Merge changes from topic "persistent_device_id_in_api" into main
* changes:
New permission system APIs with persistent device Id
Create a system API to check permission by persistent device Id
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index cb699dd..f30c8cf 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -11300,6 +11300,7 @@
public final class PermissionManager {
method public int checkDeviceIdentifierAccess(@Nullable String, @Nullable String, @Nullable String, int, int);
+ method @FlaggedApi("android.permission.flags.device_aware_permission_apis_enabled") public static int checkPermission(@NonNull String, @NonNull String, @NonNull String, int);
method @RequiresPermission(value=android.Manifest.permission.UPDATE_APP_OPS_STATS, conditional=true) public int checkPermissionForDataDelivery(@NonNull String, @NonNull android.content.AttributionSource, @Nullable String);
method @RequiresPermission(value=android.Manifest.permission.UPDATE_APP_OPS_STATS, conditional=true) public int checkPermissionForDataDeliveryFromDataSource(@NonNull String, @NonNull android.content.AttributionSource, @Nullable String);
method public int checkPermissionForPreflight(@NonNull String, @NonNull android.content.AttributionSource);
@@ -11307,12 +11308,16 @@
method public void finishDataDelivery(@NonNull String, @NonNull android.content.AttributionSource);
method @NonNull @RequiresPermission(android.Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY) public java.util.Set<java.lang.String> getAutoRevokeExemptionGrantedPackages();
method @NonNull @RequiresPermission(android.Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY) public java.util.Set<java.lang.String> getAutoRevokeExemptionRequestedPackages();
+ method @FlaggedApi("android.permission.flags.device_aware_permission_apis_enabled") @RequiresPermission(anyOf={android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, android.Manifest.permission.GET_RUNTIME_PERMISSIONS}) public int getPermissionFlags(@NonNull String, @NonNull String, @NonNull String);
method @IntRange(from=0) @RequiresPermission(anyOf={android.Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY, android.Manifest.permission.UPGRADE_RUNTIME_PERMISSIONS}) public int getRuntimePermissionsVersion();
method @NonNull public java.util.List<android.permission.PermissionManager.SplitPermissionInfo> getSplitPermissions();
+ method @FlaggedApi("android.permission.flags.device_aware_permission_apis_enabled") @RequiresPermission(android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS) public void grantRuntimePermission(@NonNull String, @NonNull String, @NonNull String);
+ method @FlaggedApi("android.permission.flags.device_aware_permission_apis_enabled") @RequiresPermission(android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) public void revokeRuntimePermission(@NonNull String, @NonNull String, @NonNull String, @Nullable String);
method @RequiresPermission(anyOf={android.Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY, android.Manifest.permission.UPGRADE_RUNTIME_PERMISSIONS}) public void setRuntimePermissionsVersion(@IntRange(from=0) int);
method @Deprecated @RequiresPermission(android.Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS) public void startOneTimePermissionSession(@NonNull String, long, int, int);
method @RequiresPermission(android.Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS) public void startOneTimePermissionSession(@NonNull String, long, long, int, int);
method @RequiresPermission(android.Manifest.permission.MANAGE_ONE_TIME_PERMISSION_SESSIONS) public void stopOneTimePermissionSession(@NonNull String);
+ method @FlaggedApi("android.permission.flags.device_aware_permission_apis_enabled") @RequiresPermission(anyOf={android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS}) public void updatePermissionFlags(@NonNull String, @NonNull String, @NonNull String, int, int);
field @RequiresPermission(android.Manifest.permission.START_REVIEW_PERMISSION_DECISIONS) public static final String ACTION_REVIEW_PERMISSION_DECISIONS = "android.permission.action.REVIEW_PERMISSION_DECISIONS";
field public static final String EXTRA_PERMISSION_USAGES = "android.permission.extra.PERMISSION_USAGES";
field public static final int PERMISSION_GRANTED = 0; // 0x0
diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java
index d8aded40..3ec39b5 100644
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -836,7 +836,7 @@
@Override
public int checkPermission(String permName, String pkgName) {
- return PermissionManager.checkPackageNamePermission(permName, pkgName,
+ return getPermissionManager().checkPackageNamePermission(permName, pkgName,
mContext.getDeviceId(), getUserId());
}
diff --git a/core/java/android/app/UiAutomationConnection.java b/core/java/android/app/UiAutomationConnection.java
index ce1d43d..33e260f 100644
--- a/core/java/android/app/UiAutomationConnection.java
+++ b/core/java/android/app/UiAutomationConnection.java
@@ -23,6 +23,7 @@
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.UserIdInt;
+import android.companion.virtual.VirtualDeviceManager;
import android.compat.annotation.UnsupportedAppUsage;
import android.content.Context;
import android.graphics.Rect;
@@ -363,7 +364,7 @@
final long identity = Binder.clearCallingIdentity();
try {
mPermissionManager.grantRuntimePermission(packageName, permission,
- Context.DEVICE_ID_DEFAULT, userId);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
} finally {
Binder.restoreCallingIdentity(identity);
}
@@ -383,7 +384,7 @@
final long identity = Binder.clearCallingIdentity();
try {
mPermissionManager.revokeRuntimePermission(packageName, permission,
- Context.DEVICE_ID_DEFAULT, userId, null);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId, null);
} finally {
Binder.restoreCallingIdentity(identity);
}
diff --git a/core/java/android/permission/IPermissionManager.aidl b/core/java/android/permission/IPermissionManager.aidl
index 471f95b..380962c 100644
--- a/core/java/android/permission/IPermissionManager.aidl
+++ b/core/java/android/permission/IPermissionManager.aidl
@@ -42,10 +42,12 @@
void removePermission(String permissionName);
- int getPermissionFlags(String packageName, String permissionName, int deviceId, int userId);
+ int getPermissionFlags(String packageName, String permissionName, String persistentDeviceId,
+ int userId);
void updatePermissionFlags(String packageName, String permissionName, int flagMask,
- int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId);
+ int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
+ int userId);
void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId);
@@ -62,10 +64,11 @@
boolean removeAllowlistedRestrictedPermission(String packageName, String permissionName,
int flags, int userId);
- void grantRuntimePermission(String packageName, String permissionName, int deviceId, int userId);
+ void grantRuntimePermission(String packageName, String permissionName,
+ String persistentDeviceId, int userId);
- void revokeRuntimePermission(String packageName, String permissionName, int deviceId,
- int userId, String reason);
+ void revokeRuntimePermission(String packageName, String permissionName,
+ String persistentDeviceId, int userId, String reason);
void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId);
@@ -96,7 +99,8 @@
boolean isRegisteredAttributionSource(in AttributionSourceState source);
- int checkPermission(String packageName, String permissionName, int deviceId, int userId);
+ int checkPermission(String packageName, String permissionName, String persistentDeviceId,
+ int userId);
int checkUidPermission(int uid, String permissionName, int deviceId);
}
diff --git a/core/java/android/permission/PermissionManager.java b/core/java/android/permission/PermissionManager.java
index 4af6e3a..d6e8ce7 100644
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@@ -28,6 +28,7 @@
import android.Manifest;
import android.annotation.CheckResult;
import android.annotation.DurationMillisLong;
+import android.annotation.FlaggedApi;
import android.annotation.IntDef;
import android.annotation.IntRange;
import android.annotation.NonNull;
@@ -45,6 +46,8 @@
import android.app.AppOpsManager;
import android.app.IActivityManager;
import android.app.PropertyInvalidatedCache;
+import android.companion.virtual.VirtualDevice;
+import android.companion.virtual.VirtualDeviceManager;
import android.compat.annotation.ChangeId;
import android.compat.annotation.EnabledAfter;
import android.content.AttributionSource;
@@ -68,6 +71,7 @@
import android.os.ServiceManager;
import android.os.SystemClock;
import android.os.UserHandle;
+import android.permission.flags.Flags;
import android.text.TextUtils;
import android.util.ArrayMap;
import android.util.ArraySet;
@@ -240,6 +244,8 @@
private final LegacyPermissionManager mLegacyPermissionManager;
+ private final VirtualDeviceManager mVirtualDeviceManager;
+
private final ArrayMap<PackageManager.OnPermissionsChangedListener,
IOnPermissionsChangeListener> mPermissionListeners = new ArrayMap<>();
private PermissionUsageHelper mUsageHelper;
@@ -260,6 +266,7 @@
mPermissionManager = IPermissionManager.Stub.asInterface(ServiceManager.getServiceOrThrow(
"permissionmgr"));
mLegacyPermissionManager = context.getSystemService(LegacyPermissionManager.class);
+ mVirtualDeviceManager = context.getSystemService(VirtualDeviceManager.class);
}
/**
@@ -616,15 +623,50 @@
//@SystemApi
public void grantRuntimePermission(@NonNull String packageName,
@NonNull String permissionName, @NonNull UserHandle user) {
+ String persistentDeviceId = getPersistentDeviceId(mContext.getDeviceId());
+ if (persistentDeviceId == null) {
+ return;
+ }
+
+ grantRuntimePermissionInternal(packageName, permissionName, persistentDeviceId, user);
+ }
+
+ /**
+ * Grant a runtime permission to an application which the application does not already have. The
+ * permission must have been requested by the application. If the application is not allowed to
+ * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or
+ * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown.
