diff options
author | Eugene Susla <eugenesusla@google.com> | 2020-03-04 14:25:57 -0800 |
---|---|---|
committer | Eugene Susla <eugenesusla@google.com> | 2020-03-09 22:38:36 +0000 |
commit | f72bcc8e36e31d743a8c457547436f9777f98b60 (patch) | |
tree | df8235dc0dd1f213fcfec41b063666fdebc36aab | |
parent | e97864e7ccb2d265c95e7281558e1b4f176aaa9e (diff) | |
download | Permission-f72bcc8e36e31d743a8c457547436f9777f98b60.tar.gz |
Replace auto-revoke whitelist permission flags with appop
Bug: 146513245
Test: presubmit
Change-Id: Id0a04dd32ecf4774d90fc4c0da9c16a055b145d0
5 files changed, 78 insertions, 33 deletions
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/AppOpLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/AppOpLiveData.kt new file mode 100644 index 000000000..a916cf8e8 --- /dev/null +++ b/PermissionController/src/com/android/permissioncontroller/permission/data/AppOpLiveData.kt @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.permissioncontroller.permission.data + +import android.app.AppOpsManager +import android.app.Application +import com.android.permissioncontroller.PermissionControllerApplication + +/** + * A LiveData which represents the appop state + * + * @param app The current application + * @param packageName The name of the package + * @param op The name of the appop + * @param uid The uid of the package + * + * @see AppOpsManager + */ +//TODO eugenesusla: observe appops +//TODO eugenesusla: use for external storage +class AppOpLiveData private constructor( + private val app: Application, + private val packageName: String, + private val op: String, + private val uid: Int +) : SmartUpdateMediatorLiveData<Int>() { + + val appOpsManager = app.getSystemService(AppOpsManager::class.java)!! + + override fun onUpdate() { + value = appOpsManager.unsafeCheckOpNoThrow(op, uid, packageName) + } + + /** + * Repository for AppOpLiveData. + * <p> Key value is a triple of string package name, string appop, and + * package uid, value is its corresponding LiveData. + */ + companion object : DataRepository<Triple<String, String, Int>, AppOpLiveData>() { + override fun newValue(key: Triple<String, String, Int>): AppOpLiveData { + return AppOpLiveData(PermissionControllerApplication.get(), + key.first, key.second, key.third) + } + } +}
\ No newline at end of file diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java index b923b301d..556c664c5 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java +++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java @@ -1406,11 +1406,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> | (permission.isPolicyFixed() ? PackageManager.FLAG_PERMISSION_POLICY_FIXED : 0) | (permission.isReviewRequired() ? PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED : 0) - | (permission.isOneTime() ? PackageManager.FLAG_PERMISSION_ONE_TIME : 0) - | (permission.isAutoRevoke() - ? PackageManager.FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED : 0) - | (permission.isAutoRevokeUserSet() - ? PackageManager.FLAG_PERMISSION_AUTO_REVOKE_USER_SET : 0); + | (permission.isOneTime() ? PackageManager.FLAG_PERMISSION_ONE_TIME : 0); mPackageManager.updatePermissionFlags(permission.getName(), mPackageInfo.packageName, diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java index b5a315993..49381db2b 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java +++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java @@ -261,20 +261,6 @@ public final class Permission { return (mFlags & PackageManager.FLAG_PERMISSION_ONE_TIME) != 0; } - /** - * @see PackageManager#FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED - */ - public boolean isAutoRevoke() { - return (mFlags & PackageManager.FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED) != 0; - } - - /** - * @see PackageManager#FLAG_PERMISSION_AUTO_REVOKE_USER_SET - */ - public boolean isAutoRevokeUserSet() { - return (mFlags & PackageManager.FLAG_PERMISSION_AUTO_REVOKE_USER_SET) != 0; - } - public void setUserSet(boolean