The reason is passed to app exit info so a given app can get more
information about why their app was killed in the event of permission
revoke.
Test: atest RevokePermissionTest ActivityManagerAppExitInfoTest#testPermissionChangeWithReason
Fixes: 159659620
Change-Id: Id711667eb2c1579ecb2a1b83a62af3cc7862d5f6
Based on feedback during the API review of the new SystemAPI for
telephony to check device identifier access the method was moved
from DevicePolicyManager to a more generic location to perform
the non-subscriber portions of the check.
Bug: 147761267
Test: atest TelephonyPermissionsTest
Test: atest PermissionManagerServiceTest
Test: atest DeviceIdentifierTest
Test: atest DeviceOwnerTest#testDeviceOwnerCanGetDeviceIdentifiers
Test: atest TelephonyManagerTest
Test: atest DeviceOwnerTest#testDeviceOwnerCannotGetDeviceIdentifiersWithoutPermission
Test: atest ManagedProfileTest#testProfileOwnerOnPersonalDeviceCannotGetDeviceIdentifiers
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testProfileOwnerCannotGetDeviceIdentifiersWithoutPermission
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testProfileOwnerCanGetDeviceIdentifiers
Change-Id: Ic1867dad0b2369f2dc1a7d31facb65f89131376f
This introduces extra attributes on <application/> tag corresponding to
requesting to be shown in UI for the user to disable auto-revoke
(allowDontAutoRevokePermissions)
and being whitelisted by the installer (dontAutoRevokePermissions)
Test: presubmit
Bug: 146513245
Change-Id: I07902632812b70ea418a667d343b74d7ae170bb9
This also parallelizes flag updating.
Currently, the broadcast listener is disabled, due to test flake, so it
will not update on app install/changes
Bug: 141311767
Test: - on first boot go to permissions screen, and ensure system apps
categorization makes sense
- install app that requests location, and ensure it's not listed
as system app in permission screen
Change-Id: I37ea4b196313fe9fa71150c21e7cca591067d572
If the version of the permsision controller is different than what was
persisted then call the upgrade controller defined in the permission
controller.
Exempt-From-Owner-Approval: Got verbal approval from an OWNER
Bug: 148595539
Test: Manual; verify the version is persisted in runtime-permissions.xml
verify the upgrade is run when changing the version number
move runtime-permissions.xml to old location, verify works
Change-Id: I873ea4d5a0f1f66fed121e38cc6be62fa046a210
The code for caching permission queries incorrectly used the UID of
the calling process instead of the Context UID when asking
PermissionManagerService whether a package (identified by name) has a
permission. As a result, permission checks produced incorrect results
for certain cross-user scenarios. This CL makes the checking UID part
of the package-name-based permission query.
Test: atest com.android.car.VmsPublisherSubscriberTest
Bug: 150172373
Bug: 150025558
Bug: 150140220
Change-Id: I903a9e79fbbba97ea987120066817eeea9b01d51
We use the package settings class as a central point for invalidating
on package information changes; for permission changes, we invalidate
from inside the individual permission data objects.
Bug: 140788621
Test: boots, package tests (pending)
Change-Id: Iec14d4ec872124e7ef4612c72d94c89a7319ace0
In this change we introduce new system api to manage tracking apps for
inactivity when they hold one-time permissions. The api includes adding
a package, removing a package, and a callback to notify the app has gone
inactive and which permissions are considered one-time.
Also introduce a new permission flag so that it is possible to determine
if a currently granted permission is one-time.
Test: Manual
Bug: 136219229
Change-Id: Iac3cb776a0204c64953f0a03abe76c8e320c9e56
and revokeDefaultPermissionsFromLuiApps from PermissionManagerService to
Permmission Manager
Bug: 142019744
Test: Build
Change-Id: Ic39e1a66b650e7969242eb2116f342de488b1ca6
In AOSP the permission backup+restore is driven by the system server,
but some OEMs might drive it from an app. Hence allow a privilidged app
to backup + restore permission backups.
Test: atest CtsBackupTestCases
Fixes: 141007569
Change-Id: Ic89b476948872c491de8ea54b83667afc0183bb4
This is known to take 500ms and affects only UI,
so can be done async
Test: Ensure nothing looks badly broken; presubmit
Fixes: 139485700
Change-Id: I2b83b51ec5b002e08986019b4b6be3d681741544
Creating a SystemConfig from a non-system process is taking 500+ ms.
This CL instead exposes the needed split permissions from system_server
to optimize performance.
Tested locally and creating PermissionManager / retrieving SystemConfig
is now less than 1 ms.
Bug: 139828734
Bug: 139485700
Fixes: 139828734
Test: Added systrace / logs to PermissionController app and traced
runtime of onGrantDefaultRoles().
Change-Id: I111403e8dae3bc2b0acafc32e61aa5cd890fea29
To prepare for enabling MissingNullability Metalava check this CL
works on adding missing nullability issues that metalava flags if
we tell it to flag new things since API 29.
This is not a complete CL, mostly addresses public api and
toString/equals for @SystemApi
Exempt-From-Owner-Approval: Large scale nullability clean up
Bug: 124515653
Test: make -j checkapi
Change-Id: I109260842cfc25f06e40694997fcbb4afa02c867
This should be the last method movement. More work needs to
happen with the intenral APIs between the permission manager
and the package manager. There is still a lot of package
manager internal logic inside the permission manager.
Bug: 135279435
Test: atest PermissionUpdateListenerTest
Test: atest android.content.pm.cts.PackageManagerTest
Test: atest android.permission2.cts.RestrictedPermissionsTest
Change-Id: Iec118d198cb4ce3c4789991ddbdd2928dbc4bf6f
These were the last few APIs that used the permission callback.
Completely remove it from the package manager and full implement
in the permission manager.
Bug: 135279435
Test: atest PermissionUpdateListenerTest
Test: android.content.pm.cts.PackageManagerTest
Test: android.permission2.cts.RestrictedPermissionsTest
Change-Id: Iab7c20215c907f4718f78a98fb96afec9fef6780
Also while doing this, it made sense to move the permission change
listener to the permission manager [it resulted in fewer hacks to
get the two sides to talk to one another].
Bug: 135279435
Test: atest PermissionUpdateListenerTest
Test: android.content.pm.cts.PackageManagerTest
Test: android.permission2.cts.RestrictedPermissionsTest
Change-Id: Ie08701dfe999cd435335103f4b4daeaa0b31ef10
Now begins the parade of methods that can be migrated to the
permission manager service and be removed from the package
manager service.
We will still need to maintain some sub-set of APIs in the
package manager service due to unsupported app usage. When
we finally no longer support these AIDL methods, they can
be removed from package manager service.
Bug: 135279435
Test: Manual. Builds and runs
Change-Id: If12609ffdaeb75445d3ec9bcc7f946b8829ba769
Today, the package manager largely routes any permission related
method to the PermissionManagerService. But, PermissionManagerService
is a service in name only. Instead, we will make the
PermissionManagerService a real service and direct API calls directly
to it.
We will likely need to maintain all of the public permission APIs
that already exist on PackageManager. However, the public -> private
implementation will go directly to PermissionManagerService.
Bug: 135279435
Test: Manual. Device boots
Change-Id: Ia4992ba6d1f4b9050db98c7d7647d51a5d45fcbe