+ *
+ * @param packageName the package to which to grant the permission
+ * @param permissionName the permission name to grant
+ * @param persistentDeviceId the device Id to which to grant the permission
+ *
+ * @see #revokeRuntimePermission(String, String, String, String)
+ *
+ * @hide
+ */
+ @RequiresPermission(android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS)
+ @SystemApi
+ @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS_ENABLED)
+ public void grantRuntimePermission(@NonNull String packageName,
+ @NonNull String permissionName, @NonNull String persistentDeviceId) {
+ grantRuntimePermissionInternal(packageName, permissionName, persistentDeviceId,
+ mContext.getUser());
+ }
+
+ private void grantRuntimePermissionInternal(@NonNull String packageName,
+ @NonNull String permissionName, @NonNull String persistentDeviceId,
+ @NonNull UserHandle user) {
if (DEBUG_TRACE_GRANTS
&& shouldTraceGrant(packageName, permissionName, user.getIdentifier())) {
Log.i(LOG_TAG_TRACE_GRANTS, "App " + mContext.getPackageName() + " is granting "
+ packageName + " "
- + permissionName + " for user " + user.getIdentifier(), new RuntimeException());
+ + permissionName + " for user " + user.getIdentifier()
+ + " for persistent device " + persistentDeviceId, new RuntimeException());
}
try {
mPermissionManager.grantRuntimePermission(packageName, permissionName,
- mContext.getDeviceId(), user.getIdentifier());
+ persistentDeviceId, user.getIdentifier());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -642,7 +684,7 @@
* user {@code android.permission.INTERACT_ACROSS_USERS_FULL}.
*
* @param packageName the package from which to revoke the permission
- * @param permName the permission name to revoke
+ * @param permissionName the permission name to revoke
* @param user the user for which to revoke the permission
* @param reason the reason for the revoke, or {@code null} for unspecified
*
@@ -653,16 +695,56 @@
@RequiresPermission(android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS)
//@SystemApi
public void revokeRuntimePermission(@NonNull String packageName,
- @NonNull String permName, @NonNull UserHandle user, @Nullable String reason) {
+ @NonNull String permissionName, @NonNull UserHandle user, @Nullable String reason) {
+ String persistentDeviceId = getPersistentDeviceId(mContext.getDeviceId());
+ if (persistentDeviceId == null) {
+ return;
+ }
+
+ revokeRuntimePermissionInternal(packageName, permissionName, persistentDeviceId, user,
+ reason);
+ }
+
+ /**
+ * Revoke a runtime permission that was previously granted by
+ * {@link #grantRuntimePermission(String, String, String)}. The permission must
+ * have been requested by and granted to the application. If the application is not allowed to
+ * hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or
+ * permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown.
+ *
+ * @param packageName the package from which to revoke the permission
+ * @param permissionName the permission name to revoke
+ * @param persistentDeviceId the persistent device id for which to revoke the permission
+ * @param reason the reason for the revoke, or {@code null} for unspecified
+ *
+ * @see #grantRuntimePermission(String, String, String)
+ *
+ * @hide
+ */
+ @RequiresPermission(android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS)
+ @SystemApi
+ @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS_ENABLED)
+ public void revokeRuntimePermission(@NonNull String packageName,
+ @NonNull String permissionName, @NonNull String persistentDeviceId,
+ @Nullable String reason) {
+ revokeRuntimePermissionInternal(packageName, permissionName, persistentDeviceId,
+ mContext.getUser(), reason);
+ }
+
+ private void revokeRuntimePermissionInternal(@NonNull String packageName,
+ @NonNull String permissionName, @NonNull String persistentDeviceId,
+ @NonNull UserHandle user, @Nullable String reason) {
if (DEBUG_TRACE_PERMISSION_UPDATES
- && shouldTraceGrant(packageName, permName, user.getIdentifier())) {
+ && shouldTraceGrant(packageName, permissionName, user.getIdentifier())) {
Log.i(LOG_TAG, "App " + mContext.getPackageName() + " is revoking " + packageName + " "
- + permName + " for user " + user.getIdentifier() + " with reason "
+ + permissionName + " for user " + user.getIdentifier()
+ + " for persistent device "
+ + persistentDeviceId + " with reason "
+ reason, new RuntimeException());
}
try {
- mPermissionManager.revokeRuntimePermission(packageName, permName,
- mContext.getDeviceId(), user.getIdentifier(), reason);
+ mPermissionManager.revokeRuntimePermission(packageName, permissionName,
+ persistentDeviceId, user.getIdentifier(), reason);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -687,9 +769,44 @@
//@SystemApi
public int getPermissionFlags(@NonNull String packageName, @NonNull String permissionName,
@NonNull UserHandle user) {
+ String persistentDeviceId = getPersistentDeviceId(mContext.getDeviceId());
+ if (persistentDeviceId == null) {
+ return 0;
+ }
+
+ return getPermissionFlagsInternal(packageName, permissionName, persistentDeviceId, user);
+ }
+
+ /**
+ * Gets the state flags associated with a permission.
+ *
+ * @param packageName the package name for which to get the flags
+ * @param permissionName the permission for which to get the flags
+ * @param persistentDeviceId the persistent device Id for which to get permission flags
+ * @return the permission flags
+ *
+ * @hide
+ */
+ @PackageManager.PermissionFlags
+ @RequiresPermission(anyOf = {
+ android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
+ android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS,
+ android.Manifest.permission.GET_RUNTIME_PERMISSIONS
+ })
+ @SystemApi
+ @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS_ENABLED)
+ public int getPermissionFlags(@NonNull String packageName, @NonNull String permissionName,
+ @NonNull String persistentDeviceId) {
+ return getPermissionFlagsInternal(packageName, permissionName, persistentDeviceId,
+ mContext.getUser());
+ }
+
+ private int getPermissionFlagsInternal(@NonNull String packageName,
+ @NonNull String permissionName, @NonNull String persistentDeviceId,
+ @NonNull UserHandle user) {
try {
return mPermissionManager.getPermissionFlags(packageName, permissionName,
- mContext.getDeviceId(), user.getIdentifier());
+ persistentDeviceId, user.getIdentifier());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -715,21 +832,63 @@
public void updatePermissionFlags(@NonNull String packageName, @NonNull String permissionName,
@PackageManager.PermissionFlags int flagMask,
@PackageManager.PermissionFlags int flagValues, @NonNull UserHandle user) {
+ String persistentDeviceId = getPersistentDeviceId(mContext.getDeviceId());
+ if (persistentDeviceId == null) {
+ return;
+ }
+
+ updatePermissionFlagsInternal(packageName, permissionName, flagMask, flagValues,
+ persistentDeviceId, user);
+ }
+
+ /**
+ * Updates the flags associated with a permission by replacing the flags in the specified mask
+ * with the provided flag values.
+ *
+ * @param packageName The package name for which to update the flags
+ * @param permissionName The permission for which to update the flags
+ * @param persistentDeviceId The persistent device for which to update the permission flags
+ * @param flagMask The flags which to replace
+ * @param flagValues The flags with which to replace
+ *
+ * @hide
+ */
+ @RequiresPermission(anyOf = {
+ android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
+ android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS
+ })
+ @SystemApi
+ @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS_ENABLED)
+ public void updatePermissionFlags(@NonNull String packageName, @NonNull String permissionName,
+ @NonNull String persistentDeviceId,
+ @PackageManager.PermissionFlags int flagMask,
+ @PackageManager.PermissionFlags int flagValues
+ ) {
+ updatePermissionFlagsInternal(packageName, permissionName, flagMask, flagValues,
+ persistentDeviceId, mContext.getUser());
+ }
+
+ private void updatePermissionFlagsInternal(@NonNull String packageName,
+ @NonNull String permissionName,
+ @PackageManager.PermissionFlags int flagMask,
+ @PackageManager.PermissionFlags int flagValues, @NonNull String persistentDeviceId,
+ @NonNull UserHandle user
+ ) {
if (DEBUG_TRACE_PERMISSION_UPDATES && shouldTraceGrant(packageName, permissionName,
user.getIdentifier())) {
Log.i(LOG_TAG, "App " + mContext.getPackageName() + " is updating flags for "
+ packageName + " " + permissionName + " for user "
- + user.getIdentifier() + ": " + DebugUtils.flagsToString(
- PackageManager.class, "FLAG_PERMISSION_", flagMask) + " := "
- + DebugUtils.flagsToString(PackageManager.class, "FLAG_PERMISSION_",
- flagValues), new RuntimeException());
+ + user.getIdentifier() + " for persistentDeviceId " + persistentDeviceId + ": "
+ + DebugUtils.flagsToString(PackageManager.class, "FLAG_PERMISSION_", flagMask)
+ + " := " + DebugUtils.flagsToString(PackageManager.class, "FLAG_PERMISSION_",
+ flagValues), new RuntimeException());
}
try {
final boolean checkAdjustPolicyFlagPermission =
mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.Q;
mPermissionManager.updatePermissionFlags(packageName, permissionName, flagMask,
flagValues, checkAdjustPolicyFlagPermission,
- mContext.getDeviceId(), user.getIdentifier());
+ persistentDeviceId, user.getIdentifier());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -1642,15 +1801,15 @@
private static final class PackageNamePermissionQuery {
final String permName;
final String pkgName;
- final int deviceId;
+ final String persistentDeviceId;
@UserIdInt
final int userId;
PackageNamePermissionQuery(@Nullable String permName, @Nullable String pkgName,
- int deviceId, @UserIdInt int userId) {
+ @Nullable String persistentDeviceId, @UserIdInt int userId) {
this.permName = permName;
this.pkgName = pkgName;
- this.deviceId = deviceId;
+ this.persistentDeviceId = persistentDeviceId;
this.userId = userId;
}
@@ -1658,13 +1817,13 @@
public String toString() {
return TextUtils.formatSimple(
"PackageNamePermissionQuery(pkgName=\"%s\", permName=\"%s\", "
- + "deviceId=%s, userId=%s\")",
- pkgName, permName, deviceId, userId);
+ + "persistentDeviceId=%s, userId=%s\")",
+ pkgName, permName, persistentDeviceId, userId);
}
@Override
public int hashCode() {
- return Objects.hash(permName, pkgName, deviceId, userId);
+ return Objects.hash(permName, pkgName, persistentDeviceId, userId);
}
@Override
@@ -1680,17 +1839,17 @@
}
return Objects.equals(permName, other.permName)
&& Objects.equals(pkgName, other.pkgName)
- && deviceId == other.deviceId
