Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[DO NOT MERGE] Copy PermissionChecker from support lib and use in RcognitionService

Browse Source 
Fixes: 73511076, 73311729
Test: presubmit
Change-Id: Ie98f67ffee4744050ac85d8b229370a16a76a194
(cherry picked from commit 726b51a26e)
This commit is contained in:
Eugene Susla
2018-02-22 10:39:34 -08:00
parent eaa093272e
commit 5a28e533fe
2 changed files with 176 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
core/java/android/content/PermissionChecker.java Normal file
View File

@@ -0,0 +1,173 @@
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.content;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.AppOpsManager;
import android.content.pm.PackageManager;
import android.os.Binder;
import android.os.Process;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
/**
* This class provides permission check APIs that verify both the
* permission and the associated app op for this permission if
* such is defined.
* <p>
* In the new permission model permissions with protection level
* dangerous are runtime permissions. For apps targeting {@link android.os.Build.VERSION_CODES#M}
* and above the user may not grant such permissions or revoke
* them at any time. For apps targeting API lower than {@link android.os.Build.VERSION_CODES#M}
* these permissions are always granted as such apps do not expect
* permission revocations and would crash. Therefore, when the
* user disables a permission for a legacy app in the UI the
* platform disables the APIs guarded by this permission making
* them a no-op which is doing nothing or returning an empty
* result or default error.
* </p>
* <p>
* It is important that when you perform an operation on behalf of
* another app you use these APIs to check for permissions as the
* app may be a legacy app that does not participate in the new
* permission model for which the user had disabled the "permission"
* which is achieved by disallowing the corresponding app op.
* </p>
*
* @hide
*/
public final class PermissionChecker {
/** Permission result: The permission is granted. */
public static final int PERMISSION_GRANTED = PackageManager.PERMISSION_GRANTED;
/** Permission result: The permission is denied. */
public static final int PERMISSION_DENIED = PackageManager.PERMISSION_DENIED;
/** Permission result: The permission is denied because the app op is not allowed. */
public static final int PERMISSION_DENIED_APP_OP = PackageManager.PERMISSION_DENIED - 1;
/** @hide */
@IntDef({PERMISSION_GRANTED,
PERMISSION_DENIED,
PERMISSION_DENIED_APP_OP})
@Retention(RetentionPolicy.SOURCE)
public @interface PermissionResult {}
private PermissionChecker() {
/* do nothing */
}
/**
* Checks whether a given package in a UID and PID has a given permission
* and whether the app op that corresponds to this permission is allowed.
*
* @param context Context for accessing resources.
* @param permission The permission to check.
* @param pid The process id for which to check.
* @param uid The uid for which to check.
* @param packageName The package name for which to check. If null the
* the first package for the calling UID will be used.
* @return The permission check result which is either {@link #PERMISSION_GRANTED}
* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
*/
@PermissionResult
public static int checkPermission(@NonNull Context context, @NonNull String permission,
int pid, int uid, @Nullable String packageName) {
if (context.checkPermission(permission, pid, uid) == PackageManager.PERMISSION_DENIED) {
return PERMISSION_DENIED;
}
AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);
String op = appOpsManager.permissionToOp(permission);
if (op == null) {
return PERMISSION_GRANTED;
}
if (packageName == null) {
String[] packageNames = context.getPackageManager().getPackagesForUid(uid);
if (packageNames == null || packageNames.length <= 0) {
return PERMISSION_DENIED;
}
packageName = packageNames[0];
}
if (appOpsManager.noteProxyOpNoThrow(op, packageName)
!= AppOpsManager.MODE_ALLOWED) {
return PERMISSION_DENIED_APP_OP;
}
return PERMISSION_GRANTED;
}
/**
* Checks whether your app has a given permission and whether the app op
* that corresponds to this permission is allowed.
*
* @param context Context for accessing resources.
* @param permission The permission to check.
* @return The permission check result which is either {@link #PERMISSION_GRANTED}
* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
*/
@PermissionResult
public static int checkSelfPermission(@NonNull Context context,
@NonNull String permission) {
return checkPermission(context, permission, Process.myPid(),
Process.myUid(), context.getPackageName());
}
/**
* Checks whether the IPC you are handling has a given permission and whether
* the app op that corresponds to this permission is allowed.
*
* @param context Context for accessing resources.
* @param permission The permission to check.
* @param packageName The package name making the IPC. If null the
* the first package for the calling UID will be used.
* @return The permission check result which is either {@link #PERMISSION_GRANTED}
* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
*/
@PermissionResult
public static int checkCallingPermission(@NonNull Context context,
@NonNull String permission, @Nullable String packageName) {
if (Binder.getCallingPid() == Process.myPid()) {
return PERMISSION_DENIED;
}
return checkPermission(context, permission, Binder.getCallingPid(),
Binder.getCallingUid(), packageName);
}
/**
* Checks whether the IPC you are handling or your app has a given permission
* and whether the app op that corresponds to this permission is allowed.
*
* @param context Context for accessing resources.
* @param permission The permission to check.
* @return The permission check result which is either {@link #PERMISSION_GRANTED}
* or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
*/
@PermissionResult
public static int checkCallingOrSelfPermission(@NonNull Context context,
@NonNull String permission) {
String packageName = (Binder.getCallingPid() == Process.myPid())
? context.getPackageName() : null;
return checkPermission(context, permission, Binder.getCallingPid(),
Binder.getCallingUid(), packageName);
}
}

6
core/java/android/speech/RecognitionService.java
View File

@@ -20,7 +20,7 @@ import android.annotation.SdkConstant;
import android.annotation.SdkConstant.SdkConstantType;
import android.app.Service;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.PermissionChecker;
import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
@@ -174,8 +174,8 @@ public abstract class RecognitionService extends Service {
*/
private boolean checkPermissions(IRecognitionListener listener) {
if (DBG) Log.d(TAG, "checkPermissions");
if (RecognitionService.this.checkCallingOrSelfPermission(android.Manifest.permission.
RECORD_AUDIO) == PackageManager.PERMISSION_GRANTED) {
if (PermissionChecker.checkCallingOrSelfPermission(this,
android.Manifest.permission.RECORD_AUDIO) == PermissionChecker.PERMISSION_GRANTED) {
return true;
}
try {