@ -3431,10 +3431,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY)
@Override // Binder call
public void stopWifiDisplayScan() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.CONFIGURE_WIFI_DISPLAY,
- "Permission required to stop wifi display scans");
+ stopWifiDisplayScan_enforcePermission();
final int callingPid = Binder.getCallingPid();
final long token = Binder.clearCallingIdentity();
@@ -3508,10 +3508,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY)
@Override // Binder call
public void pauseWifiDisplay() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.CONFIGURE_WIFI_DISPLAY,
- "Permission required to pause a wifi display session");
+ pauseWifiDisplay_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
@@ -3521,10 +3521,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_WIFI_DISPLAY)
@Override // Binder call
public void resumeWifiDisplay() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.CONFIGURE_WIFI_DISPLAY,
- "Permission required to resume a wifi display session");
+ resumeWifiDisplay_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
@@ -3547,11 +3547,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override // Binder call
public void setUserDisabledHdrTypes(int[] userDisabledFormats) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.WRITE_SECURE_SETTINGS,
- "Permission required to write the user settings.");
+ setUserDisabledHdrTypes_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
@@ -3574,11 +3573,10 @@
DisplayControl.overrideHdrTypes(displayToken, modes);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override // Binder call
public void setAreUserDisabledHdrTypesAllowed(boolean areUserDisabledHdrTypesAllowed) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.WRITE_SECURE_SETTINGS,
- "Permission required to write the user settings.");
+ setAreUserDisabledHdrTypesAllowed_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
setAreUserDisabledHdrTypesAllowedInternal(areUserDisabledHdrTypesAllowed);
@@ -3601,11 +3599,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_DISPLAY_COLOR_MODE)
@Override // Binder call
public void requestColorMode(int displayId, int colorMode) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONFIGURE_DISPLAY_COLOR_MODE,
- "Permission required to change the display color mode");
+ requestColorMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
requestColorModeInternal(displayId, colorMode);
@@ -3682,11 +3679,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.BRIGHTNESS_SLIDER_USAGE)
@Override // Binder call
public ParceledListSlice<BrightnessChangeEvent> getBrightnessEvents(String callingPackage) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.BRIGHTNESS_SLIDER_USAGE,
- "Permission to read brightness events.");
+ getBrightnessEvents_enforcePermission();
final int callingUid = Binder.getCallingUid();
AppOpsManager appOpsManager = mContext.getSystemService(AppOpsManager.class);
@@ -3715,11 +3711,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_AMBIENT_LIGHT_STATS)
@Override // Binder call
public ParceledListSlice<AmbientBrightnessDayStats> getAmbientBrightnessStats() {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.ACCESS_AMBIENT_LIGHT_STATS,
- "Permission required to to access ambient light stats.");
+ getAmbientBrightnessStats_enforcePermission();
final int callingUid = Binder.getCallingUid();
final int userId = UserHandle.getUserId(callingUid);
final long token = Binder.clearCallingIdentity();
@@ -3733,12 +3728,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS)
@Override // Binder call
public void setBrightnessConfigurationForUser(
BrightnessConfiguration c, @UserIdInt int userId, String packageName) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS,
- "Permission required to change the display's brightness configuration");
+ setBrightnessConfigurationForUser_enforcePermission();
if (userId != UserHandle.getCallingUserId()) {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.INTERACT_ACROSS_USERS,
@@ -3763,12 +3757,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS)
@Override // Binder call
public void setBrightnessConfigurationForDisplay(BrightnessConfiguration c,
String uniqueId, int userId, String packageName) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS,
- "Permission required to change the display's brightness configuration");
+ setBrightnessConfigurationForDisplay_enforcePermission();
if (userId != UserHandle.getCallingUserId()) {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.INTERACT_ACROSS_USERS,
@@ -3783,12 +3776,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS)
@Override // Binder call
public BrightnessConfiguration getBrightnessConfigurationForDisplay(String uniqueId,
int userId) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS,
- "Permission required to read the display's brightness configuration");