userSet) { if (userSet) { mFlags |= PackageManager.FLAG_PERMISSION_USER_SET; diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt b/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt index 1fc5f6d32..c94621f19 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt @@ -68,10 +68,6 @@ data class LightPermission( val isGrantedByDefault = flags and PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT != 0 /** Whether this permission is granted by role */ val isGrantedByRole = flags and PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE != 0 - /** Whether this permission is not whitelisted from being auto-revoked when app is unused */ - val isAutoRevokable = flags and PackageManager.FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED != 0 - /** Whether [isAutoRevokable] was set by user */ - val isAutoRevokableUserSet = flags and PackageManager.FLAG_PERMISSION_AUTO_REVOKE_USER_SET != 0 override fun toString() = buildString { append(name) @@ -85,7 +81,5 @@ data class LightPermission( if (isOneTime) append(", OneTime") if (isGrantedByDefault) append(", GrantedByDefault") if (isGrantedByRole) append(", GrantedByRole") - if (isAutoRevokable) append(", AutoRevokable") - if (isAutoRevokableUserSet) append(", AutoRevokableUserSet") } }
\ No newline at end of file diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt index f92e3e2ea..7f83a2b06 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt @@ -20,6 +20,8 @@ package com.android.permissioncontroller.permission.service import android.app.ActivityManager import android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_TOP_SLEEPING +import android.app.AppOpsManager +import android.app.AppOpsManager.OPSTR_AUTO_REVOKE_PERMISSIONS_IF_UNUSED import android.app.job.JobInfo import android.app.job.JobParameters import android.app.job.JobScheduler @@ -41,10 +43,7 @@ import com.android.permissioncontroller.Constants import com.android.permissioncontroller.PermissionControllerStatsLog import com.android.permissioncontroller.PermissionControllerStatsLog.PERMISSION_GRANT_REQUEST_RESULT_REPORTED import com.android.permissioncontroller.PermissionControllerStatsLog.PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__AUTO_UNUSED_APP_PERMISSION_REVOKED -import com.android.permissioncontroller.permission.data.LightAppPermGroupLiveData -import com.android.permissioncontroller.permission.data.PackagePermissionsLiveData -import com.android.permissioncontroller.permission.data.UserPackageInfosLiveData -import com.android.permissioncontroller.permission.data.get +import com.android.permissioncontroller.permission.data.* import com.android.permissioncontroller.permission.model.livedatatypes.LightAppPermGroup import com.android.permissioncontroller.permission.model.livedatatypes.LightPackageInfo import com.android.permissioncontroller.permission.utils.KotlinUtils @@ -145,6 +144,20 @@ private suspend fun revokePermissionsOnUnusedApps(context: Context) { return@forEachInParallel } + val whitelistAppOpMode = + AppOpLiveData[pkg.packageName, OPSTR_AUTO_REVOKE_PERMISSIONS_IF_UNUSED, pkg.uid] + .getInitializedValue() + if (whitelistAppOpMode == AppOpsManager.MODE_IGNORED) { + // User exempt + return@forEachInParallel + } + if (whitelistAppOpMode != AppOpsManager.MODE_ALLOWED) { + // Override whitelist exemption when debugging to allow for testing + if (!DEBUG) { + // TODO eugenesusla: if manifest flag exempt -> return + } + } + val pkgPermGroups: Map<String, List<String>> = PackagePermissionsLiveData[pkg.packageName, myUserHandle()] .getInitializedValue(staleOk = true) @@ -165,10 +178,7 @@ private suspend fun revokePermissionsOnUnusedApps(context: Context) { !group.isGrantedByDefault && !group.isGrantedByRole) { - val revocablePermissions = group.permissions.filter { (_, perm) -> - // Override whitelist with DEBUG to allow testing - DEBUG || perm.isAutoRevokable - }.keys.toList() + val revocablePermissions = group.permissions.keys.toList() if (revocablePermissions.isEmpty()) { return@forEachInParallel |