Added a new set of permissions for DeviceConfig API.

Permissions READ_DEVICE_CONFIG and WRITE_DEVICE_CONFIG are required to use DeviceConfig API. Actual checks for new permissions are not added as we are waiting for gmscore to include them into manifest. Also added "configurator" protection flag. Test: atest FrameworksCoreTests:DeviceConfigTest atest FrameworksCoreTests:SettingsProviderTest atest SettingsProviderTest:DeviceConfigServiceTest Bug:109919982 Bug:113100523 Bug:113101834 Bug:117663715 Change-Id: I66c256b57c5491201c6c7834620a287b6c81c23c
2018-12-28 15:34:23 +00:00
parent 64e9cd30b3
commit 596437fd4e
16 changed files with 73 additions and 7 deletions
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -127,6 +127,7 @@ package android {
    field public static final java.lang.String QUERY_TIME_ZONE_RULES = "android.permission.QUERY_TIME_ZONE_RULES";
    field public static final java.lang.String READ_CELL_BROADCASTS = "android.permission.READ_CELL_BROADCASTS";
    field public static final java.lang.String READ_CONTENT_RATING_SYSTEMS = "android.permission.READ_CONTENT_RATING_SYSTEMS";
+    field public static final java.lang.String READ_DEVICE_CONFIG = "android.permission.READ_DEVICE_CONFIG";
    field public static final java.lang.String READ_DREAM_STATE = "android.permission.READ_DREAM_STATE";
    field public static final java.lang.String READ_INSTALL_SESSIONS = "android.permission.READ_INSTALL_SESSIONS";
    field public static final java.lang.String READ_NETWORK_USAGE_HISTORY = "android.permission.READ_NETWORK_USAGE_HISTORY";
@@ -182,6 +183,7 @@ package android {
    field public static final java.lang.String UPDATE_TIME_ZONE_RULES = "android.permission.UPDATE_TIME_ZONE_RULES";
    field public static final java.lang.String USER_ACTIVITY = "android.permission.USER_ACTIVITY";
    field public static final java.lang.String USE_RESERVED_DISK = "android.permission.USE_RESERVED_DISK";
+    field public static final java.lang.String WRITE_DEVICE_CONFIG = "android.permission.WRITE_DEVICE_CONFIG";
    field public static final java.lang.String WRITE_DREAM_STATE = "android.permission.WRITE_DREAM_STATE";
    field public static final java.lang.String WRITE_EMBEDDED_SUBSCRIPTIONS = "android.permission.WRITE_EMBEDDED_SUBSCRIPTIONS";
    field public static final java.lang.String WRITE_MEDIA_STORAGE = "android.permission.WRITE_MEDIA_STORAGE";
@@ -1347,6 +1349,7 @@ package android.content.pm {

  public class PermissionInfo extends android.content.pm.PackageItemInfo implements android.os.Parcelable {
    field public static final int FLAG_REMOVED = 2; // 0x2
+    field public static final int PROTECTION_FLAG_CONFIGURATOR = 524288; // 0x80000
    field public static final int PROTECTION_FLAG_DOCUMENTER = 262144; // 0x40000
    field public static final int PROTECTION_FLAG_OEM = 16384; // 0x4000
    field public static final int PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER = 65536; // 0x10000
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -374,6 +374,7 @@ package android.content.pm {
  }

  public class PermissionInfo extends android.content.pm.PackageItemInfo implements android.os.Parcelable {
+    field public static final int PROTECTION_FLAG_CONFIGURATOR = 524288; // 0x80000
    field public static final int PROTECTION_FLAG_DOCUMENTER = 262144; // 0x40000
    field public static final int PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER = 65536; // 0x10000
    field public static final int PROTECTION_FLAG_VENDOR_PRIVILEGED = 32768; // 0x8000
--- a/core/java/android/content/pm/PackageManagerInternal.java
+++ b/core/java/android/content/pm/PackageManagerInternal.java
@@ -55,6 +55,7 @@ public abstract class PackageManagerInternal {
    public static final int PACKAGE_PERMISSION_CONTROLLER = 6;
    public static final int PACKAGE_WELLBEING = 7;
    public static final int PACKAGE_DOCUMENTER = 8;
+    public static final int PACKAGE_CONFIGURATOR = 9;
    @IntDef(value = {
        PACKAGE_SYSTEM,
        PACKAGE_SETUP_WIZARD,
@@ -65,6 +66,7 @@ public abstract class PackageManagerInternal {
        PACKAGE_PERMISSION_CONTROLLER,
        PACKAGE_WELLBEING,
        PACKAGE_DOCUMENTER,
+        PACKAGE_CONFIGURATOR,
    })
    @Retention(RetentionPolicy.SOURCE)
    public @interface KnownPackage {}
--- a/core/java/android/content/pm/PermissionInfo.java
+++ b/core/java/android/content/pm/PermissionInfo.java
@@ -202,6 +202,16 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
    @TestApi
    public static final int PROTECTION_FLAG_DOCUMENTER = 0x40000;