+ && Objects.equals(persistentDeviceId, other.persistentDeviceId)
&& userId == other.userId;
}
}
/* @hide */
private static int checkPackageNamePermissionUncached(
- String permName, String pkgName, int deviceId, @UserIdInt int userId) {
+ String permName, String pkgName, String persistentDeviceId, @UserIdInt int userId) {
try {
return ActivityThread.getPermissionManager().checkPermission(
- pkgName, permName, deviceId, userId);
+ pkgName, permName, persistentDeviceId, userId);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -1704,7 +1863,7 @@
@Override
public Integer recompute(PackageNamePermissionQuery query) {
return checkPackageNamePermissionUncached(
- query.permName, query.pkgName, query.deviceId, query.userId);
+ query.permName, query.pkgName, query.persistentDeviceId, query.userId);
}
@Override
public boolean bypass(PackageNamePermissionQuery query) {
@@ -1717,10 +1876,65 @@
*
* @hide
*/
- public static int checkPackageNamePermission(String permName, String pkgName, int deviceId,
- @UserIdInt int userId) {
+ public int checkPackageNamePermission(String permName, String pkgName,
+ int deviceId, @UserIdInt int userId) {
+ String persistentDeviceId = getPersistentDeviceId(deviceId);
return sPackageNamePermissionCache.query(
- new PackageNamePermissionQuery(permName, pkgName, deviceId, userId));
+ new PackageNamePermissionQuery(permName, pkgName, persistentDeviceId, userId));
+ }
+
+ @Nullable
+ private String getPersistentDeviceId(int deviceId) {
+ String persistentDeviceId = null;
+
+ if (deviceId == Context.DEVICE_ID_DEFAULT) {
+ persistentDeviceId = VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT;
+ } else if (android.companion.virtual.flags.Flags.vdmPublicApis()) {
+ VirtualDevice virtualDevice = mVirtualDeviceManager.getVirtualDevice(deviceId);
+ if (virtualDevice == null) {
+ Slog.e(LOG_TAG, "Virtual device is not found with device Id " + deviceId);
+ return null;
+ }
+ persistentDeviceId = virtualDevice.getPersistentDeviceId();
+ if (persistentDeviceId == null) {
+ Slog.e(LOG_TAG, "Cannot find persistent device Id for " + deviceId);
+ }
+ } else {
+ Slog.e(LOG_TAG, "vdmPublicApis flag is not enabled when device Id " + deviceId
+ + "is not default.");
+ }
+ return persistentDeviceId;
+ }
+
+ /**
+ * Check whether a package has been granted a permission on a given device.
+ * <p>
+ * <strong>Note: </strong>This API returns the underlying permission state
+ * as-is and is mostly intended for permission managing system apps. To
+ * perform an access check for a certain app, please use the
+ * {@link Context#checkPermission} APIs instead.
+ *
+ * @param permissionName The name of the permission you are checking for.
+ * @param packageName The name of the package you are checking against.
+ * @param persistentDeviceId The persistent device id you are checking against.
+ * @param userId The user Id associated with context.
+ *
+ * @return If the package has the permission on the device, PERMISSION_GRANTED is
+ * returned. If it does not have the permission on the device, PERMISSION_DENIED
+ * is returned.
+ *
+ * @see PackageManager#PERMISSION_GRANTED
+ * @see PackageManager#PERMISSION_DENIED
+ *
+ * @hide
+ */
+ @SystemApi
+ @FlaggedApi(Flags.FLAG_DEVICE_AWARE_PERMISSION_APIS_ENABLED)
+ public static int checkPermission(@NonNull String permissionName, @NonNull String packageName,
+ @NonNull String persistentDeviceId, @UserIdInt int userId) {
+ return sPackageNamePermissionCache.query(
+ new PackageNamePermissionQuery(permissionName, packageName, persistentDeviceId,
+ userId));
}
/**
diff --git a/services/core/java/com/android/server/notification/PermissionHelper.java b/services/core/java/com/android/server/notification/PermissionHelper.java
index e14f7c0..b6f4889 100644
--- a/services/core/java/com/android/server/notification/PermissionHelper.java
+++ b/services/core/java/com/android/server/notification/PermissionHelper.java
@@ -24,6 +24,7 @@
import android.Manifest;
import android.annotation.NonNull;
import android.annotation.UserIdInt;
+import android.companion.virtual.VirtualDeviceManager;
import android.content.Context;
import android.content.pm.IPackageManager;
import android.content.pm.PackageInfo;
@@ -196,18 +197,20 @@
boolean currentlyGranted = hasPermission(uid);
if (grant && !currentlyGranted) {
mPermManager.grantRuntimePermission(packageName, NOTIFICATION_PERMISSION,
- Context.DEVICE_ID_DEFAULT, userId);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
} else if (!grant && currentlyGranted) {
mPermManager.revokeRuntimePermission(packageName, NOTIFICATION_PERMISSION,
- Context.DEVICE_ID_DEFAULT, userId, TAG);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId, TAG);
}
int flagMask = FLAG_PERMISSION_USER_SET | FLAG_PERMISSION_USER_FIXED;
if (userSet) {
mPermManager.updatePermissionFlags(packageName, NOTIFICATION_PERMISSION, flagMask,
- FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, userId);
+ FLAG_PERMISSION_USER_SET, true,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
} else {
mPermManager.updatePermissionFlags(packageName, NOTIFICATION_PERMISSION,
- flagMask, 0, true, Context.DEVICE_ID_DEFAULT, userId);
+ flagMask, 0, true, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
+ userId);
}
} catch (RemoteException e) {
Slog.e(TAG, "Could not reach system server", e);
@@ -235,7 +238,7 @@
try {
try {
int flags = mPermManager.getPermissionFlags(packageName, NOTIFICATION_PERMISSION,
- Context.DEVICE_ID_DEFAULT, userId);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
return (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
|| (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0;
} catch (RemoteException e) {
@@ -252,7 +255,7 @@
try {
try {
int flags = mPermManager.getPermissionFlags(packageName, NOTIFICATION_PERMISSION,
- Context.DEVICE_ID_DEFAULT, userId);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
return (flags & (PackageManager.FLAG_PERMISSION_USER_SET
| PackageManager.FLAG_PERMISSION_USER_FIXED)) != 0;
} catch (RemoteException e) {
@@ -269,7 +272,7 @@
try {
try {
int flags = mPermManager.getPermissionFlags(packageName, NOTIFICATION_PERMISSION,
- Context.DEVICE_ID_DEFAULT, userId);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
return (flags & (PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT
| PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE)) != 0;
} catch (RemoteException e) {
diff --git a/services/core/java/com/android/server/pm/BackgroundInstallControlService.java b/services/core/java/com/android/server/pm/BackgroundInstallControlService.java
index 3468081..524bad5 100644
--- a/services/core/java/com/android/server/pm/BackgroundInstallControlService.java
+++ b/services/core/java/com/android/server/pm/BackgroundInstallControlService.java
@@ -24,6 +24,7 @@
import android.app.Flags;
import android.app.usage.UsageEvents;
import android.app.usage.UsageStatsManagerInternal;
+import android.companion.virtual.VirtualDeviceManager;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.IBackgroundInstallControlService;
@@ -271,7 +272,7 @@
if (mPermissionManager.checkPermission(
installerPackageName,
android.Manifest.permission.INSTALL_PACKAGES,
- Context.DEVICE_ID_DEFAULT,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
userId)
!= PERMISSION_GRANTED) {
return;
@@ -479,7 +480,7 @@
return mPermissionManager.checkPermission(
pkgName,
android.Manifest.permission.INSTALL_PACKAGES,
- Context.DEVICE_ID_DEFAULT,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
userId)
== PERMISSION_GRANTED;
}
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index ac89fecc..9afdde5 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -69,6 +69,7 @@
import android.annotation.UserIdInt;
import android.app.ActivityManager;
import android.app.admin.DevicePolicyManagerInternal;
+import android.companion.virtual.VirtualDeviceManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
@@ -4615,7 +4616,8 @@
for (int i=0; i<permissions.length; i++) {
final String permission = permissions[i];
if (mPermissionManager.checkPermission(ps.getPackageName(), permission,
- Context.DEVICE_ID_DEFAULT, userId) == PERMISSION_GRANTED) {
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId)
+ == PERMISSION_GRANTED) {
tmp[i] = true;
numMatch++;
} else {
diff --git a/services/core/java/com/android/server/pm/DumpHelper.java b/services/core/java/com/android/server/pm/DumpHelper.java
index 2a00a44..104e8be 100644
--- a/services/core/java/com/android/server/pm/DumpHelper.java
+++ b/services/core/java/com/android/server/pm/DumpHelper.java
@@ -22,8 +22,8 @@
import static com.android.server.pm.PackageManagerServiceUtils.dumpCriticalInfo;
import android.annotation.NonNull;
+import android.companion.virtual.VirtualDeviceManager;
import android.content.ComponentName;
-import android.content.Context;
import android.content.pm.FeatureInfo;
import android.content.pm.PackageManager;
import android.os.Binder;
@@ -162,7 +162,7 @@
PackageManager.VERSION_CODE_HIGHEST);
pw.println(mPermissionManager.checkPermission(
- pkg, perm, Context.DEVICE_ID_DEFAULT, user));
+ pkg, perm, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, user));
return;
} else if ("l".equals(cmd) || "libraries".equals(cmd)) {
dumpState.setDump(DumpState.DUMP_LIBS);
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index afd4fb1..dadafd7 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -65,6 +65,7 @@
import android.app.admin.SecurityLog;
import android.app.backup.IBackupManager;
import android.app.role.RoleManager;
+import android.companion.virtual.VirtualDeviceManager;
import android.compat.annotation.ChangeId;
import android.compat.annotation.EnabledAfter;
import android.content.BroadcastReceiver;
@@ -2994,8 +2995,8 @@
// NOTE: Can't remove due to unsupported app usage
public int checkPermission(String permName, String pkgName, int userId) {
- return mPermissionManager.checkPermission(pkgName, permName, Context.DEVICE_ID_DEFAULT,
- userId);
+ return mPermissionManager.checkPermission(pkgName, permName,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
}
public String getSdkSandboxPackageName() {
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 40f2264..f1dca77 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -217,7 +217,7 @@
@Override
@PackageManager.PermissionResult
- public int checkPermission(String packageName, String permissionName, int deviceId,
+ public int checkPermission(String packageName, String permissionName, String persistentDeviceId,
@UserIdInt int userId) {
// Not using Objects.requireNonNull() here for compatibility reasons.