+ getBrightnessConfigurationForDisplay_enforcePermission();
if (userId != UserHandle.getCallingUserId()) {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.INTERACT_ACROSS_USERS,
@@ -3832,11 +3824,10 @@
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS)
@Override // Binder call
public BrightnessConfiguration getDefaultBrightnessConfiguration() {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONFIGURE_DISPLAY_BRIGHTNESS,
- "Permission required to read the display's default brightness configuration");
+ getDefaultBrightnessConfiguration_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
synchronized (mSyncRoot) {
@@ -3848,11 +3839,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS)
@Override
public BrightnessInfo getBrightnessInfo(int displayId) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS,
- "Permission required to read the display's brightness info.");
+ getBrightnessInfo_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
synchronized (mSyncRoot) {
@@ -3880,11 +3870,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS)
@Override // Binder call
public void setTemporaryBrightness(int displayId, float brightness) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS,
- "Permission required to set the display's brightness");
+ setTemporaryBrightness_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
synchronized (mSyncRoot) {
@@ -3896,11 +3885,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS)
@Override // Binder call
public void setBrightness(int displayId, float brightness) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS,
- "Permission required to set the display's brightness");
+ setBrightness_enforcePermission();
if (!isValidBrightness(brightness)) {
Slog.w(TAG, "Attempted to set invalid brightness" + brightness);
return;
@@ -3939,11 +3927,10 @@
return brightness;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS)
@Override // Binder call
public void setTemporaryAutoBrightnessAdjustment(float adjustment) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_BRIGHTNESS,
- "Permission required to set the display's auto brightness adjustment");
+ setTemporaryAutoBrightnessAdjustment_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
synchronized (mSyncRoot) {
@@ -3983,11 +3970,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_USER_PREFERRED_DISPLAY_MODE)
@Override // Binder call
public void setUserPreferredDisplayMode(int displayId, Display.Mode mode) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.MODIFY_USER_PREFERRED_DISPLAY_MODE,
- "Permission required to set the user preferred display mode.");
+ setUserPreferredDisplayMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
setUserPreferredDisplayModeInternal(displayId, mode);
@@ -4072,11 +4058,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.OVERRIDE_DISPLAY_MODE_REQUESTS)
@Override // Binder call
public void setShouldAlwaysRespectAppRequestedMode(boolean enabled) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.OVERRIDE_DISPLAY_MODE_REQUESTS,
- "Permission required to override display mode requests.");
+ setShouldAlwaysRespectAppRequestedMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
setShouldAlwaysRespectAppRequestedModeInternal(enabled);
@@ -4085,11 +4070,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.OVERRIDE_DISPLAY_MODE_REQUESTS)
@Override // Binder call
public boolean shouldAlwaysRespectAppRequestedMode() {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.OVERRIDE_DISPLAY_MODE_REQUESTS,
- "Permission required to override display mode requests.");
+ shouldAlwaysRespectAppRequestedMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return shouldAlwaysRespectAppRequestedModeInternal();
@@ -4098,11 +4082,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MODIFY_REFRESH_RATE_SWITCHING_TYPE)
@Override // Binder call
public void setRefreshRateSwitchingType(int newValue) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.MODIFY_REFRESH_RATE_SWITCHING_TYPE,
- "Permission required to modify refresh rate switching type.");
+ setRefreshRateSwitchingType_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
setRefreshRateSwitchingTypeInternal(newValue);
diff --git a/services/core/java/com/android/server/display/color/ColorDisplayService.java b/services/core/java/com/android/server/display/color/ColorDisplayService.java
index 0284d9c..a1a10eb 100644
--- a/services/core/java/com/android/server/display/color/ColorDisplayService.java
+++ b/services/core/java/com/android/server/display/color/ColorDisplayService.java
@@ -1621,11 +1621,10 @@
@VisibleForTesting
final class BinderService extends IColorDisplayManager.Stub {
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public void setColorMode(int colorMode) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set display color mode");
+ setColorMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
setColorModeInternal(colorMode);
@@ -1715,11 +1714,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setNightDisplayActivated(boolean activated) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set night display activated");
+ setNightDisplayActivated_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
mNightDisplayTintController.setActivated(activated);
@@ -1739,11 +1737,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setNightDisplayColorTemperature(int temperature) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set night display temperature");
+ setNightDisplayColorTemperature_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return mNightDisplayTintController.setColorTemperature(temperature);
@@ -1762,11 +1759,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setNightDisplayAutoMode(int autoMode) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set night display auto mode");
+ setNightDisplayAutoMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return setNightDisplayAutoModeInternal(autoMode);
@@ -1775,11 +1771,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public int getNightDisplayAutoMode() {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to get night display auto mode");
+ getNightDisplayAutoMode_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return getNightDisplayAutoModeInternal();
@@ -1798,11 +1793,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setNightDisplayCustomStartTime(Time startTime) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set night display custom start time");
+ setNightDisplayCustomStartTime_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return setNightDisplayCustomStartTimeInternal(startTime);
@@ -1821,11 +1815,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setNightDisplayCustomEndTime(Time endTime) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set night display custom end time");
+ setNightDisplayCustomEndTime_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return setNightDisplayCustomEndTimeInternal(endTime);
@@ -1844,11 +1837,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setDisplayWhiteBalanceEnabled(boolean enabled) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set night display activated");
+ setDisplayWhiteBalanceEnabled_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return setDisplayWhiteBalanceSettingEnabled(enabled);
@@ -1877,11 +1869,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setReduceBrightColorsActivated(boolean activated) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set reduce bright colors activation state");
+ setReduceBrightColorsActivated_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return setReduceBrightColorsActivatedInternal(activated);
@@ -1910,11 +1901,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS)
@Override
public boolean setReduceBrightColorsStrength(int strength) {
- getContext().enforceCallingOrSelfPermission(
- Manifest.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS,
- "Permission required to set reduce bright colors strength");
+ setReduceBrightColorsStrength_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
return setReduceBrightColorsStrengthInternal(strength);
diff --git a/services/core/java/com/android/server/location/LocationManagerService.java b/services/core/java/com/android/server/location/LocationManagerService.java
index fa2ba21..2b20060 100644
--- a/services/core/java/com/android/server/location/LocationManagerService.java
+++ b/services/core/java/com/android/server/location/LocationManagerService.java
@@ -604,10 +604,11 @@
return mGnssManagerService == null ? 0 : mGnssManagerService.getGnssBatchSize();
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public void startGnssBatch(long periodNanos, ILocationListener listener, String packageName,
@Nullable String attributionTag, String listenerId) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.LOCATION_HARDWARE, null);
+ startGnssBatch_enforcePermission();
if (mGnssManagerService == null) {
return;
@@ -633,9 +634,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public void flushGnssBatch() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.LOCATION_HARDWARE, null);
+ flushGnssBatch_enforcePermission();
if (mGnssManagerService == null) {
return;
@@ -648,9 +650,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.LOCATION_HARDWARE)
@Override
public void stopGnssBatch() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.LOCATION_HARDWARE, null);
+ stopGnssBatch_enforcePermission();
if (mGnssManagerService == null) {
return;
@@ -1104,10 +1107,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.INTERACT_ACROSS_USERS)
@Override
@RequiresPermission(INTERACT_ACROSS_USERS)
public void addProviderRequestListener(IProviderRequestListener listener) {