+    /**
+     * Additional flag for {@link #protectionLevel}, corresponding to the
+     * {@code configurator} value of {@link android.R.attr#protectionLevel}.
+     *
+     * @hide
+     */
+    @SystemApi
+    @TestApi
+    public static final int PROTECTION_FLAG_CONFIGURATOR = 0x80000;
+

    /** @hide */
    @IntDef(flag = true, prefix = { "PROTECTION_FLAG_" }, value = {
@@ -221,6 +231,7 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
            PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER,
            PROTECTION_FLAG_WELLBEING,
            PROTECTION_FLAG_DOCUMENTER,
+            PROTECTION_FLAG_CONFIGURATOR,
    })
    @Retention(RetentionPolicy.SOURCE)
    public @interface ProtectionFlags {}
@@ -416,6 +427,9 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
        if ((level & PermissionInfo.PROTECTION_FLAG_DOCUMENTER) != 0) {
            protLevel += "|documenter";
        }
+        if ((level & PROTECTION_FLAG_CONFIGURATOR) != 0) {
+            protLevel += "|configurator";
+        }
        return protLevel;
    }

--- a/core/java/android/provider/DeviceConfig.java
+++ b/core/java/android/provider/DeviceConfig.java
@@ -16,9 +16,13 @@

 package android.provider;

+import static android.Manifest.permission.READ_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+
 import android.annotation.CallbackExecutor;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.annotation.RequiresPermission;
 import android.annotation.SystemApi;
 import android.app.ActivityThread;
 import android.content.ContentResolver;
@@ -69,6 +73,7 @@ public final class DeviceConfig {
     * @hide
     */
    @SystemApi
+    @RequiresPermission(READ_DEVICE_CONFIG)
    public static String getProperty(String namespace, String name) {
        ContentResolver contentResolver = ActivityThread.currentApplication().getContentResolver();
        String compositeName = createCompositeName(namespace, name);
@@ -96,6 +101,7 @@ public final class DeviceConfig {
     * @hide
     */
    @SystemApi
+    @RequiresPermission(WRITE_DEVICE_CONFIG)
    public static boolean setProperty(
            String namespace, String name, String value, boolean makeDefault) {
        ContentResolver contentResolver = ActivityThread.currentApplication().getContentResolver();
@@ -116,6 +122,7 @@ public final class DeviceConfig {
     * @hide
     */
    @SystemApi
+    @RequiresPermission(WRITE_DEVICE_CONFIG)
    public static void resetToDefaults(@ResetMode int resetMode, @Nullable String namespace) {
        ContentResolver contentResolver = ActivityThread.currentApplication().getContentResolver();
        Settings.Config.resetToDefaults(contentResolver, resetMode, namespace);
@@ -137,10 +144,12 @@ public final class DeviceConfig {
     * @hide
     */
    @SystemApi
+    @RequiresPermission(READ_DEVICE_CONFIG)
    public static void addOnPropertyChangedListener(
            @NonNull String namespace,
            @NonNull @CallbackExecutor Executor executor,
            @NonNull OnPropertyChangedListener onPropertyChangedListener) {
+        // TODO enforce READ_DEVICE_CONFIG permission
        synchronized (sLock) {
            Pair<String, Executor> oldNamespace = sListeners.get(onPropertyChangedListener);
            if (oldNamespace == null) {
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -14041,7 +14041,7 @@ public final class Settings {
         *
         * @hide
         */
-        // TODO(b/117663715): require a new read permission
+        @RequiresPermission(Manifest.permission.READ_DEVICE_CONFIG)
        static String getString(ContentResolver resolver, String name) {
            return sNameValueCache.getStringForUser(resolver, name, resolver.getUserId());
        }
@@ -14064,8 +14064,7 @@ public final class Settings {
         *
         * @hide
         */
-        // TODO(b/117663715): require a new write permission restricted to a single source
-        @RequiresPermission(Manifest.permission.WRITE_SECURE_SETTINGS)
+        @RequiresPermission(Manifest.permission.WRITE_DEVICE_CONFIG)
        static boolean putString(@NonNull ContentResolver resolver, @NonNull String name,
                @Nullable String value, boolean makeDefault) {
            return sNameValueCache.putStringForUser(resolver, name, value, null, makeDefault,
@@ -14087,7 +14086,7 @@ public final class Settings {
         * @hide
         */
        // TODO(b/117663715): require a new write permission restricted to a single source
-        @RequiresPermission(Manifest.permission.WRITE_SECURE_SETTINGS)
+        @RequiresPermission(Manifest.permission.WRITE_DEVICE_CONFIG)
        static void resetToDefaults(@NonNull ContentResolver resolver, @ResetMode int resetMode,
                @Nullable String prefix) {
            try {
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2526,6 +2526,16 @@
    <permission android:name="android.permission.WRITE_GSERVICES"
        android:protectionLevel="signature|privileged" />