if (packageName == null || permissionName == null) {
@@ -231,10 +231,10 @@
if (checkPermissionDelegate == null) {
return mPermissionManagerServiceImpl.checkPermission(packageName, permissionName,
- deviceId, userId);
+ persistentDeviceId, userId);
}
return checkPermissionDelegate.checkPermission(packageName, permissionName,
- deviceId, userId, mPermissionManagerServiceImpl::checkPermission);
+ persistentDeviceId, userId, mPermissionManagerServiceImpl::checkPermission);
}
@Override
@@ -527,17 +527,18 @@
}
@Override
- public int getPermissionFlags(String packageName, String permissionName, int deviceId,
- int userId) {
+ public int getPermissionFlags(String packageName, String permissionName,
+ String persistentDeviceId, int userId) {
return mPermissionManagerServiceImpl
- .getPermissionFlags(packageName, permissionName, deviceId, userId);
+ .getPermissionFlags(packageName, permissionName, persistentDeviceId, userId);
}
@Override
public void updatePermissionFlags(String packageName, String permissionName, int flagMask,
- int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) {
+ int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
+ int userId) {
mPermissionManagerServiceImpl.updatePermissionFlags(packageName, permissionName, flagMask,
- flagValues, checkAdjustPolicyFlagPermission, deviceId, userId);
+ flagValues, checkAdjustPolicyFlagPermission, persistentDeviceId, userId);
}
@Override
@@ -577,17 +578,17 @@
}
@Override
- public void grantRuntimePermission(String packageName, String permissionName, int deviceId,
- int userId) {
+ public void grantRuntimePermission(String packageName, String permissionName,
+ String persistentDeviceId, int userId) {
mPermissionManagerServiceImpl.grantRuntimePermission(packageName, permissionName,
- deviceId, userId);
+ persistentDeviceId, userId);
}
@Override
- public void revokeRuntimePermission(String packageName, String permissionName, int deviceId,
- int userId, String reason) {
+ public void revokeRuntimePermission(String packageName, String permissionName,
+ String persistentDeviceId, int userId, String reason) {
mPermissionManagerServiceImpl.revokeRuntimePermission(packageName, permissionName,
- deviceId, userId, reason);
+ persistentDeviceId, userId, reason);
}
@Override
@@ -620,9 +621,9 @@
private class PermissionManagerServiceInternalImpl implements PermissionManagerServiceInternal {
@Override
public int checkPermission(@NonNull String packageName, @NonNull String permissionName,
- int deviceId, @UserIdInt int userId) {
+ @NonNull String persistentDeviceId, @UserIdInt int userId) {
return PermissionManagerService.this.checkPermission(packageName, permissionName,
- deviceId, userId);
+ persistentDeviceId, userId);
}
@Override
@@ -888,7 +889,7 @@
*
* @param packageName the name of the package to be checked
* @param permissionName the name of the permission to be checked
- * @param deviceId The device ID
+ * @param persistentDeviceId The persistent device ID
* @param userId the user ID
* @param superImpl the original implementation that can be delegated to
* @return {@link android.content.pm.PackageManager#PERMISSION_GRANTED} if the package has
@@ -897,8 +898,8 @@
* @see android.content.pm.PackageManager#checkPermission(String, String)
*/
int checkPermission(@NonNull String packageName, @NonNull String permissionName,
- int deviceId, @UserIdInt int userId,
- @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl);
+ String persistentDeviceId, @UserIdInt int userId,
+ @NonNull QuadFunction<String, String, String, Integer, Integer> superImpl);
/**
* Check whether the given UID has been granted the specified permission.
@@ -940,18 +941,19 @@
@Override
public int checkPermission(@NonNull String packageName, @NonNull String permissionName,
- int deviceId, int userId,
- @NonNull QuadFunction<String, String, Integer, Integer, Integer> superImpl) {
+ String persistentDeviceId, int userId,
+ @NonNull QuadFunction<String, String, String, Integer, Integer> superImpl) {
if (mDelegatedPackageName.equals(packageName)
&& isDelegatedPermission(permissionName)) {
final long identity = Binder.clearCallingIdentity();
try {
- return superImpl.apply("com.android.shell", permissionName, deviceId, userId);
+ return superImpl.apply("com.android.shell", permissionName, persistentDeviceId,
+ userId);
} finally {
Binder.restoreCallingIdentity(identity);
}
}
- return superImpl.apply(packageName, permissionName, deviceId, userId);
+ return superImpl.apply(packageName, permissionName, persistentDeviceId, userId);
}
@Override
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index 6a57362..9afd36f 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -682,7 +682,8 @@
}
@Override
- public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) {
+ public int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
+ int userId) {
final int callingUid = Binder.getCallingUid();
return getPermissionFlagsInternal(packageName, permName, callingUid, userId);
}
@@ -725,7 +726,8 @@
@Override
public void updatePermissionFlags(String packageName, String permName, int flagMask,
- int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) {
+ int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
+ int userId) {
final int callingUid = Binder.getCallingUid();
boolean overridePolicy = false;
@@ -910,11 +912,13 @@
}
private int checkPermission(String pkgName, String permName, int userId) {
- return checkPermission(pkgName, permName, Context.DEVICE_ID_DEFAULT, userId);
+ return checkPermission(pkgName, permName, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
+ userId);
}
@Override
- public int checkPermission(String pkgName, String permName, int deviceId, int userId) {
+ public int checkPermission(String pkgName, String permName, String persistentDeviceId,
+ int userId) {
if (!mUserManagerInt.exists(userId)) {
return PackageManager.PERMISSION_DENIED;
}
@@ -1304,8 +1308,8 @@
}
@Override
- public void grantRuntimePermission(String packageName, String permName, int deviceId,
- int userId) {
+ public void grantRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, int userId) {
final int callingUid = Binder.getCallingUid();
final boolean overridePolicy =
checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY)
@@ -1478,12 +1482,12 @@
}
@Override
- public void revokeRuntimePermission(String packageName, String permName, int deviceId,
- int userId, String reason) {
+ public void revokeRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, int userId, String reason) {
final int callingUid = Binder.getCallingUid();
final boolean overridePolicy =
- checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY, deviceId)
- == PackageManager.PERMISSION_GRANTED;
+ checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY,
+ Context.DEVICE_ID_DEFAULT) == PackageManager.PERMISSION_GRANTED;
revokeRuntimePermissionInternal(packageName, permName, overridePolicy, callingUid, userId,
reason, mDefaultPermissionCallback);
@@ -2070,8 +2074,8 @@
continue;
}
boolean isSystemOrPolicyFixed = (getPermissionFlags(newPackage.getPackageName(),
- permInfo.name, Context.DEVICE_ID_DEFAULT, userId) & (
- FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0;
+ permInfo.name, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId)
+ & (FLAG_PERMISSION_SYSTEM_FIXED | FLAG_PERMISSION_POLICY_FIXED)) != 0;
if (isSystemOrPolicyFixed) {
continue;
}
@@ -2238,7 +2242,7 @@
final int permissionState = checkPermission(packageName, permName,
userId);
final int flags = getPermissionFlags(packageName, permName,
- Context.DEVICE_ID_DEFAULT, userId);
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId);
final int flagMask = FLAG_PERMISSION_SYSTEM_FIXED
| FLAG_PERMISSION_POLICY_FIXED
| FLAG_PERMISSION_GRANTED_BY_DEFAULT
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java
index 2d824aa..b12d8ac 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java
@@ -140,11 +140,11 @@
*
* @param packageName the package name for which to get the flags
* @param permName the permission for which to get the flags
- * @param deviceId The device for which to get the flags
+ * @param persistentDeviceId The device for which to get the flags
* @param userId the user for which to get permission flags
* @return the permission flags
*/
- int getPermissionFlags(String packageName, String permName, int deviceId,
+ int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
@UserIdInt int userId);
/**
@@ -155,11 +155,12 @@
* @param permName The permission for which to update the flags
* @param flagMask The flags which to replace
* @param flagValues The flags with which to replace
- * @param deviceId The device for which to update the permission flags
+ * @param persistentDeviceId The device for which to update the permission flags
* @param userId The user for which to update the permission flags
*/
void updatePermissionFlags(String packageName, String permName, int flagMask, int flagValues,
- boolean checkAdjustPolicyFlagPermission, int deviceId, @UserIdInt int userId);
+ boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
+ @UserIdInt int userId);
/**
* Update the permission flags for all packages and runtime permissions of a user in order
@@ -293,17 +294,17 @@
*
* @param packageName the package to which to grant the permission
* @param permName the permission name to grant
- * @param deviceId the device for which to grant the permission
+ * @param persistentDeviceId the device for which to grant the permission
* @param userId the user for which to grant the permission
*
- * @see #revokeRuntimePermission(String, String, int, int, String)
+ * @see #revokeRuntimePermission(String, String, String, int, String)
*/
- void grantRuntimePermission(String packageName, String permName, int deviceId,
+ void grantRuntimePermission(String packageName, String permName, String persistentDeviceId,
@UserIdInt int userId);
/**
* Revoke a runtime permission that was previously granted by
- * {@link #grantRuntimePermission(String, String, android.os.UserHandle)}. The permission must
+ * {@link #grantRuntimePermission(String, String, String, int)}. The permission must
* have been requested by and granted to the application. If the application is not allowed to
* hold the permission, a {@link java.lang.SecurityException} is thrown. If the package or
* permission is invalid, a {@link java.lang.IllegalArgumentException} is thrown.