- mContext.enforceCallingOrSelfPermission(INTERACT_ACROSS_USERS, null);
+ addProviderRequestListener_enforcePermission();
for (LocationProviderManager manager : mProviderManagers) {
if (manager.isVisibleToCaller()) {
manager.addProviderRequestListener(listener);
@@ -1188,10 +1192,11 @@
return manager.getProperties();
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.READ_DEVICE_CONFIG)
@Override
public boolean isProviderPackage(@Nullable String provider, String packageName,
@Nullable String attributionTag) {
- mContext.enforceCallingOrSelfPermission(permission.READ_DEVICE_CONFIG, null);
+ isProviderPackage_enforcePermission();
for (LocationProviderManager manager : mProviderManagers) {
if (provider != null && !provider.equals(manager.getName())) {
@@ -1210,9 +1215,10 @@
return false;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.READ_DEVICE_CONFIG)
@Override
public List<String> getProviderPackages(String provider) {
- mContext.enforceCallingOrSelfPermission(permission.READ_DEVICE_CONFIG, null);
+ getProviderPackages_enforcePermission();
LocationProviderManager manager = getLocationProviderManager(provider);
if (manager == null) {
diff --git a/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java b/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java
index 4832618..6621bda 100644
--- a/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java
+++ b/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java
@@ -333,13 +333,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_MEDIA_PROJECTION)
@Override // Binder call
public void stopActiveProjection() {
- if (mContext.checkCallingOrSelfPermission(Manifest.permission.MANAGE_MEDIA_PROJECTION)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Requires MANAGE_MEDIA_PROJECTION in order to add "
- + "projection callbacks");
- }
+ stopActiveProjection_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
if (mProjectionGrant != null) {
@@ -350,13 +347,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_MEDIA_PROJECTION)
@Override // Binder call
public void notifyActiveProjectionCapturedContentResized(int width, int height) {
- if (mContext.checkCallingOrSelfPermission(Manifest.permission.MANAGE_MEDIA_PROJECTION)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Requires MANAGE_MEDIA_PROJECTION in order to notify "
- + "on captured content resize");
- }
+ notifyActiveProjectionCapturedContentResized_enforcePermission();
if (!isCurrentProjection(mProjectionGrant)) {
return;
}
@@ -370,13 +364,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_MEDIA_PROJECTION)
@Override
public void notifyActiveProjectionCapturedContentVisibilityChanged(boolean isVisible) {
- if (mContext.checkCallingOrSelfPermission(Manifest.permission.MANAGE_MEDIA_PROJECTION)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Requires MANAGE_MEDIA_PROJECTION in order to notify "
- + "on captured content resize");
- }
+ notifyActiveProjectionCapturedContentVisibilityChanged_enforcePermission();
if (!isCurrentProjection(mProjectionGrant)) {
return;
}
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index bb79c99..689a983 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -4261,6 +4261,7 @@
return getActiveNotificationsWithAttribution(callingPkg, null);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_NOTIFICATIONS)
/**
* System-only API for getting a list of current (i.e. not cleared) notifications.
*
@@ -4271,9 +4272,7 @@
public StatusBarNotification[] getActiveNotificationsWithAttribution(String callingPkg,
String callingAttributionTag) {
// enforce() will ensure the calling uid has the correct permission
- getContext().enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_NOTIFICATIONS,
- "NotificationManagerService.getActiveNotifications");
+ getActiveNotificationsWithAttribution_enforcePermission();
ArrayList<StatusBarNotification> tmp = new ArrayList<>();
int uid = Binder.getCallingUid();
@@ -4389,6 +4388,7 @@
includeSnoozed);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_NOTIFICATIONS)
/**
* System-only API for getting a list of recent (cleared, no longer shown) notifications.
*/
@@ -4397,9 +4397,7 @@
public StatusBarNotification[] getHistoricalNotificationsWithAttribution(String callingPkg,
String callingAttributionTag, int count, boolean includeSnoozed) {
// enforce() will ensure the calling uid has the correct permission
- getContext().enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_NOTIFICATIONS,
- "NotificationManagerService.getHistoricalNotifications");
+ getHistoricalNotificationsWithAttribution_enforcePermission();
StatusBarNotification[] tmp = null;
int uid = Binder.getCallingUid();
@@ -4415,6 +4413,7 @@
return tmp;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_NOTIFICATIONS)
/**
* System-only API for getting a list of historical notifications. May contain multiple days
* of notifications.