+    <!-- @SystemApi @hide Allows an application to modify config settings.
+    <p>Not for use by third-party applications. -->
+    <permission android:name="android.permission.WRITE_DEVICE_CONFIG"
+        android:protectionLevel="signature|configurator"/>
+
+    <!-- @SystemApi @hide Allows an application to read config settings.
+    <p>Not for use by third-party applications. -->
+    <permission android:name="android.permission.READ_DEVICE_CONFIG"
+        android:protectionLevel="signature|preinstalled" />
+
    <!-- @SystemApi @TestApi Allows an application to call
        {@link android.app.ActivityManager#forceStopPackage}.
        @hide -->
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -274,6 +274,9 @@
        <!-- Additional flag from base permission type: this permission can be automatically
            granted to the document manager -->
        <flag name="documenter" value="0x40000" />
+        <!-- Additional flag from base permission type: this permission automatically
+            granted to device configurator -->
+        <flag name="configurator" value="0x80000" />
    </attr>

    <!-- Flags indicating more context for a permission group. -->
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -2761,6 +2761,9 @@
    <!-- Flag indicating which package name can access the persistent data partition -->
    <string name="config_persistentDataPackageName" translatable="false"></string>

+    <!-- Flag indicating which package name can access DeviceConfig table -->
+    <string name="config_deviceConfiguratorPackageName" translatable="false"></string>
+
    <!-- Flag indicating apps will skip sending hold request before merge. In this case
        IMS service implementation will do both.i.e.hold followed by merge. -->
    <bool name="skipHoldBeforeMerge">true</bool>
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -2139,6 +2139,7 @@
  <java-symbol type="string" name="config_carrierAppInstallDialogComponent" />
  <java-symbol type="string" name="config_defaultNetworkScorerPackageName" />
  <java-symbol type="string" name="config_persistentDataPackageName" />
+  <java-symbol type="string" name="config_deviceConfiguratorPackageName" />

  <java-symbol type="layout" name="resolver_list" />
  <java-symbol type="id" name="resolver_list" />
--- a/core/tests/coretests/AndroidManifest.xml
+++ b/core/tests/coretests/AndroidManifest.xml
@@ -56,6 +56,7 @@
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.INJECT_EVENTS" />
    <uses-permission android:name="android.permission.READ_CONTACTS" />
+    <uses-permission android:name="android.permission.READ_DEVICE_CONFIG" />
    <uses-permission android:name="android.permission.READ_DREAM_STATE" />
    <uses-permission android:name="android.permission.WRITE_DREAM_STATE" />
    <uses-permission android:name="android.permission.READ_LOGS"/>
@@ -65,6 +66,7 @@
    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
    <uses-permission android:name="android.permission.WAKE_LOCK" />
    <uses-permission android:name="android.permission.WRITE_CONTACTS" />
+    <uses-permission android:name="android.permission.WRITE_DEVICE_CONFIG" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.WRITE_SETTINGS" />
    <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -1052,7 +1052,7 @@ public class SettingsProvider extends ContentProvider {
        }