@@ -314,13 +315,13 @@
*
* @param packageName the package from which to revoke the permission
* @param permName the permission name to revoke
- * @param deviceId the device for which to revoke the permission
+ * @param persistentDeviceId the device for which to revoke the permission
* @param userId the user for which to revoke the permission
* @param reason the reason for the revoke, or {@code null} for unspecified
*
- * @see #grantRuntimePermission(String, String, int, int)
+ * @see #grantRuntimePermission(String, String, String, int)
*/
- void revokeRuntimePermission(String packageName, String permName, int deviceId,
+ void revokeRuntimePermission(String packageName, String permName, String persistentDeviceId,
@UserIdInt int userId, String reason);
/**
@@ -387,11 +388,12 @@
*
* @param pkgName package name
* @param permName permission name
- * @param deviceId device ID
+ * @param persistentDeviceId persistent device ID
* @param userId user ID
* @return permission result {@link PackageManager.PermissionResult}
*/
- int checkPermission(String pkgName, String permName, int deviceId, @UserIdInt int userId);
+ int checkPermission(String pkgName, String permName, String persistentDeviceId,
+ @UserIdInt int userId);
/**
* Check whether a permission is granted or not to an UID.
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
index 98adeb6..132cdce 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
@@ -46,14 +46,14 @@
*
* @param packageName the name of the package you are checking against
* @param permissionName the name of the permission you are checking for
- * @param deviceId the device ID
+ * @param persistentDeviceId the persistent device ID to check permission for
* @param userId the user ID
* @return {@code PERMISSION_GRANTED} if the permission is granted, or {@code PERMISSION_DENIED}
* otherwise
*/
//@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)
- int checkPermission(@NonNull String packageName, @NonNull String permissionName, int deviceId,
- @UserIdInt int userId);
+ int checkPermission(@NonNull String packageName, @NonNull String permissionName,
+ @NonNull String persistentDeviceId, @UserIdInt int userId);
/**
* Check whether a particular UID has been granted a particular permission.
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java
index dacb8c6..835ddcb 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceLoggingDecorator.java
@@ -120,21 +120,24 @@
}
@Override
- public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) {
+ public int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
+ int userId) {
Log.i(LOG_TAG, "getPermissionFlags(packageName = " + packageName + ", permName = "
- + permName + ", deviceId = " + deviceId + ", userId = " + userId + ")");
- return mService.getPermissionFlags(packageName, permName, deviceId, userId);
+ + permName + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId
+ + ")");
+ return mService.getPermissionFlags(packageName, permName, persistentDeviceId, userId);
}
@Override
public void updatePermissionFlags(String packageName, String permName, int flagMask,
- int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) {
+ int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
+ int userId) {
Log.i(LOG_TAG, "updatePermissionFlags(packageName = " + packageName + ", permName = "
+ permName + ", flagMask = " + flagMask + ", flagValues = " + flagValues
+ ", checkAdjustPolicyFlagPermission = " + checkAdjustPolicyFlagPermission
- + ", deviceId = " + deviceId + ", userId = " + userId + ")");
+ + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId + ")");
mService.updatePermissionFlags(packageName, permName, flagMask, flagValues,
- checkAdjustPolicyFlagPermission, deviceId, userId);
+ checkAdjustPolicyFlagPermission, persistentDeviceId, userId);
}
@Override
@@ -182,20 +185,21 @@
}
@Override
- public void grantRuntimePermission(String packageName, String permName, int deviceId,
- int userId) {
+ public void grantRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, int userId) {
Log.i(LOG_TAG, "grantRuntimePermission(packageName = " + packageName + ", permName = "
- + permName + ", deviceId = " + deviceId + ", userId = " + userId + ")");
- mService.grantRuntimePermission(packageName, permName, deviceId, userId);
+ + permName + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId
+ + ")");
+ mService.grantRuntimePermission(packageName, permName, persistentDeviceId, userId);
}
@Override
- public void revokeRuntimePermission(String packageName, String permName, int deviceId,
- int userId, String reason) {
+ public void revokeRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, int userId, String reason) {
Log.i(LOG_TAG, "revokeRuntimePermission(packageName = " + packageName + ", permName = "
- + permName + ", deviceId = " + deviceId + ", userId = " + userId
+ + permName + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId
+ ", reason = " + reason + ")");
- mService.revokeRuntimePermission(packageName, permName, deviceId, userId, reason);
+ mService.revokeRuntimePermission(packageName, permName, persistentDeviceId, userId, reason);
}
@Override
@@ -230,10 +234,11 @@
}
@Override
- public int checkPermission(String pkgName, String permName, int deviceId, int userId) {
+ public int checkPermission(String pkgName, String permName, String persistentDeviceId,
+ int userId) {
Log.i(LOG_TAG, "checkPermission(pkgName = " + pkgName + ", permName = " + permName
- + ", deviceId = " + deviceId + ", userId = " + userId + ")");
- return mService.checkPermission(pkgName, permName, deviceId, userId);
+ + ", persistentDeviceId = " + persistentDeviceId + ", userId = " + userId + ")");
+ return mService.checkPermission(pkgName, permName, persistentDeviceId, userId);
}
@Override
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java
index 35d165b..66a6f3c 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTestingShim.java
@@ -153,10 +153,12 @@
}
@Override
- public int getPermissionFlags(String packageName, String permName, int deviceId,
+ public int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
@UserIdInt int userId) {
- int oldVal = mOldImplementation.getPermissionFlags(packageName, permName, deviceId, userId);
- int newVal = mNewImplementation.getPermissionFlags(packageName, permName, deviceId, userId);
+ int oldVal = mOldImplementation.getPermissionFlags(packageName, permName,
+ persistentDeviceId, userId);
+ int newVal = mNewImplementation.getPermissionFlags(packageName, permName,
+ persistentDeviceId, userId);
if (!Objects.equals(oldVal, newVal)) {
signalImplDifference("getPermissionFlags");
@@ -166,12 +168,12 @@
@Override
public void updatePermissionFlags(String packageName, String permName, int flagMask,
- int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId,
+ int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
@UserIdInt int userId) {
mOldImplementation.updatePermissionFlags(packageName, permName, flagMask, flagValues,
- checkAdjustPolicyFlagPermission, deviceId, userId);
+ checkAdjustPolicyFlagPermission, persistentDeviceId, userId);
mNewImplementation.updatePermissionFlags(packageName, permName, flagMask, flagValues,
- checkAdjustPolicyFlagPermission, deviceId, userId);
+ checkAdjustPolicyFlagPermission, persistentDeviceId, userId);
}
@Override
@@ -236,17 +238,21 @@
}
@Override
- public void grantRuntimePermission(String packageName, String permName, int deviceId,
- @UserIdInt int userId) {
- mOldImplementation.grantRuntimePermission(packageName, permName, deviceId, userId);
- mNewImplementation.grantRuntimePermission(packageName, permName, deviceId, userId);
+ public void grantRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, @UserIdInt int userId) {