@@ -4425,9 +4424,7 @@
public NotificationHistory getNotificationHistory(String callingPkg,
String callingAttributionTag) {
// enforce() will ensure the calling uid has the correct permission
- getContext().enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_NOTIFICATIONS,
- "NotificationManagerService.getNotificationHistory");
+ getNotificationHistory_enforcePermission();
int uid = Binder.getCallingUid();
// noteOp will check to make sure the callingPkg matches the uid
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index adc0b0b..75a8dc9 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -1294,9 +1294,10 @@
installReason, allowListedPermissions, statusReceiver);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.INSTALL_PACKAGES)
@Override
public void setPermissionsResult(int sessionId, boolean accepted) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, TAG);
+ setPermissionsResult_enforcePermission();
synchronized (mSessions) {
PackageInstallerSession session = mSessions.get(sessionId);
diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java
index 972bf53..682de0d 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerSession.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java
@@ -4093,16 +4093,18 @@
return params.installFlags;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.USE_INSTALLER_V2)
@Override
public DataLoaderParamsParcel getDataLoaderParams() {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.USE_INSTALLER_V2, null);
+ getDataLoaderParams_enforcePermission();
return params.dataLoaderParams != null ? params.dataLoaderParams.getData() : null;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.USE_INSTALLER_V2)
@Override
public void addFile(int location, String name, long lengthBytes, byte[] metadata,
byte[] signature) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.USE_INSTALLER_V2, null);
+ addFile_enforcePermission();
if (!isDataLoaderInstallation()) {
throw new IllegalStateException(
"Cannot add files to non-data loader installation session.");
@@ -4133,9 +4135,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.USE_INSTALLER_V2)
@Override
public void removeFile(int location, String name) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.USE_INSTALLER_V2, null);
+ removeFile_enforcePermission();
if (!isDataLoaderInstallation()) {
throw new IllegalStateException(
"Cannot add files to non-data loader installation session.");
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 47e0edf..119dfce 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -4657,11 +4657,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CLEAR_APP_USER_DATA)
@Override
public void clearApplicationUserData(final String packageName,
final IPackageDataObserver observer, final int userId) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.CLEAR_APP_USER_DATA, null);
+ clearApplicationUserData_enforcePermission();
final int callingUid = Binder.getCallingUid();
final Computer snapshot = snapshotComputer();
@@ -4733,10 +4733,10 @@
});
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)
@Override
public void clearCrossProfileIntentFilters(int sourceUserId, String ownerPackage) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null);
+ clearCrossProfileIntentFilters_enforcePermission();
final int callingUid = Binder.getCallingUid();
final Computer snapshot = snapshotComputer();
enforceOwnerRights(snapshot, ownerPackage, callingUid);
@@ -4748,13 +4748,13 @@
scheduleWritePackageRestrictions(sourceUserId);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL)
@Override
public boolean removeCrossProfileIntentFilter(IntentFilter intentFilter,
String ownerPackage,
int sourceUserId,
int targetUserId, int flags) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, null);
+ removeCrossProfileIntentFilter_enforcePermission();
final int callingUid = Binder.getCallingUid();
enforceOwnerRights(snapshotComputer(), ownerPackage, callingUid);
mUserManager.enforceCrossProfileIntentFilterAccess(sourceUserId, targetUserId,
@@ -4925,11 +4925,11 @@
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CLEAR_APP_CACHE)
@Override
public void freeStorage(final String volumeUuid, final long freeStorageSize,
final @StorageManager.AllocateFlags int flags, final IntentSender pi) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.CLEAR_APP_CACHE, TAG);
+ freeStorage_enforcePermission();
mHandler.post(() -> {
boolean success = false;
try {
@@ -4952,11 +4952,11 @@
});
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.CLEAR_APP_CACHE)
@Override
public void freeStorageAndNotify(final String volumeUuid, final long freeStorageSize,
final @StorageManager.AllocateFlags int flags, final IPackageDataObserver observer) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.CLEAR_APP_CACHE, null);
+ freeStorageAndNotify_enforcePermission();
mHandler.post(() -> {
boolean success = false;
try {
@@ -5041,10 +5041,10 @@
return token;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_INSTANT_APPS)
@Override
