diff options
author | Jay Sullivan <jaysullivan@google.com> | 2023-11-01 02:05:46 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2023-11-01 02:05:46 +0000 |
commit | 161934a56f1d500e27d5d281491e4290cefe61b1 (patch) | |
tree | 093e24fee271b7bf60dbd22c807da6158c7dfd45 /PermissionController/role-controller | |
parent | 4459d68092590d8f5c2914f0025d30c122264757 (diff) | |
parent | 7454eaa359377a1d9fc599df194694d06684263f (diff) | |
download | Permission-161934a56f1d500e27d5d281491e4290cefe61b1.tar.gz |
Merge changes I8112f896,Ib566ee05,I65f2d488 into main
* changes:
[Role Logic Move] Lift user from RoleControllerServiceImpl
[Role Logic Move] Lift user from grant/revoke
[Role Logic Move] Call Role/PackageManager with UserContext
Diffstat (limited to 'PermissionController/role-controller')
14 files changed, 142 insertions, 130 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java index 205b185a0..f64c3bcf0 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/BrowserRoleBehavior.java @@ -21,7 +21,6 @@ import android.content.Intent; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.net.Uri; -import android.os.Process; import android.os.UserHandle; import android.util.ArraySet; @@ -133,24 +132,25 @@ public class BrowserRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { // @see com.android.server.pm.permission.DefaultPermissionGrantPolicy // #grantDefaultPermissionsToDefaultBrowser(java.lang.String, int) if (SdkLevel.isAtLeastS()) { if (PackageUtils.isSystemPackageAsUser(packageName, user, context)) { - Permissions.grant(packageName, SYSTEM_BROWSER_PERMISSIONS, false, false, true, - false, false, context); + Permissions.grantAsUser(packageName, SYSTEM_BROWSER_PERMISSIONS, false, false, + true, false, false, user, context); } } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastT()) { - if (PackageUtils.isSystemPackageAsUser(packageName, Process.myUserHandle(), context)) { - Permissions.revoke(packageName, SYSTEM_BROWSER_PERMISSIONS, true, false, false, - context); + if (PackageUtils.isSystemPackageAsUser(packageName, user, context)) { + Permissions.revokeAsUser(packageName, SYSTEM_BROWSER_PERMISSIONS, true, false, + false, user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java index edd0b99f3..6ae920270 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceAppStreamingRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceAppStreamingRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java index d61c30a88..ac6a432dc 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceComputerRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceComputerRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java index 136c64cd8..429c03de3 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceGlassesRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceGlassesRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java index a666122b2..256020800 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/CompanionDeviceWatchRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -32,14 +31,14 @@ import com.android.role.controller.util.NotificationUtils; public class CompanionDeviceWatchRoleBehavior implements RoleBehavior { @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.grantNotificationAccessForPackageAsUser(packageName, user, context); } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { NotificationUtils.revokeNotificationAccessForPackageAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java index 2c79c3c6b..d0ee2d5bf 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/DialerRoleBehavior.java @@ -17,7 +17,6 @@ package com.android.role.controller.behavior; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import android.telephony.TelephonyManager; @@ -56,21 +55,22 @@ public class DialerRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS()) { if (PackageUtils.isSystemPackageAsUser(packageName, user, context)) { - Permissions.grant(packageName, SYSTEM_DIALER_PERMISSIONS, false, false, - true, false, false, context); + Permissions.grantAsUser(packageName, SYSTEM_DIALER_PERMISSIONS, false, false, + true, false, false, user, context); } } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, - @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS()) { - Permissions.revoke(packageName, SYSTEM_DIALER_PERMISSIONS, true, false, false, context); + Permissions.revokeAsUser(packageName, SYSTEM_DIALER_PERMISSIONS, true, false, false, + user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java index 0e28a510a..5bdd5f682 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/HomeRoleBehavior.java @@ -140,56 +140,61 @@ public class HomeRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) { - Permissions.grant(packageName, AUTOMOTIVE_PERMISSIONS, - true, false, true, false, false, context); + Permissions.grantAsUser(packageName, AUTOMOTIVE_PERMISSIONS, + true, false, true, false, false, user, context); } // Before T, ALLOW_SLIPPERY_TOUCHES may either not exist, or may not be a role permission if (isRolePermission(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES, context)) { - Permissions.grant(packageName, + Permissions.grantAsUser(packageName, Arrays.asList(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES), - true, false, true, false, false, context); + true, false, true, false, false, user, context); } if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH)) { if (SdkLevel.isAtLeastT()) { - Permissions.grant(packageName, WEAR_PERMISSIONS_T, - true, false, true, false, false, context); + Permissions.grantAsUser(packageName, WEAR_PERMISSIONS_T, + true, false, true, false, false, user, context); for (String permission : WEAR_APP_OP_PERMISSIONS) { - AppOpPermissions.grant(packageName, permission, true, context); + AppOpPermissions.grantAsUser(packageName, permission, true, user, context); } } if (SdkLevel.isAtLeastV()) { - Permissions.grant(packageName, WEAR_PERMISSIONS_V, - true, false, true, false, false, context); + Permissions.grantAsUser(packageName, WEAR_PERMISSIONS_V, + true, false, true, false, false, user, context); } } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) { - Permissions.revoke(packageName, AUTOMOTIVE_PERMISSIONS, true, false, false, context); + Permissions.revokeAsUser(packageName, AUTOMOTIVE_PERMISSIONS, true, false, false, + user, context); } // Before T, ALLOW_SLIPPERY_TOUCHES may either not exist, or may not be a role permission if (isRolePermission(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES, context)) { - Permissions.revoke(packageName, + Permissions.revokeAsUser(packageName, Arrays.asList(android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES), - true, false, false, context); + true, false, false, user, context); } if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH)) { if (SdkLevel.isAtLeastT()) { - Permissions.revoke(packageName, WEAR_PERMISSIONS_T, true, false, false, context); + Permissions.revokeAsUser(packageName, WEAR_PERMISSIONS_T, true, false, false, + user, context); for (String permission : WEAR_APP_OP_PERMISSIONS) { - AppOpPermissions.revoke(packageName, permission, context); + AppOpPermissions.revokeAsUser(packageName, permission, user, context); } } if (SdkLevel.isAtLeastV()) { - Permissions.revoke(packageName, WEAR_PERMISSIONS_V, true, false, false, context); + Permissions.revokeAsUser(packageName, WEAR_PERMISSIONS_V, true, false, false, + user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java index c6b3841c2..6e5c5c920 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/SmsRoleBehavior.java @@ -19,7 +19,6 @@ package com.android.role.controller.behavior; import android.app.admin.DevicePolicyManager; import android.app.admin.ManagedSubscriptionsPolicy; import android.content.Context; -import android.os.Process; import android.os.UserHandle; import android.os.UserManager; import android.telephony.TelephonyManager; @@ -113,20 +112,21 @@ public class SmsRoleBehavior implements RoleBehavior { } @Override - public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS() && PackageUtils.isSystemPackageAsUser(packageName, user, context)) { - Permissions.grant(packageName, SYSTEM_SMS_PERMISSIONS, false, false, - true, false, false, context); + Permissions.grantAsUser(packageName, SYSTEM_SMS_PERMISSIONS, false, false, true, + false, false, user, context); } } @Override - public void revoke(@NonNull Role role, @NonNull String packageName, - @NonNull Context context) { + public void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (SdkLevel.isAtLeastS()) { - Permissions.revoke(packageName, SYSTEM_SMS_PERMISSIONS, true, false, false, context); + Permissions.revokeAsUser(packageName, SYSTEM_SMS_PERMISSIONS, true, false, false, + user, context); } } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java b/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java index 926592db3..6647a4f94 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java @@ -18,7 +18,6 @@ package com.android.role.controller.model; import android.content.Context; import android.content.pm.ApplicationInfo; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -74,15 +73,16 @@ public class AppOp { * Grant this app op to an application. * * @param packageName the package name of the application + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app mode has changed */ - public boolean grant(@NonNull String packageName, @NonNull Context context) { - if (!checkTargetSdkVersion(packageName, context)) { + public boolean grantAsUser(@NonNull String packageName, @NonNull UserHandle user, + @NonNull Context context) { + if (!checkTargetSdkVersionAsUser(packageName, user, context)) { return false; } - UserHandle user = Process.myUserHandle(); return Permissions.setAppOpUidModeAsUser(packageName, mName, mMode, user, context); } @@ -90,25 +90,27 @@ public class AppOp { * Revoke this app op from an application. * * @param packageName the package name of the application + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app mode has changed */ - public boolean revoke(@NonNull String packageName, @NonNull Context context) { - if (!checkTargetSdkVersion(packageName, context)) { + public boolean revokeAsUser(@NonNull String packageName, @NonNull UserHandle user, + @NonNull Context context) { + if (!checkTargetSdkVersionAsUser(packageName, user, context)) { return false; } int defaultMode = Permissions.getDefaultAppOpMode(mName); - UserHandle user = Process.myUserHandle(); return Permissions.setAppOpUidModeAsUser(packageName, mName, defaultMode, user, context); } - private boolean checkTargetSdkVersion(@NonNull String packageName, @NonNull Context context) { + private boolean checkTargetSdkVersionAsUser(@NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) { if (mMaxTargetSdkVersion == null) { return true; } - ApplicationInfo applicationInfo = PackageUtils.getApplicationInfoAsUser(packageName, - Process.myUserHandle(), context); + ApplicationInfo applicationInfo = PackageUtils.getApplicationInfoAsUser(packageName, user, + context); if (applicationInfo == null) { return false; } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java b/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java index 2e8cbed7e..edd74e31e 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/AppOpPermissions.java @@ -21,7 +21,6 @@ import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.os.Build; -import android.os.Process; import android.os.UserHandle; import androidx.annotation.NonNull; @@ -44,13 +43,13 @@ public class AppOpPermissions { * @param appOpPermission the name of the app op permission * @param overrideNonDefaultMode whether to override the app opp mode if it isn't in the default * mode + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app op mode has changed */ - public static boolean grant(@NonNull String packageName, @NonNull String appOpPermission, - boolean overrideNonDefaultMode, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean grantAsUser(@NonNull String packageName, @NonNull String appOpPermission, + boolean overrideNonDefaultMode, @NonNull UserHandle user, @NonNull Context context) { PackageInfo packageInfo = PackageUtils.getPackageInfoAsUser(packageName, PackageManager.GET_PERMISSIONS, user, context); if (packageInfo == null) { @@ -80,13 +79,13 @@ public class AppOpPermissions { * * @param packageName the package name of the application * @param appOpPermission the name of the app op permission + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any app op mode has changed */ - public static boolean revoke(@NonNull String packageName, @NonNull String appOpPermission, - @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean revokeAsUser(@NonNull String packageName, @NonNull String appOpPermission, + @NonNull UserHandle user, @NonNull Context context) { if (!Permissions.isPermissionGrantedByRoleAsUser(packageName, appOpPermission, user, context)) { return false; diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java index 76de27651..8a15612b9 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java @@ -24,7 +24,6 @@ import android.content.pm.PackageManager; import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.os.Build; -import android.os.Process; import android.os.UserHandle; import android.permission.PermissionManager; import android.util.ArrayMap; @@ -90,6 +89,7 @@ public class Permissions { * @param setGrantedByRole whether the permissions will be granted as granted-by-role * @param setGrantedByDefault whether the permissions will be granted as granted-by-default * @param setSystemFixed whether the permissions will be granted as system-fixed + * @param user the user of the application * @param context the {@code Context} to retrieve system services * * @return whether any permission or app op changed @@ -97,11 +97,10 @@ public class Permissions { * @see