+ mOldImplementation.grantRuntimePermission(packageName, permName, persistentDeviceId,
+ userId);
+ mNewImplementation.grantRuntimePermission(packageName, permName, persistentDeviceId,
+ userId);
}
@Override
- public void revokeRuntimePermission(String packageName, String permName, int deviceId,
- @UserIdInt int userId, String reason) {
- mOldImplementation.revokeRuntimePermission(packageName, permName, deviceId, userId, reason);
- mNewImplementation.revokeRuntimePermission(packageName, permName, deviceId, userId, reason);
+ public void revokeRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, @UserIdInt int userId, String reason) {
+ mOldImplementation.revokeRuntimePermission(packageName, permName, persistentDeviceId,
+ userId, reason);
+ mNewImplementation.revokeRuntimePermission(packageName, permName, persistentDeviceId,
+ userId, reason);
}
@Override
@@ -296,9 +302,12 @@
}
@Override
- public int checkPermission(String pkgName, String permName, int deviceId, int userId) {
- int oldVal = mOldImplementation.checkPermission(pkgName, permName, deviceId, userId);
- int newVal = mNewImplementation.checkPermission(pkgName, permName, deviceId, userId);
+ public int checkPermission(String pkgName, String permName, String persistentDeviceId,
+ int userId) {
+ int oldVal = mOldImplementation.checkPermission(pkgName, permName, persistentDeviceId,
+ userId);
+ int newVal = mNewImplementation.checkPermission(pkgName, permName, persistentDeviceId,
+ userId);
if (!Objects.equals(oldVal, newVal)) {
signalImplDifference("checkPermission");
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java
index cbeede0..f21993c 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceTracingDecorator.java
@@ -158,10 +158,11 @@
}
@Override
- public int getPermissionFlags(String packageName, String permName, int deviceId, int userId) {
+ public int getPermissionFlags(String packageName, String permName, String persistentDeviceId,
+ int userId) {
Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#getPermissionFlags");
try {
- return mService.getPermissionFlags(packageName, permName, deviceId, userId);
+ return mService.getPermissionFlags(packageName, permName, persistentDeviceId, userId);
} finally {
Trace.traceEnd(TRACE_TAG);
}
@@ -169,12 +170,13 @@
@Override
public void updatePermissionFlags(String packageName, String permName, int flagMask,
- int flagValues, boolean checkAdjustPolicyFlagPermission, int deviceId, int userId) {
+ int flagValues, boolean checkAdjustPolicyFlagPermission, String persistentDeviceId,
+ int userId) {
Trace.traceBegin(TRACE_TAG,
"TaggedTracingPermissionManagerServiceImpl#updatePermissionFlags");
try {
mService.updatePermissionFlags(packageName, permName, flagMask, flagValues,
- checkAdjustPolicyFlagPermission, deviceId, userId);
+ checkAdjustPolicyFlagPermission, persistentDeviceId, userId);
} finally {
Trace.traceEnd(TRACE_TAG);
}
@@ -253,24 +255,25 @@
}
@Override
- public void grantRuntimePermission(String packageName, String permName, int deviceId,
- int userId) {
+ public void grantRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, int userId) {
Trace.traceBegin(TRACE_TAG,
"TaggedTracingPermissionManagerServiceImpl#grantRuntimePermission");
try {
- mService.grantRuntimePermission(packageName, permName, deviceId, userId);
+ mService.grantRuntimePermission(packageName, permName, persistentDeviceId, userId);
} finally {
Trace.traceEnd(TRACE_TAG);
}
}
@Override
- public void revokeRuntimePermission(String packageName, String permName, int deviceId,
- int userId, String reason) {
+ public void revokeRuntimePermission(String packageName, String permName,
+ String persistentDeviceId, int userId, String reason) {
Trace.traceBegin(TRACE_TAG,
"TaggedTracingPermissionManagerServiceImpl#revokeRuntimePermission");
try {
- mService.revokeRuntimePermission(packageName, permName, deviceId, userId, reason);
+ mService.revokeRuntimePermission(packageName, permName, persistentDeviceId, userId,
+ reason);
} finally {
Trace.traceEnd(TRACE_TAG);
}
@@ -324,10 +327,11 @@
}
@Override
- public int checkPermission(String pkgName, String permName, int deviceId, int userId) {
+ public int checkPermission(String pkgName, String permName, String persistentDeviceId,
+ int userId) {
Trace.traceBegin(TRACE_TAG, "TaggedTracingPermissionManagerServiceImpl#checkPermission");
try {
- return mService.checkPermission(pkgName, permName, deviceId, userId);
+ return mService.checkPermission(pkgName, permName, persistentDeviceId, userId);
} finally {
Trace.traceEnd(TRACE_TAG);
}
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 097d73a..1241ce6 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -423,6 +423,7 @@
with(policy) { removePermission(permission) }
}
}
+
private fun GetStateScope.getAndEnforcePermissionTree(permissionName: String): Permission {
val callingUid = Binder.getCallingUid()
val permissionTree = with(policy) { findPermissionTree(permissionName) }
@@ -486,9 +487,16 @@
)
return PackageManager.PERMISSION_DENIED
}
+
+ val persistentDeviceId = getPersistentDeviceId(deviceId)
+ if (persistentDeviceId == null) {
+ Slog.e(LOG_TAG, "Cannot find persistent device id for $deviceId.")
+ return PackageManager.PERMISSION_DENIED
+ }
+
val isPermissionGranted =
service.getState {
- isPermissionGranted(packageState, userId, permissionName, deviceId)
+ isPermissionGranted(packageState, userId, permissionName, persistentDeviceId)
}
return if (isPermissionGranted) {
PackageManager.PERMISSION_GRANTED
@@ -522,7 +530,7 @@
override fun checkPermission(
packageName: String,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
userId: Int
): Int {
if (!userManagerInternal.exists(userId)) {
@@ -536,7 +544,9 @@
?: return PackageManager.PERMISSION_DENIED
val isPermissionGranted =
- service.getState { isPermissionGranted(packageState, userId, permissionName, deviceId) }
+ service.getState {
+ isPermissionGranted(packageState, userId, permissionName, persistentDeviceId)
+ }
return if (isPermissionGranted) {
PackageManager.PERMISSION_GRANTED
} else {
@@ -554,13 +564,21 @@
packageState: PackageState,
userId: Int,
permissionName: String,
- deviceId: Int
+ persistentDeviceId: String
): Boolean {
val appId = packageState.appId
// Note that instant apps can't have shared UIDs, so we only need to check the current
// package state.
val isInstantApp = packageState.getUserStateOrDefault(userId).isInstantApp
- if (isSinglePermissionGranted(appId, userId, isInstantApp, permissionName, deviceId)) {
+ if (
+ isSinglePermissionGranted(
+ appId,
+ userId,
+ isInstantApp,
+ permissionName,
+ persistentDeviceId
+ )
+ ) {
return true
}
@@ -572,7 +590,7 @@
userId,
isInstantApp,
fullerPermissionName,
- deviceId
+ persistentDeviceId
)
) {
return true
@@ -587,9 +605,9 @@
userId: Int,
isInstantApp: Boolean,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
): Boolean {
- val flags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId)
+ val flags = getPermissionFlagsWithPolicy(appId, userId, permissionName, persistentDeviceId)
if (!PermissionFlags.isPermissionGranted(flags)) {
return false
}
@@ -626,7 +644,7 @@
packageState,
userId,
permissionName,
- Context.DEVICE_ID_DEFAULT
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT
)
) {
permissionName
@@ -670,16 +688,22 @@
override fun grantRuntimePermission(
packageName: String,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
userId: Int
) {
- setRuntimePermissionGranted(packageName, userId, permissionName, deviceId, isGranted = true)
+ setRuntimePermissionGranted(
+ packageName,
+ userId,
+ permissionName,
+ persistentDeviceId,
+ isGranted = true
+ )
}
override fun revokeRuntimePermission(
packageName: String,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
userId: Int,
reason: String?