public String getInstantAppAndroidId(String packageName, int userId) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_INSTANT_APPS, "getInstantAppAndroidId");
+ getInstantAppAndroidId_enforcePermission();
final Computer snapshot = snapshotComputer();
snapshot.enforceCrossUserPermission(Binder.getCallingUid(), userId,
true /* requireFullPermission */, false /* checkShell */,
@@ -5136,16 +5136,17 @@
return getMimeGroupInternal(snapshot, packageName, mimeGroup);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS)
@Override
public int getMoveStatus(int moveId) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS, null);
+ getMoveStatus_enforcePermission();
return mMoveCallbacks.mLastStatus.get(moveId);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.GET_APP_METADATA)
@Override
public ParcelFileDescriptor getAppMetadataFd(String packageName, int userId) {
- mContext.enforceCallingOrSelfPermission(GET_APP_METADATA, "getAppMetadataFd");
+ getAppMetadataFd_enforcePermission();
final int callingUid = Binder.getCallingUid();
final Computer snapshot = snapshotComputer();
final PackageStateInternal ps = snapshot.getPackageStateForInstalledAndFiltered(
@@ -5242,11 +5243,10 @@
packageNames, userId, callingUid);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.PACKAGE_VERIFICATION_AGENT)
@Override
public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.PACKAGE_VERIFICATION_AGENT,
- "Only package verification agents can read the verifier device identity");
+ getVerifierDeviceIdentity_enforcePermission();
synchronized (mLock) {
return mSettings.getVerifierDeviceIdentityLPw(mLiveComputer);
@@ -5268,10 +5268,10 @@
false /*direct*/, false /* retainOnUpdate */);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MAKE_UID_VISIBLE)
@Override
public void makeUidVisible(int recipientUid, int visibleUid) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.MAKE_UID_VISIBLE, "makeUidVisible");
+ makeUidVisible_enforcePermission();
final int callingUid = Binder.getCallingUid();
final int recipientUserId = UserHandle.getUserId(recipientUid);
final int visibleUserId = UserHandle.getUserId(visibleUid);
@@ -5370,9 +5370,10 @@
processName, uid, seinfo, pid);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MOVE_PACKAGE)
@Override
public int movePackage(final String packageName, final String volumeUuid) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.MOVE_PACKAGE, null);
+ movePackage_enforcePermission();
final int callingUid = Binder.getCallingUid();
final UserHandle user = new UserHandle(UserHandle.getUserId(callingUid));
@@ -5391,9 +5392,10 @@
return moveId;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MOVE_PACKAGE)
@Override
public int movePrimaryStorage(String volumeUuid) throws RemoteException {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.MOVE_PACKAGE, null);
+ movePrimaryStorage_enforcePermission();
final int realMoveId = mNextMoveId.getAndIncrement();
final Bundle extras = new Bundle();
@@ -5595,10 +5597,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS)
@Override
public void registerMoveCallback(IPackageMoveObserver callback) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS, null);
+ registerMoveCallback_enforcePermission();
mMoveCallbacks.register(callback);
}
@@ -5700,10 +5702,11 @@
userId, callingPackage);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_USERS)
@Override
public boolean setApplicationHiddenSettingAsUser(String packageName, boolean hidden,
int userId) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
+ setApplicationHiddenSettingAsUser_enforcePermission();
final int callingUid = Binder.getCallingUid();
final Computer snapshot = snapshotComputer();
snapshot.enforceCrossUserPermission(callingUid, userId, true /* requireFullPermission */,
@@ -5787,11 +5790,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.DELETE_PACKAGES)
@Override
public boolean setBlockUninstallForUser(String packageName, boolean blockUninstall,
int userId) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.DELETE_PACKAGES, null);
+ setBlockUninstallForUser_enforcePermission();
final Computer snapshot = snapshotComputer();
PackageStateInternal packageState = snapshot.getPackageStateInternal(packageName);
if (packageState != null && packageState.getPkg() != null) {
@@ -5876,10 +5879,10 @@
scheduleWritePackageRestrictions(userId);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override
public boolean setInstallLocation(int loc) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS,
- null);
+ setInstallLocation_enforcePermission();
if (getInstallLocation() == loc) {
return true;
}
@@ -6190,17 +6193,18 @@
state.userState(userId).setSplashScreenTheme(themeId));
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.INSTALL_PACKAGES)
@Override
public void setUpdateAvailable(String packageName, boolean updateAvailable) {
- mContext.enforceCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES, null);
+ setUpdateAvailable_enforcePermission();
commitPackageStateMutation(null, packageName, state ->