        // TODO(b/117663715): Ensure the caller can access the setting.
-        // enforceSettingReadable(name, SETTINGS_TYPE_CONFIG, UserHandle.getCallingUserId());
+        // enforceReadPermission(READ_DEVICE_CONFIG);

        // Get the value.
        synchronized (mLock) {
@@ -1088,8 +1088,9 @@ public class SettingsProvider extends ContentProvider {

    private boolean mutateConfigSetting(String name, String value, String prefix,
            boolean makeDefault, int operation, int mode) {
-        // TODO(b/117663715): check the new permission when it's added.
-        // enforceWritePermission(Manifest.permission.WRITE_SECURE_SETTINGS);
+
+        // TODO(b/117663715): Ensure the caller can access the setting.
+        // enforceReadPermission(WRITE_DEVICE_CONFIG);

        // Perform the mutation.
        synchronized (mLock) {
--- a/packages/SettingsProvider/test/AndroidManifest.xml
+++ b/packages/SettingsProvider/test/AndroidManifest.xml
@@ -20,6 +20,8 @@
    <uses-sdk android:minSdkVersion="21" android:targetSdkVersion="21" />

    <uses-permission android:name="android.permission.WRITE_SETTINGS"/>
+    <uses-permission android:name="android.permission.WRITE_DEVICE_CONFIG"/>
+    <uses-permission android:name="android.permission.READ_DEVICE_CONFIG"/>
    <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL"/>
    <uses-permission android:name="android.permission.MANAGE_USERS"/>
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -1338,6 +1338,7 @@ public class PackageManagerService extends IPackageManager.Stub
    final @Nullable String mSystemTextClassifierPackage;
    final @Nullable String mWellbeingPackage;
    final @Nullable String mDocumenterPackage;
+    final @Nullable String mConfiguratorPackage;
    final @NonNull String mServicesSystemSharedLibraryPackageName;
    final @NonNull String mSharedSystemSharedLibraryPackageName;

@@ -2861,6 +2862,8 @@ public class PackageManagerService extends IPackageManager.Stub

            mWellbeingPackage = getWellbeingPackageName();
            mDocumenterPackage = getDocumenterPackageName();
+            mConfiguratorPackage =
+                    mContext.getString(R.string.config_deviceConfiguratorPackageName);

            // Now that we know all of the shared libraries, update all clients to have
            // the correct library paths.
@@ -23109,6 +23112,8 @@ public class PackageManagerService extends IPackageManager.Stub
                    return mWellbeingPackage;
                case PackageManagerInternal.PACKAGE_DOCUMENTER:
                    return mDocumenterPackage;
+                case PackageManagerInternal.PACKAGE_CONFIGURATOR:
+                    return mConfiguratorPackage;
            }
            return null;
        }
--- a/services/core/java/com/android/server/pm/permission/BasePermission.java
+++ b/services/core/java/com/android/server/pm/permission/BasePermission.java
@@ -247,6 +247,10 @@ public final class BasePermission {
    public boolean isDocumenter() {
        return (protectionLevel & PermissionInfo.PROTECTION_FLAG_DOCUMENTER) != 0;
    }
+    public boolean isConfigurator() {
+        return (protectionLevel & PermissionInfo.PROTECTION_FLAG_CONFIGURATOR)
+            != 0;
+    }

    public void transfer(@NonNull String origPackageName, @NonNull String newPackageName) {
        if (!origPackageName.equals(sourcePackageName)) {
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1640,6 +1640,13 @@ public class PermissionManagerService {
                // Special permissions for the system default text classifier.
                allowed = true;
            }
+            if (!allowed && bp.isConfigurator()
+                    && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(
+                    PackageManagerInternal.PACKAGE_CONFIGURATOR,
+                    UserHandle.USER_SYSTEM))) {
+                // Special permissions for the device configurator.
+                allowed = true;
+            }
            if (!allowed && bp.isWellbeing()
                    && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(
                    PackageManagerInternal.PACKAGE_WELLBEING, UserHandle.USER_SYSTEM))) {