) {
@@ -687,7 +711,7 @@
packageName,
userId,
permissionName,
- deviceId,
+ persistentDeviceId,
isGranted = false,
revokeReason = reason
)
@@ -701,7 +725,7 @@
packageName,
userId,
Manifest.permission.POST_NOTIFICATIONS,
- Context.DEVICE_ID_DEFAULT,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
isGranted = false,
skipKillUid = true
)
@@ -715,7 +739,7 @@
packageName: String,
userId: Int,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
isGranted: Boolean,
skipKillUid: Boolean = false,
revokeReason: String? = null
@@ -739,7 +763,8 @@
" permissionName = $permissionName" +
(if (isGranted) "" else "skipKillUid = $skipKillUid, reason = $revokeReason") +
", userId = $userId," +
- " callingUid = $callingUidName ($callingUid))",
+ " callingUid = $callingUidName ($callingUid))," +
+ " persistentDeviceId = $persistentDeviceId",
RuntimeException()
)
}
@@ -809,7 +834,7 @@
packageState,
userId,
permissionName,
- deviceId,
+ persistentDeviceId,
isGranted,
canManageRolePermission,
overridePolicyFixed,
@@ -853,7 +878,7 @@
packageState,
userId,
permissionName,
- Context.DEVICE_ID_DEFAULT,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
isGranted = true,
canManageRolePermission = false,
overridePolicyFixed = false,
@@ -864,7 +889,7 @@
packageState.appId,
userId,
permissionName,
- Context.DEVICE_ID_DEFAULT,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED or
PackageManager.FLAG_PERMISSION_REVOKED_COMPAT,
0,
@@ -897,7 +922,7 @@
packageState: PackageState,
userId: Int,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
isGranted: Boolean,
canManageRolePermission: Boolean,
overridePolicyFixed: Boolean,
@@ -956,12 +981,14 @@
}
val appId = packageState.appId
- val oldFlags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId)
+ val oldFlags =
+ getPermissionFlagsWithPolicy(appId, userId, permissionName, persistentDeviceId)
if (permissionName !in androidPackage.requestedPermissions && oldFlags == 0) {
if (reportError) {
Slog.e(
- LOG_TAG, "Permission $permissionName isn't requested by package $packageName"
+ LOG_TAG,
+ "Permission $permissionName isn't requested by package $packageName"
)
}
return
@@ -1027,7 +1054,7 @@
return
}
- setPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId, newFlags)
+ setPermissionFlagsWithPolicy(appId, userId, permissionName, persistentDeviceId, newFlags)
if (permission.isRuntime) {
val action =
@@ -1061,7 +1088,7 @@
override fun getPermissionFlags(
packageName: String,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
userId: Int,
): Int {
if (!userManagerInternal.exists(userId)) {
@@ -1097,7 +1124,12 @@
}
val flags =
- getPermissionFlagsWithPolicy(packageState.appId, userId, permissionName, deviceId)
+ getPermissionFlagsWithPolicy(
+ packageState.appId,
+ userId,
+ permissionName,
+ persistentDeviceId
+ )
return PermissionFlags.toApiFlags(flags)
}
@@ -1127,13 +1159,24 @@
}
?: return false
+ val persistentDeviceId = getPersistentDeviceId(deviceId)
+ if (persistentDeviceId == null) {
+ Slog.w(LOG_TAG, "Cannot find persistent device Id for $deviceId")
+ return false
+ }
+
service.getState {
- if (isPermissionGranted(packageState, userId, permissionName, deviceId)) {
+ if (isPermissionGranted(packageState, userId, permissionName, persistentDeviceId)) {
return false
}
val flags =
- getPermissionFlagsWithPolicy(packageState.appId, userId, permissionName, deviceId)
+ getPermissionFlagsWithPolicy(
+ packageState.appId,
+ userId,
+ permissionName,
+ persistentDeviceId
+ )
return flags.hasBits(PermissionFlags.POLICY_FIXED)
}
@@ -1183,13 +1226,19 @@
return false
}
+ val persistentDeviceId = getPersistentDeviceId(deviceId)
+ if (persistentDeviceId == null) {
+ Slog.w(LOG_TAG, "Cannot find persistent device Id for $deviceId")
+ return false
+ }
+
val flags: Int
service.getState {
- if (isPermissionGranted(packageState, userId, permissionName, deviceId)) {
+ if (isPermissionGranted(packageState, userId, permissionName, persistentDeviceId)) {
return false
}
- flags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId)
+ flags = getPermissionFlagsWithPolicy(appId, userId, permissionName, persistentDeviceId)
}
if (flags.hasAnyBit(UNREQUESTABLE_MASK)) {
return false
@@ -1228,7 +1277,7 @@
flagMask: Int,
flagValues: Int,
enforceAdjustPolicyPermission: Boolean,
- deviceId: Int,
+ persistentDeviceId: String,
userId: Int
) {
val callingUid = Binder.getCallingUid()
@@ -1254,6 +1303,7 @@
"updatePermissionFlags(packageName = $packageName," +
" permissionName = $permissionName, flagMask = $flagMaskString," +
" flagValues = $flagValuesString, userId = $userId," +
+ " persistentDeviceId = $persistentDeviceId," +
" callingUid = $callingUidName ($callingUid))",
RuntimeException()
)
@@ -1343,7 +1393,7 @@
appId,
userId,
permissionName,
- deviceId,
+ persistentDeviceId,
flagMask,
flagValues,
canUpdateSystemFlags,
@@ -1410,7 +1460,7 @@
packageState.appId,
userId,
permissionName,
- Context.DEVICE_ID_DEFAULT,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
flagMask,
flagValues,
canUpdateSystemFlags,
@@ -1429,7 +1479,7 @@
appId: Int,
userId: Int,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
flagMask: Int,
flagValues: Int,
canUpdateSystemFlags: Boolean,
@@ -1463,7 +1513,8 @@
return
}
- val oldFlags = getPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId)
+ val oldFlags =
+ getPermissionFlagsWithPolicy(appId, userId, permissionName, persistentDeviceId)
if (!isPermissionRequested && oldFlags == 0) {
Slog.w(
LOG_TAG,
@@ -1474,7 +1525,7 @@
}
val newFlags = PermissionFlags.updateFlags(permission, oldFlags, flagMask, flagValues)
- setPermissionFlagsWithPolicy(appId, userId, permissionName, deviceId, newFlags)
+ setPermissionFlagsWithPolicy(appId, userId, permissionName, persistentDeviceId, newFlags)
}
override fun getAllowlistedRestrictedPermissions(
@@ -1549,10 +1600,12 @@
appId: Int,
userId: Int,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
): Int {
- return if (!Flags.deviceAwarePermissionApisEnabled() ||
- deviceId == Context.DEVICE_ID_DEFAULT) {
+ return if (
+ !Flags.deviceAwarePermissionApisEnabled() ||
+ persistentDeviceId == VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT
+ ) {
with(policy) { getPermissionFlags(appId, userId, permissionName) }
} else {
if (permissionName !in DEVICE_AWARE_PERMISSIONS) {
@@ -1563,19 +1616,8 @@
)
return with(policy) { getPermissionFlags(appId, userId, permissionName) }
}
- val virtualDeviceManagerInternal = virtualDeviceManagerInternal
- if (virtualDeviceManagerInternal == null) {
- Slog.e(LOG_TAG, "Virtual device manager service is not available.")
- return 0
- }
- val persistentDeviceId = virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId)
- if (persistentDeviceId != null) {
- with(devicePolicy) {
- getPermissionFlags(appId, persistentDeviceId, userId, permissionName)
- }
- } else {
- Slog.e(LOG_TAG, "Invalid device ID $deviceId.")
- 0
+ with(devicePolicy) {
+ getPermissionFlags(appId, persistentDeviceId, userId, permissionName)
}
}
}
@@ -1584,11 +1626,13 @@
appId: Int,
userId: Int,
permissionName: String,
- deviceId: Int,
+ persistentDeviceId: String,
flags: Int
): Boolean {
- return if (!Flags.deviceAwarePermissionApisEnabled() ||
- deviceId == Context.DEVICE_ID_DEFAULT) {
+ return if (
+ !Flags.deviceAwarePermissionApisEnabled() ||
+ persistentDeviceId == VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT
+ ) {
with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
} else {
if (permissionName !in DEVICE_AWARE_PERMISSIONS) {
@@ -1600,23 +1644,24 @@
return with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
}
- val virtualDeviceManagerInternal = virtualDeviceManagerInternal
- if (virtualDeviceManagerInternal == null) {
- Slog.e(LOG_TAG, "Virtual device manager service is not available.")
- return false
- }
- val persistentDeviceId = virtualDeviceManagerInternal.getPersistentIdForDevice(deviceId)
- if (persistentDeviceId != null) {
- with(devicePolicy) {
- setPermissionFlags(appId, persistentDeviceId, userId, permissionName, flags)
- }
- } else {
- Slog.e(LOG_TAG, "Invalid device ID $deviceId.")
- false
+ with(devicePolicy) {
+ setPermissionFlags(appId, persistentDeviceId, userId, permissionName, flags)
}
}
}
+ private fun getPersistentDeviceId(deviceId: Int): String? {
+ if (deviceId == Context.DEVICE_ID_DEFAULT) {
+ return VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT
+ }
+
+ if (virtualDeviceManagerInternal == null) {
+ virtualDeviceManagerInternal =
+ LocalServices.getService(VirtualDeviceManagerInternal::class.java)
+ }
+ return virtualDeviceManagerInternal?.getPersistentIdForDevice(deviceId)
+ }
+
/**
* This method does not enforce checks on the caller, should only be called after required
* checks.
