Merge "Allow recents components to register/unregister system action."

2020-01-29 23:47:35 +00:00
parent 603f29f219 6b62158ad5
commit 1709c9fca8
4 changed files with 43 additions and 8 deletions
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -664,7 +664,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
     */
    @Override
    public void registerSystemAction(RemoteAction action, int actionId) {
-        mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY,
+        mSecurityPolicy.enforceCallerIsRecentsOrHasPermission(
+                Manifest.permission.MANAGE_ACCESSIBILITY,
                FUNCTION_REGISTER_SYSTEM_ACTION);
        mSystemActionPerformer.registerSystemAction(actionId, action);
    }
@@ -676,7 +677,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub
     */
    @Override
    public void unregisterSystemAction(int actionId) {
-        mSecurityPolicy.enforceCallingPermission(Manifest.permission.MANAGE_ACCESSIBILITY,
+        mSecurityPolicy.enforceCallerIsRecentsOrHasPermission(
+                Manifest.permission.MANAGE_ACCESSIBILITY,
                FUNCTION_UNREGISTER_SYSTEM_ACTION);
        mSystemActionPerformer.unregisterSystemAction(actionId);
    }
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilitySecurityPolicy.java
@@ -38,6 +38,8 @@ import android.util.Slog;
 import android.view.accessibility.AccessibilityEvent;

 import com.android.internal.util.ArrayUtils;
+import com.android.server.LocalServices;
+import com.android.server.wm.ActivityTaskManagerInternal;

 import libcore.util.EmptyArray;

@@ -86,6 +88,7 @@ public class AccessibilitySecurityPolicy {

    private final AccessibilityUserManager mAccessibilityUserManager;
    private AccessibilityWindowManager mAccessibilityWindowManager;
+    private final ActivityTaskManagerInternal mAtmInternal;

    /**
     * Constructor for AccessibilityManagerService.
@@ -97,6 +100,7 @@ public class AccessibilitySecurityPolicy {
        mPackageManager = mContext.getPackageManager();
        mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
        mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
+        mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class);
    }

    /**
@@ -563,4 +567,13 @@ public class AccessibilitySecurityPolicy {
                    + permission);
        }
    }
+
+    /**
+     * Enforcing permission check to IPC caller or grant it if it's recents.
+     *
+     * @param permission The permission to check
+     */
+    public void enforceCallerIsRecentsOrHasPermission(@NonNull String permission, String func) {
+        mAtmInternal.enforceCallerIsRecentsOrHasPermission(permission, func);
+    }
 }
--- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilityManagerServiceTest.java
@@ -145,9 +145,10 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase {

    @SmallTest
    public void testRegisterSystemActionWithoutPermission() throws Exception {
-        doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission(
-                Manifest.permission.MANAGE_ACCESSIBILITY,
-                AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION);
+        doThrow(SecurityException.class).when(mMockSecurityPolicy)
+                .enforceCallerIsRecentsOrHasPermission(
+                        Manifest.permission.MANAGE_ACCESSIBILITY,
+                        AccessibilityManagerService.FUNCTION_REGISTER_SYSTEM_ACTION);

        try {
            mA11yms.registerSystemAction(TEST_ACTION, ACTION_ID);
@@ -165,9 +166,10 @@ public class AccessibilityManagerServiceTest extends AndroidTestCase {

    @SmallTest
    public void testUnregisterSystemActionWithoutPermission() throws Exception {
-        doThrow(SecurityException.class).when(mMockSecurityPolicy).enforceCallingPermission(
-                Manifest.permission.MANAGE_ACCESSIBILITY,
-                AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION);
+        doThrow(SecurityException.class).when(mMockSecurityPolicy)
+                .enforceCallerIsRecentsOrHasPermission(
+                        Manifest.permission.MANAGE_ACCESSIBILITY,
+                        AccessibilityManagerService.FUNCTION_UNREGISTER_SYSTEM_ACTION);

        try {
            mA11yms.unregisterSystemAction(ACTION_ID);
--- a/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
+++ b/services/tests/servicestests/src/com/android/server/accessibility/AccessibilitySecurityPolicyTest.java
@@ -47,6 +47,9 @@ import android.util.ArraySet;
 import android.view.accessibility.AccessibilityEvent;
 import android.view.accessibility.AccessibilityWindowInfo;

+import com.android.server.LocalServices;
+import com.android.server.wm.ActivityTaskManagerInternal;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -67,6 +70,9 @@ public class AccessibilitySecurityPolicyTest {
    private static final int WINDOWID2 = 0x000b;
    private static final int APP_UID = 10400;

+    private static final String PERMISSION = "test-permission";
+    private static final String FUNCTION = "test-function-name";
+
    private static final int[] ALWAYS_DISPATCH_EVENTS = {
            AccessibilityEvent.TYPE_WINDOW_STATE_CHANGED,
            AccessibilityEvent.TYPE_NOTIFICATION_STATE_CHANGED,
@@ -111,6 +117,7 @@ public class AccessibilitySecurityPolicyTest {
    @Mock private AccessibilityWindowManager mMockA11yWindowManager;
    @Mock private AppWidgetManagerInternal mMockAppWidgetManager;
    @Mock private AccessibilitySecurityPolicy.AccessibilityUserManager mMockA11yUserManager;
+    @Mock private ActivityTaskManagerInternal mMockActivityTaskManagerInternal;

    @Before
    public void setUp() {
@@ -119,6 +126,10 @@ public class AccessibilitySecurityPolicyTest {
        when(mMockContext.getSystemService(Context.USER_SERVICE)).thenReturn(mMockUserManager);
        when(mMockContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mMockAppOpsManager);

+        LocalServices.removeServiceForTest(ActivityTaskManagerInternal.class);
+        LocalServices.addService(
+                ActivityTaskManagerInternal.class, mMockActivityTaskManagerInternal);
+
        mA11ySecurityPolicy = new AccessibilitySecurityPolicy(mMockContext, mMockA11yUserManager);
        mA11ySecurityPolicy.setAccessibilityWindowManager(mMockA11yWindowManager);
        mA11ySecurityPolicy.setAppWidgetManager(mMockAppWidgetManager);
@@ -469,4 +480,11 @@ public class AccessibilitySecurityPolicyTest {
        verify(mMockAppOpsManager).noteOpNoThrow(AppOpsManager.OPSTR_ACCESS_ACCESSIBILITY,
                APP_UID, PACKAGE_NAME);
    }
+
+    @Test
+    public void testEnforceCallerIsRecentsOrHasPermission() {
+        mA11ySecurityPolicy.enforceCallerIsRecentsOrHasPermission(PERMISSION, FUNCTION);
+        verify(mMockActivityTaskManagerInternal).enforceCallerIsRecentsOrHasPermission(
+                PERMISSION, FUNCTION);
+    }
 }