com.android.server.pm.permission.DefaultPermissionGrantPolicy#grantRuntimePermissions( * PackageInfo, java.util.Set, boolean, boolean, int) */ - public static boolean grant(@NonNull String packageName, @NonNull List<String> permissions, - boolean overrideDisabledSystemPackage, boolean overrideUserSetAndFixed, - boolean setGrantedByRole, boolean setGrantedByDefault, boolean setSystemFixed, - @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean grantAsUser(@NonNull String packageName, + @NonNull List<String> permissions, boolean overrideDisabledSystemPackage, + boolean overrideUserSetAndFixed, boolean setGrantedByRole, boolean setGrantedByDefault, + boolean setSystemFixed, @NonNull UserHandle user, @NonNull Context context) { if (setGrantedByRole == setGrantedByDefault) { throw new IllegalArgumentException("Permission must be either granted by role, or" + " granted by default, but not both"); @@ -144,8 +143,8 @@ public class Permissions { // apps, (default grants on first boot and user creation) we don't grant default // permissions if the version on the system image does not declare them. if (!overrideDisabledSystemPackage && isUpdatedSystemApp(packageInfo)) { - PackageInfo disabledSystemPackageInfo = getFactoryPackageInfoAsUser(packageName, - user, context); + PackageInfo disabledSystemPackageInfo = getFactoryPackageInfoAsUser(packageName, user, + context); if (disabledSystemPackageInfo != null) { if (ArrayUtils.isEmpty(disabledSystemPackageInfo.requestedPermissions)) { return false; @@ -179,9 +178,10 @@ public class Permissions { boolean permissionOrAppOpChanged = false; - PackageManager packageManager = context.getPackageManager(); + Context userContext = UserUtils.getUserContext(context, user); + PackageManager userPackageManager = userContext.getPackageManager(); Set<String> whitelistedRestrictedPermissions = new ArraySet<>( - packageManager.getWhitelistedRestrictedPermissions(packageName, + userPackageManager.getWhitelistedRestrictedPermissions(packageName, PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM)); int sortedPermissionsToGrantLength = sortedPermissionsToGrant.length; @@ -190,7 +190,7 @@ public class Permissions { if (isRestrictedPermission(permission, context) && whitelistedRestrictedPermissions.add(permission)) { - packageManager.addWhitelistedRestrictedPermission(packageName, permission, + userPackageManager.addWhitelistedRestrictedPermission(packageName, permission, PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM); } @@ -393,16 +393,17 @@ public class Permissions { * @param onlyIfGrantedByDefault revoke the permission only if it is granted by default * @param overrideSystemFixed whether system-fixed permissions can be revoked * @param context the {@code Context} to retrieve system services + * @param user the user of the application * * @return whether any permission or app op changed * * @see com.android.server.pm.permission.DefaultPermissionGrantPolicy#revokeRuntimePermissions( * String, java.util.Set, boolean, int) */ - public static boolean revoke(@NonNull String packageName, @NonNull List<String> permissions, - boolean onlyIfGrantedByRole, boolean onlyIfGrantedByDefault, - boolean overrideSystemFixed, @NonNull Context context) { - UserHandle user = Process.myUserHandle(); + public static boolean revokeAsUser(@NonNull String packageName, + @NonNull List<String> permissions, boolean onlyIfGrantedByRole, + boolean onlyIfGrantedByDefault, boolean overrideSystemFixed, @NonNull UserHandle user, + @NonNull Context context) { PackageInfo packageInfo = getPackageInfoAsUser(packageName, user, context); if (packageInfo == null) { return false; @@ -437,9 +438,10 @@ public class Permissions { } } - PackageManager packageManager = context.getPackageManager(); + Context userContext = UserUtils.getUserContext(context, user); + PackageManager userPackageManager = userContext.getPackageManager(); Set<String> whitelistedRestrictedPermissions = - packageManager.getWhitelistedRestrictedPermissions(packageName, + userPackageManager.getWhitelistedRestrictedPermissions(packageName, PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM | PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE | PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER); @@ -457,7 +459,7 @@ public class Permissions { // Remove from the system whitelist only if not granted by default. if (!isPermissionGrantedByDefaultAsUser(packageName, permission, user, context) && whitelistedRestrictedPermissions.remove(permission)) { - packageManager.removeWhitelistedRestrictedPermission(packageName, permission, + userPackageManager.removeWhitelistedRestrictedPermission(packageName, permission, PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/PreferredActivity.java b/PermissionController/role-controller/java/com/android/role/controller/model/PreferredActivity.java index 438bdbdea..7ea7de046 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/PreferredActivity.