diff --git a/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java b/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java
index bb91939..067dd3b 100644
--- a/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java
+++ b/services/tests/mockingservicestests/src/com/android/server/am/BackgroundRestrictionTest.java
@@ -113,6 +113,7 @@
import android.app.NotificationManager;
import android.app.role.RoleManager;
import android.app.usage.AppStandbyInfo;
+import android.companion.virtual.VirtualDeviceManager;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
@@ -2439,7 +2440,8 @@
doReturn(granted ? PERMISSION_GRANTED : PERMISSION_DENIED)
.when(mPermissionManagerServiceInternal)
.checkPermission(
- packageName, perm, Context.DEVICE_ID_DEFAULT, UserHandle.getUserId(uid));
+ packageName, perm, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT,
+ UserHandle.getUserId(uid));
try {
doReturn(granted ? PERMISSION_GRANTED : PERMISSION_DENIED)
.when(mIActivityManager)
diff --git a/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java b/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java
index bf87e3a..1ae6e63 100644
--- a/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/BackgroundInstallControlServiceTest.java
@@ -407,7 +407,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PackageManager.PERMISSION_DENIED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, 0);
mTestLooper.dispatchAll();
assertEquals(
@@ -420,7 +420,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(UsageEvents.Event.ACTIVITY_RESUMED, USER_ID_1, INSTALLER_NAME_1, 0);
mTestLooper.dispatchAll();
assertEquals(
@@ -433,7 +433,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(UsageEvents.Event.USER_INTERACTION, USER_ID_1, INSTALLER_NAME_1, 0);
mTestLooper.dispatchAll();
assertEquals(
@@ -446,7 +446,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
@@ -473,7 +473,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
@@ -502,7 +502,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
@@ -540,7 +540,7 @@
0, mBackgroundInstallControlService.getInstallerForegroundTimeFrames().numMaps());
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
Event.ACTIVITY_STOPPED, USER_ID_1, INSTALLER_NAME_1, USAGE_EVENT_TIMESTAMP_1);
mTestLooper.dispatchAll();
@@ -624,7 +624,7 @@
// mBackgroundInstallControlService.getBackgroundInstalledPackages()
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
@@ -673,7 +673,7 @@
// mBackgroundInstallControlService.getBackgroundInstalledPackages()
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
@@ -727,7 +727,7 @@
// mBackgroundInstallControlService.getBackgroundInstalledPackages()
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_2,
@@ -782,7 +782,7 @@
// install getBackgroundInstalledPackages() is expected to return null
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
@@ -835,7 +835,7 @@
// install getBackgroundInstalledPackages() is expected to return null
doReturn(PERMISSION_GRANTED)
.when(mPermissionManager)
- .checkPermission(anyString(), anyString(), anyInt(), anyInt());
+ .checkPermission(anyString(), anyString(), anyString(), anyInt());
generateUsageEvent(
UsageEvents.Event.ACTIVITY_RESUMED,
USER_ID_1,
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java b/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java
index 3034942..2f52d5c 100644
--- a/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java
@@ -36,6 +36,7 @@
import static org.mockito.Mockito.when;
import android.Manifest;
+import android.companion.virtual.VirtualDeviceManager;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager;
@@ -246,9 +247,11 @@
mPermissionHelper.setNotificationPermission("pkg", 10, true, true);
verify(mPermManager).grantRuntimePermission(
- "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10);
+ "pkg", Manifest.permission.POST_NOTIFICATIONS,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS,
- USER_FLAG_MASK, FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, 10);
+ USER_FLAG_MASK, FLAG_PERMISSION_USER_SET, true,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
}
@Test
@@ -258,15 +261,17 @@
.thenReturn(PERMISSION_DENIED);
when(mPermManager.getPermissionFlags(anyString(),
eq(Manifest.permission.POST_NOTIFICATIONS),
- anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_GRANTED_BY_DEFAULT);
+ anyString(), anyInt())).thenReturn(FLAG_PERMISSION_GRANTED_BY_DEFAULT);
PermissionHelper.PackagePermission pkgPerm = new PermissionHelper.PackagePermission(
"pkg", 10, true, false);
mPermissionHelper.setNotificationPermission(pkgPerm);
verify(mPermManager).grantRuntimePermission(
- "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10);
+ "pkg", Manifest.permission.POST_NOTIFICATIONS,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS,
- USER_FLAG_MASK, FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, 10);
+ USER_FLAG_MASK, FLAG_PERMISSION_USER_SET, true,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
}
@Test
@@ -278,9 +283,10 @@
verify(mPermManager).revokeRuntimePermission(
eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS),
- eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString());
+ eq(VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT), eq(10), anyString());
verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS,
- USER_FLAG_MASK, FLAG_PERMISSION_USER_SET, true, Context.DEVICE_ID_DEFAULT, 10);
+ USER_FLAG_MASK, FLAG_PERMISSION_USER_SET, true,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
}
@Test
@@ -291,9 +297,10 @@
mPermissionHelper.setNotificationPermission("pkg", 10, true, false);
verify(mPermManager).grantRuntimePermission(
- "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10);
+ "pkg", Manifest.permission.POST_NOTIFICATIONS,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS,
- USER_FLAG_MASK, 0, true, Context.DEVICE_ID_DEFAULT, 10);
+ USER_FLAG_MASK, 0, true, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
}
@Test
@@ -305,35 +312,35 @@
verify(mPermManager).revokeRuntimePermission(
eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS),
- eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString());
+ eq(VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT), eq(10), anyString());
verify(mPermManager).updatePermissionFlags("pkg", Manifest.permission.POST_NOTIFICATIONS,
- USER_FLAG_MASK, 0, true, Context.DEVICE_ID_DEFAULT, 10);
+ USER_FLAG_MASK, 0, true, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
}
@Test
public void testSetNotificationPermission_SystemFixedPermNotSet() throws Exception {
when(mPermManager.getPermissionFlags(anyString(),
eq(Manifest.permission.POST_NOTIFICATIONS),
- anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED);
+ anyString(), anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED);
mPermissionHelper.setNotificationPermission("pkg", 10, false, true);
verify(mPermManager, never()).revokeRuntimePermission(
- anyString(), anyString(), anyInt(), anyInt(), anyString());
+ anyString(), anyString(), anyString(), anyInt(), anyString());
verify(mPermManager, never()).updatePermissionFlags(
- anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyInt(), anyInt());
+ anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyString(), anyInt());
}
@Test
public void testSetNotificationPermission_PolicyFixedPermNotSet() throws Exception {
when(mPermManager.getPermissionFlags(anyString(),
eq(Manifest.permission.POST_NOTIFICATIONS),
- anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_POLICY_FIXED);
+ anyString(), anyInt())).thenReturn(FLAG_PERMISSION_POLICY_FIXED);
mPermissionHelper.setNotificationPermission("pkg", 10, false, true);
verify(mPermManager, never()).revokeRuntimePermission(
- anyString(), anyString(), anyInt(), anyInt(), anyString());
+ anyString(), anyString(), anyString(), anyInt(), anyString());
verify(mPermManager, never()).updatePermissionFlags(
- anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyInt(), anyInt());
+ anyString(), anyString(), anyInt(), anyInt(), anyBoolean(), anyString(), anyInt());
}
@Test
@@ -343,7 +350,8 @@
mPermissionHelper.setNotificationPermission("pkg", 10, true, false);
verify(mPermManager, never()).grantRuntimePermission(
- "pkg", Manifest.permission.POST_NOTIFICATIONS, Context.DEVICE_ID_DEFAULT, 10);
+ "pkg", Manifest.permission.POST_NOTIFICATIONS,
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, 10);
}
@Test
@@ -354,7 +362,7 @@
verify(mPermManager, never()).revokeRuntimePermission(
eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS),
- eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString());
+ eq(VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT), eq(10), anyString());
}
@Test
@@ -365,7 +373,7 @@
when(mPackageManager.getPackageUid(anyString(), anyInt(), anyInt()))
.thenReturn(testUid);
PackageInfo testPkgInfo = new PackageInfo();
- testPkgInfo.requestedPermissions = new String[]{ Manifest.permission.RECORD_AUDIO };
+ testPkgInfo.requestedPermissions = new String[]{Manifest.permission.RECORD_AUDIO};
when(mPackageManager.getPackageInfo(anyString(), anyLong(), anyInt()))
.thenReturn(testPkgInfo);
mPermissionHelper.setNotificationPermission("pkg", 10, false, false);
@@ -374,26 +382,26 @@
eq(Manifest.permission.POST_NOTIFICATIONS), eq(-1), eq(testUid));
verify(mPermManager, never()).revokeRuntimePermission(
eq("pkg"), eq(Manifest.permission.POST_NOTIFICATIONS),
- eq(Context.DEVICE_ID_DEFAULT), eq(10), anyString());
+ eq(VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT), eq(10), anyString());
}
@Test
public void testIsPermissionFixed() throws Exception {
when(mPermManager.getPermissionFlags(anyString(),
eq(Manifest.permission.POST_NOTIFICATIONS),
- anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_USER_SET);
+ anyString(), anyInt())).thenReturn(FLAG_PERMISSION_USER_SET);
assertThat(mPermissionHelper.isPermissionFixed("pkg", 0)).isFalse();
when(mPermManager.getPermissionFlags(anyString(),
- eq(Manifest.permission.POST_NOTIFICATIONS), anyInt(),
- anyInt())).thenReturn(FLAG_PERMISSION_USER_SET|FLAG_PERMISSION_POLICY_FIXED);
+ eq(Manifest.permission.POST_NOTIFICATIONS), anyString(),
+ anyInt())).thenReturn(FLAG_PERMISSION_USER_SET | FLAG_PERMISSION_POLICY_FIXED);
assertThat(mPermissionHelper.isPermissionFixed("pkg", 0)).isTrue();
when(mPermManager.getPermissionFlags(anyString(),
eq(Manifest.permission.POST_NOTIFICATIONS),
- anyInt(), anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED);
+ anyString(), anyInt())).thenReturn(FLAG_PERMISSION_SYSTEM_FIXED);
assertThat(mPermissionHelper.isPermissionFixed("pkg", 0)).isTrue();
}
@@ -435,19 +443,19 @@
// 2 and 3 are user-set permissions
when(mPermManager.getPermissionFlags("first", Manifest.permission.POST_NOTIFICATIONS,
- Context.DEVICE_ID_DEFAULT, userId))
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId))
.thenReturn(0);
when(mPermManager.getPermissionFlags("second", Manifest.permission.POST_NOTIFICATIONS,
- Context.DEVICE_ID_DEFAULT, userId))
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId))
.thenReturn(FLAG_PERMISSION_USER_SET);
when(mPermManager.getPermissionFlags("third", Manifest.permission.POST_NOTIFICATIONS,
- Context.DEVICE_ID_DEFAULT, userId))
+ VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, userId))
.thenReturn(FLAG_PERMISSION_USER_SET);
Map<Pair<Integer, String>, Pair<Boolean, Boolean>> expected =
ImmutableMap.of(new Pair(1, "first"), new Pair(true, false),
- new Pair(2, "second"), new Pair(true, true),
- new Pair(3, "third"), new Pair(false, true));
+ new Pair(2, "second"), new Pair(true, true),
+ new Pair(3, "third"), new Pair(false, true));
Map<Pair<Integer, String>, Pair<Boolean, Boolean>> actual =
mPermissionHelper.getNotificationPermissionValues(userId);