Merge "Require CREATE_VIRTUAL_DEVICE permission to register or unregister an AccessibilityDisplayProxy" into udc-dev
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index e65cd42..3307a4f 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -17290,9 +17290,9 @@
public final class AccessibilityManager {
method public int getAccessibilityWindowId(@Nullable android.os.IBinder);
method @RequiresPermission(android.Manifest.permission.MANAGE_ACCESSIBILITY) public void performAccessibilityShortcut();
- method @RequiresPermission(android.Manifest.permission.MANAGE_ACCESSIBILITY) public boolean registerDisplayProxy(@NonNull android.view.accessibility.AccessibilityDisplayProxy);
+ method @RequiresPermission(allOf={android.Manifest.permission.MANAGE_ACCESSIBILITY, android.Manifest.permission.CREATE_VIRTUAL_DEVICE}) public boolean registerDisplayProxy(@NonNull android.view.accessibility.AccessibilityDisplayProxy);
method @RequiresPermission(android.Manifest.permission.MANAGE_ACCESSIBILITY) public void registerSystemAction(@NonNull android.app.RemoteAction, int);
- method @RequiresPermission(android.Manifest.permission.MANAGE_ACCESSIBILITY) public boolean unregisterDisplayProxy(@NonNull android.view.accessibility.AccessibilityDisplayProxy);
+ method @RequiresPermission(allOf={android.Manifest.permission.MANAGE_ACCESSIBILITY, android.Manifest.permission.CREATE_VIRTUAL_DEVICE}) public boolean unregisterDisplayProxy(@NonNull android.view.accessibility.AccessibilityDisplayProxy);
method @RequiresPermission(android.Manifest.permission.MANAGE_ACCESSIBILITY) public void unregisterSystemAction(int);
}
diff --git a/core/java/android/view/accessibility/AccessibilityManager.java b/core/java/android/view/accessibility/AccessibilityManager.java
index aa631cf..9504852 100644
--- a/core/java/android/view/accessibility/AccessibilityManager.java
+++ b/core/java/android/view/accessibility/AccessibilityManager.java
@@ -2068,12 +2068,14 @@
* {@link android.view.Display#INVALID_DISPLAY}, or is already being proxy-ed.
*
* @throws SecurityException if the app does not hold the
- * {@link Manifest.permission#MANAGE_ACCESSIBILITY} permission.
+ * {@link Manifest.permission#MANAGE_ACCESSIBILITY} permission or the
+ * {@link Manifest.permission#CREATE_VIRTUAL_DEVICE} permission.
*
* @hide
*/
@SystemApi
- @RequiresPermission(Manifest.permission.MANAGE_ACCESSIBILITY)
+ @RequiresPermission(allOf = {Manifest.permission.MANAGE_ACCESSIBILITY,
+ Manifest.permission.CREATE_VIRTUAL_DEVICE})
public boolean registerDisplayProxy(@NonNull AccessibilityDisplayProxy proxy) {
final IAccessibilityManager service;
synchronized (mLock) {
@@ -2096,12 +2098,14 @@
* @return {@code true} if the proxy is successfully unregistered.
*
* @throws SecurityException if the app does not hold the
- * {@link Manifest.permission#MANAGE_ACCESSIBILITY} permission.
+ * {@link Manifest.permission#MANAGE_ACCESSIBILITY} permission or the
+ * {@link Manifest.permission#CREATE_VIRTUAL_DEVICE} permission.
*
* @hide
*/
@SystemApi
- @RequiresPermission(Manifest.permission.MANAGE_ACCESSIBILITY)
+ @RequiresPermission(allOf = {Manifest.permission.MANAGE_ACCESSIBILITY,
+ Manifest.permission.CREATE_VIRTUAL_DEVICE})
public boolean unregisterDisplayProxy(@NonNull AccessibilityDisplayProxy proxy) {
final IAccessibilityManager service;
synchronized (mLock) {
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index 25381be..7fba72b 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -3801,6 +3801,7 @@
public boolean registerProxyForDisplay(IAccessibilityServiceClient client, int displayId)
throws RemoteException {
mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY);
+ mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE);
if (client == null) {
return false;
}
@@ -3837,6 +3838,7 @@
@Override
public boolean unregisterProxyForDisplay(int displayId) {
mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY);
+ mSecurityPolicy.enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE);
final long identity = Binder.clearCallingIdentity();
try {
return mProxyManager.unregisterProxy(displayId);
diff --git a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
index 503e579..96eca71 100644
--- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
@@ -289,7 +289,7 @@
@SmallTest
@Test
- public void testRegisterProxyWithoutPermission() throws Exception {
+ public void testRegisterProxyWithoutA11yPermission() throws Exception {
doThrow(SecurityException.class).when(mMockSecurityPolicy)
.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY);
@@ -301,6 +301,18 @@
@SmallTest
@Test
+ public void testRegisterProxyWithoutDevicePermission() throws Exception {
+ doThrow(SecurityException.class).when(mMockSecurityPolicy)
+ .enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE);
+
+ assertThrows(SecurityException.class,
+ () -> mA11yms.registerProxyForDisplay(mMockServiceClient, TEST_DISPLAY));
+ verify(mProxyManager, never()).registerProxy(any(), anyInt(), any(), anyInt(), any(), any(),
+ any(), any(), any());
+ }
+
+ @SmallTest
+ @Test
public void testRegisterProxyForDefaultDisplay() throws Exception {
assertThrows(IllegalArgumentException.class,
() -> mA11yms.registerProxyForDisplay(mMockServiceClient, Display.DEFAULT_DISPLAY));
@@ -328,7 +340,7 @@
@SmallTest
@Test
- public void testUnRegisterProxyWithoutPermission() throws Exception {
+ public void testUnRegisterProxyWithoutA11yPermission() {
doThrow(SecurityException.class).when(mMockSecurityPolicy)
.enforceCallingOrSelfPermission(Manifest.permission.MANAGE_ACCESSIBILITY);
@@ -339,6 +351,17 @@
@SmallTest
@Test
+ public void testUnRegisterProxyWithoutDevicePermission() {
+ doThrow(SecurityException.class).when(mMockSecurityPolicy)
+ .enforceCallingOrSelfPermission(Manifest.permission.CREATE_VIRTUAL_DEVICE);
+
+ assertThrows(SecurityException.class,
+ () -> mA11yms.unregisterProxyForDisplay(TEST_DISPLAY));
+ verify(mProxyManager, never()).unregisterProxy(TEST_DISPLAY);
+ }
+
+ @SmallTest
+ @Test
public void testOnMagnificationTransitionFailed_capabilitiesIsAll_fallBackToPreviousMode() {
final AccessibilityUserState userState = mA11yms.mUserStates.get(
mA11yms.getCurrentUserIdLocked());