state.setUpdateAvailable(updateAvailable));
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS)
@Override
public void unregisterMoveCallback(IPackageMoveObserver callback) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS, null);
+ unregisterMoveCallback_enforcePermission();
mMoveCallbacks.unregister(callback);
}
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index b56e5c9..572e13c 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -389,13 +389,11 @@
return oneTimePermissionUserManager;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS)
@Override
public void startOneTimePermissionSession(String packageName, @UserIdInt int userId,
long timeoutMillis, long revokeAfterKilledDelayMillis) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS,
- "Must hold " + Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS
- + " to register permissions as one time.");
+ startOneTimePermissionSession_enforcePermission();
Objects.requireNonNull(packageName);
final long token = Binder.clearCallingIdentity();
diff --git a/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java b/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java
index 9d5173a..86c4985 100644
--- a/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java
+++ b/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java
@@ -906,10 +906,11 @@
return RESUME_ON_REBOOT_REBOOT_ERROR_UNSPECIFIED;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.RECOVERY)
@Override // Binder call for the legacy rebootWithLskf
public @ResumeOnRebootRebootErrorCode int rebootWithLskfAssumeSlotSwitch(String packageName,
String reason) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.RECOVERY, null);
+ rebootWithLskfAssumeSlotSwitch_enforcePermission();
return rebootWithLskfImpl(packageName, reason, true);
}
@@ -970,9 +971,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.RECOVERY)
@Override
public boolean allocateSpaceForUpdate(String packageFile) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.RECOVERY, null);
+ allocateSpaceForUpdate_enforcePermission();
if (!isUpdatableApexSupported()) {
Log.i(TAG, "Updatable Apex not supported, "
+ "allocateSpaceForUpdate does nothing.");
diff --git a/services/core/java/com/android/server/vibrator/VibratorManagerService.java b/services/core/java/com/android/server/vibrator/VibratorManagerService.java
index bf99772..350a55d 100644
--- a/services/core/java/com/android/server/vibrator/VibratorManagerService.java
+++ b/services/core/java/com/android/server/vibrator/VibratorManagerService.java
@@ -298,20 +298,18 @@
return controller.isVibratorInfoLoadSuccessful() ? info : null;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_VIBRATOR_STATE)
@Override // Binder call
public boolean isVibrating(int vibratorId) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_VIBRATOR_STATE,
- "isVibrating");
+ isVibrating_enforcePermission();
VibratorController controller = mVibrators.get(vibratorId);
return controller != null && controller.isVibrating();
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_VIBRATOR_STATE)
@Override // Binder call
public boolean registerVibratorStateListener(int vibratorId, IVibratorStateListener listener) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_VIBRATOR_STATE,
- "registerVibratorStateListener");
+ registerVibratorStateListener_enforcePermission();
VibratorController controller = mVibrators.get(vibratorId);
if (controller == null) {
return false;
@@ -319,12 +317,11 @@
return controller.registerVibratorStateListener(listener);
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.ACCESS_VIBRATOR_STATE)
@Override // Binder call
public boolean unregisterVibratorStateListener(int vibratorId,
IVibratorStateListener listener) {
- mContext.enforceCallingOrSelfPermission(
- android.Manifest.permission.ACCESS_VIBRATOR_STATE,
- "unregisterVibratorStateListener");
+ unregisterVibratorStateListener_enforcePermission();
VibratorController controller = mVibrators.get(vibratorId);
if (controller == null) {
return false;
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index 93611e5..e3d69f4 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -3206,15 +3206,13 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.DISABLE_KEYGUARD)
/**
* @see android.app.KeyguardManager#exitKeyguardSecurely
*/
@Override
public void exitKeyguardSecurely(final IOnKeyguardExitResult callback) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DISABLE_KEYGUARD)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Requires DISABLE_KEYGUARD permission");
- }
+ exitKeyguardSecurely_enforcePermission();
if (callback == null) {
throw new IllegalArgumentException("callback == null");
@@ -4371,13 +4369,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APP_TOKENS)
@Override
public SurfaceControl addShellRoot(int displayId, IWindow client,
@WindowManager.ShellRootLayer int shellRootLayer) {
- if (mContext.checkCallingOrSelfPermission(MANAGE_APP_TOKENS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + MANAGE_APP_TOKENS);