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/PreferredActivity.java @@ -22,10 +22,12 @@ import android.content.Intent; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; -import android.os.Process; +import android.os.UserHandle; import androidx.annotation.NonNull; +import com.android.role.controller.util.UserUtils; + import java.util.ArrayList; import java.util.List; import java.util.Objects; @@ -68,18 +70,21 @@ public class PreferredActivity { * Configure this preferred activity specification for an application. * * @param packageName the package name of the application + * @param user the user of the application * @param context the {@code Context} to retrieve system services */ - public void configure(@NonNull String packageName, @NonNull Context context) { + public void configureAsUser(@NonNull String packageName, @NonNull UserHandle user, + @NonNull Context context) { ComponentName packageActivity = mActivity.getQualifyingComponentForPackageAsUser( - packageName, Process.myUserHandle(), context); + packageName, user, context); if (packageActivity == null) { // We might be running into some race condition here, but we can't do anything about it. // This should be handled by a future reconciliation started by the package change. return; } - PackageManager packageManager = context.getPackageManager(); + Context userContext = UserUtils.getUserContext(context, user); + PackageManager userPackageManager = userContext.getPackageManager(); int intentFilterDatasSize = mIntentFilterDatas.size(); for (int i = 0; i < intentFilterDatasSize; i++) { IntentFilterData intentFilterData = mIntentFilterDatas.get(i); @@ -93,7 +98,7 @@ public class PreferredActivity { ? IntentFilter.MATCH_CATEGORY_SCHEME : IntentFilter.MATCH_CATEGORY_EMPTY; Intent intent = intentFilterData.createIntent(); - List<ResolveInfo> resolveInfos = packageManager.queryIntentActivities(intent, + List<ResolveInfo> resolveInfos = userPackageManager.queryIntentActivities(intent, PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE | PackageManager.MATCH_DEFAULT_ONLY); @@ -108,7 +113,7 @@ public class PreferredActivity { set.add(componentName); } - packageManager.replacePreferredActivity(intentFilter, match, set, packageActivity); + userPackageManager.replacePreferredActivity(intentFilter, match, set, packageActivity); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index 456929965..536bcc912 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -26,7 +26,6 @@ import android.content.pm.SharedLibraryInfo; import android.content.pm.Signature; import android.content.res.Resources; import android.os.Build; -import android.os.Process; import android.os.UserHandle; import android.text.TextUtils; import android.util.ArrayMap; @@ -776,42 +775,42 @@ public class Role { * @param packageName the package name of the application to be granted this role to * @param dontKillApp whether this application should not be killed despite changes * @param overrideUser whether to override user when granting privileges + * @param user the user of the application * @param context the {@code Context} to retrieve system services */ - public void grant(@NonNull String packageName, boolean dontKillApp, - boolean overrideUser, @NonNull Context context) { - boolean permissionOrAppOpChanged = Permissions.grant(packageName, + public void grantAsUser(@NonNull String packageName, boolean dontKillApp, + boolean overrideUser, @NonNull UserHandle user, @NonNull Context context) { + boolean permissionOrAppOpChanged = Permissions.grantAsUser(packageName, Permissions.filterBySdkVersion(mPermissions), SdkLevel.isAtLeastS() ? !mSystemOnly : true, overrideUser, true, false, false, - context); + user, context); List<String> appOpPermissionsToGrant = Permissions.filterBySdkVersion(mAppOpPermissions); int appOpPermissionsSize = appOpPermissionsToGrant.size(); for (int i = 0; i < appOpPermissionsSize; i++) { String appOpPermission = appOpPermissionsToGrant.get(i); - AppOpPermissions.grant(packageName, appOpPermission, overrideUser, context); + AppOpPermissions.grantAsUser(packageName, appOpPermission, overrideUser, user, context); } int appOpsSize = mAppOps.size(); for (int i = 0; i < appOpsSize; i++) { AppOp appOp = mAppOps.get(i); - appOp.grant(packageName, context); + appOp.grantAsUser(packageName, user, context); } int preferredActivitiesSize = mPreferredActivities.size(); for (int i = 0; i < preferredActivitiesSize; i++) { PreferredActivity preferredActivity = mPreferredActivities.get(i); - preferredActivity.configure(packageName, context); + preferredActivity.configureAsUser(packageName, user, context); } if (mBehavior != null) { - mBehavior.grant(this, packageName, context); + mBehavior.grantAsUser(this, packageName, user, context); } if (!dontKillApp && permissionOrAppOpChanged - && !Permissions.isRuntimePermissionsSupportedAsUser(packageName, - Process.myUserHandle(), context)) { - killAppAsUser(packageName, Process.myUserHandle(), context); + && !Permissions.isRuntimePermissionsSupportedAsUser(packageName, user, context)) { + killAppAsUser(packageName, user, context); } } @@ -821,12 +820,15 @@ public class Role { * @param packageName the package name of the application to be granted this role to * @param dontKillApp whether this application should not be killed despite changes * @param overrideSystemFixedPermissions whether system-fixed permissions can be revoked + * @param user the user of the role * @param context the {@code Context} to retrieve system services */ - public void revoke(@NonNull String packageName, boolean dontKillApp, - boolean overrideSystemFixedPermissions, @NonNull Context context) { - RoleManager roleManager = context.getSystemService(RoleManager.class); - List<String> otherRoleNames = roleManager.getHeldRolesFromController(packageName); + public void revokeAsUser(@NonNull String packageName, boolean dontKillApp, + boolean overrideSystemFixedPermissions, @NonNull UserHandle user, + @NonNull Context context) { + Context userContext = UserUtils.getUserContext(context, user); + RoleManager userRoleManager = userContext.getSystemService(RoleManager.class); + List<String> otherRoleNames = userRoleManager.getHeldRolesFromController(packageName); otherRoleNames.remove(mName); List<String> permissionsToRevoke = Permissions.filterBySdkVersion(mPermissions); @@ -838,8 +840,8 @@ public class Role { permissionsToRevoke.removeAll(Permissions.filterBySdkVersion(role.mPermissions)); } - boolean permissionOrAppOpChanged = Permissions.revoke(packageName, permissionsToRevoke, - true, false, overrideSystemFixedPermissions, context); + boolean permissionOrAppOpChanged = Permissions.revokeAsUser(packageName, + permissionsToRevoke, true, false, overrideSystemFixedPermissions, user, context); List<String> appOpPermissionsToRevoke = Permissions.filterBySdkVersion(mAppOpPermissions); for (int i = 0; i < otherRoleNamesSize; i++) { @@ -851,7 +853,7 @@ public class Role { int appOpPermissionsSize = appOpPermissionsToRevoke.size(); for (int i = 0; i < appOpPermissionsSize; i++) { String appOpPermission = appOpPermissionsToRevoke.get(i); - AppOpPermissions.revoke(packageName, appOpPermission, context); + AppOpPermissions.revokeAsUser(packageName, appOpPermission, user, context); } List<AppOp> appOpsToRevoke = new ArrayList<>(mAppOps); @@ -863,7 +865,7 @@ public class Role { int appOpsSize = appOpsToRevoke.size(); for (int i = 0; i < appOpsSize; i++) { AppOp appOp = appOpsToRevoke.get(i); - appOp.revoke(packageName, context); + appOp.revokeAsUser(packageName, user, context); } // TODO: Revoke preferred activities? But this is unnecessary for most roles using it as @@ -872,11 +874,11 @@ public class Role { // wrong thing when we are removing a exclusive role holder for adding another. if (mBehavior != null) { - mBehavior.revoke(this, packageName, context); + mBehavior.revokeAsUser(this, packageName, user, context); } if (!dontKillApp && permissionOrAppOpChanged) { - killAppAsUser(packageName, Process.myUserHandle(), context); + killAppAsUser(packageName, user, context); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java index 6f86f6858..34d2282a7 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/RoleBehavior.java @@ -90,15 +90,16 @@ public interface RoleBehavior { } /** - * @see Role#grant(String, boolean, boolean, boolean, Context) + * @see Role#grantAsUser(String, boolean, boolean, UserHandle, Context) */ - default void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {} + default void grantAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) {} /** - * @see Role#revoke(String, boolean, boolean, Context) + * @see Role#revokeAsUser(String, boolean, boolean, UserHandle, Context) */ - default void revoke(@NonNull Role role, @NonNull String packageName, - @NonNull Context context) {} + default void revokeAsUser(@NonNull Role role, @NonNull String packageName, + @NonNull UserHandle user, @NonNull Context context) {} /** * @see Role#onHolderSelectedAsUser(String, UserHandle, Context) |