- }
+ addShellRoot_enforcePermission();
final long origId = Binder.clearCallingIdentity();
try {
synchronized (mGlobalLock) {
@@ -4392,13 +4388,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APP_TOKENS)
@Override
public void setShellRootAccessibilityWindow(int displayId,
@WindowManager.ShellRootLayer int shellRootLayer, IWindow target) {
- if (mContext.checkCallingOrSelfPermission(MANAGE_APP_TOKENS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + MANAGE_APP_TOKENS);
- }
+ setShellRootAccessibilityWindow_enforcePermission();
final long origId = Binder.clearCallingIdentity();
try {
synchronized (mGlobalLock) {
@@ -4417,13 +4411,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APP_TOKENS)
@Override
public void setDisplayWindowInsetsController(
int displayId, IDisplayWindowInsetsController insetsController) {
- if (mContext.checkCallingOrSelfPermission(MANAGE_APP_TOKENS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + MANAGE_APP_TOKENS);
- }
+ setDisplayWindowInsetsController_enforcePermission();
final long origId = Binder.clearCallingIdentity();
try {
synchronized (mGlobalLock) {
@@ -4438,13 +4430,11 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_APP_TOKENS)
@Override
public void updateDisplayWindowRequestedVisibleTypes(
int displayId, @InsetsType int requestedVisibleTypes) {
- if (mContext.checkCallingOrSelfPermission(MANAGE_APP_TOKENS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + MANAGE_APP_TOKENS);
- }
+ updateDisplayWindowRequestedVisibleTypes_enforcePermission();
final long origId = Binder.clearCallingIdentity();
try {
synchronized (mGlobalLock) {
@@ -5653,12 +5643,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override
public void setForcedDisplaySize(int displayId, int width, int height) {
- if (mContext.checkCallingOrSelfPermission(WRITE_SECURE_SETTINGS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + WRITE_SECURE_SETTINGS);
- }
+ setForcedDisplaySize_enforcePermission();
final long ident = Binder.clearCallingIdentity();
try {
@@ -5673,12 +5661,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override
public void setForcedDisplayScalingMode(int displayId, int mode) {
- if (mContext.checkCallingOrSelfPermission(WRITE_SECURE_SETTINGS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + WRITE_SECURE_SETTINGS);
- }
+ setForcedDisplayScalingMode_enforcePermission();
final long ident = Binder.clearCallingIdentity();
try {
@@ -5761,12 +5747,10 @@
return changed;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override
public void clearForcedDisplaySize(int displayId) {
- if (mContext.checkCallingOrSelfPermission(WRITE_SECURE_SETTINGS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + WRITE_SECURE_SETTINGS);
- }
+ clearForcedDisplaySize_enforcePermission();
final long ident = Binder.clearCallingIdentity();
try {
@@ -5826,12 +5810,10 @@
return -1;
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override
public void setForcedDisplayDensityForUser(int displayId, int density, int userId) {
- if (mContext.checkCallingOrSelfPermission(WRITE_SECURE_SETTINGS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + WRITE_SECURE_SETTINGS);
- }
+ setForcedDisplayDensityForUser_enforcePermission();
final int targetUserId = ActivityManager.handleIncomingUser(Binder.getCallingPid(),
Binder.getCallingUid(), userId, false, true, "setForcedDisplayDensityForUser",
@@ -5854,12 +5836,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)
@Override
public void clearForcedDisplayDensityForUser(int displayId, int userId) {
- if (mContext.checkCallingOrSelfPermission(WRITE_SECURE_SETTINGS)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Must hold permission " + WRITE_SECURE_SETTINGS);
- }
+ clearForcedDisplayDensityForUser_enforcePermission();
final int callingUserId = ActivityManager.handleIncomingUser(Binder.getCallingPid(),
Binder.getCallingUid(), userId, false, true, "clearForcedDisplayDensityForUser",
@@ -6354,12 +6334,9 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.STATUS_BAR)
public void setNavBarVirtualKeyHapticFeedbackEnabled(boolean enabled) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.STATUS_BAR)
- != PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException("Caller does not hold permission "
- + android.Manifest.permission.STATUS_BAR);
- }
+ setNavBarVirtualKeyHapticFeedbackEnabled_enforcePermission();
synchronized (mGlobalLock) {
mPolicy.setNavBarVirtualKeyHapticFeedbackEnabledLw(enabled);
@@ -6399,11 +6376,10 @@
}
}
+ @android.annotation.EnforcePermission(android.Manifest.permission.RESTRICTED_VR_ACCESS)
@Override
public Region getCurrentImeTouchRegion() {
- if (mContext.checkCallingOrSelfPermission(RESTRICTED_VR_ACCESS) != PERMISSION_GRANTED) {
- throw new SecurityException("getCurrentImeTouchRegion is restricted to VR services");
- }
+ getCurrentImeTouchRegion_enforcePermission();
synchronized (mGlobalLock) {
final Region r = new Region();
// TODO(b/111080190): this method is only return the recent focused IME touch region,