Snap for 9015527 from 0fb2731aeefbda561419275899ab1363abf4164f to mainline-permission-release
Change-Id: I83b88835e03d793203be9e79d35fc76a43ae5657
diff --git a/common/device-side/util-axt/src/com/android/compatibility/common/util/BaseDefaultPermissionGrantPolicyTest.java b/common/device-side/util-axt/src/com/android/compatibility/common/util/BaseDefaultPermissionGrantPolicyTest.java
index d7a056b..f8b24fd 100644
--- a/common/device-side/util-axt/src/com/android/compatibility/common/util/BaseDefaultPermissionGrantPolicyTest.java
+++ b/common/device-side/util-axt/src/com/android/compatibility/common/util/BaseDefaultPermissionGrantPolicyTest.java
@@ -18,6 +18,9 @@
import static android.content.pm.PermissionInfo.PROTECTION_DANGEROUS;
+import static com.android.compatibility.common.util.BaseDefaultPermissionGrantPolicyTest.UidState.FixedState.FIXED;
+import static com.android.compatibility.common.util.BaseDefaultPermissionGrantPolicyTest.UidState.FixedState.NOT_FIXED;
+import static com.android.compatibility.common.util.BaseDefaultPermissionGrantPolicyTest.UidState.FixedState.SUPER_FIXED;
import static com.android.compatibility.common.util.SystemUtil.callWithShellPermissionIdentity;
import static org.junit.Assert.fail;
@@ -150,14 +153,14 @@
* @param permissions the set of permissions, formatted "permission_name fixed_boolean"
*/
public void setException(String pkg, String sha256, String... permissions) {
- HashMap<String, Boolean> permissionsMap = new HashMap<>();
+ HashMap<String, UidState.FixedState> permissionsMap = new HashMap<>();
for (String permissionString : permissions) {
String[] parts = permissionString.trim().split("\\s+");
if (parts.length != 2) {
Log.e(LOG_TAG, "Unable to parse remote exception permission: " + permissionString);
return;
}
- permissionsMap.put(parts[0], Boolean.valueOf(parts[1]));
+ permissionsMap.put(parts[0], Boolean.valueOf(parts[1]) ? FIXED : NOT_FIXED);
}
mRemoteExceptions.add(new DefaultPermissionGrantException(pkg, sha256, permissionsMap));
}
@@ -174,14 +177,14 @@
*/
public void setExceptionWithMetadata(String company, String metadata, String pkg,
String sha256, String... permissions) {
- HashMap<String, Boolean> permissionsMap = new HashMap<>();
+ HashMap<String, UidState.FixedState> permissionsMap = new HashMap<>();
for (String permissionString : permissions) {
String[] parts = permissionString.trim().split("\\s+");
if (parts.length != 2) {
Log.e(LOG_TAG, "Unable to parse remote exception permission: " + permissionString);
return;
}
- permissionsMap.put(parts[0], Boolean.valueOf(parts[1]));
+ permissionsMap.put(parts[0], Boolean.valueOf(parts[1]) ? FIXED : NOT_FIXED);
}
mRemoteExceptions.add(new DefaultPermissionGrantException(
company, metadata, pkg, sha256, permissionsMap));
@@ -378,9 +381,9 @@
}
List<String> requestedPermissions = Arrays.asList(packageInfo.requestedPermissions);
- for (Map.Entry<String, Boolean> entry : exception.permissions.entrySet()) {
+ for (Map.Entry<String, UidState.FixedState> entry : exception.permissions.entrySet()) {
String permission = entry.getKey();
- Boolean fixed = entry.getValue();
+ UidState.FixedState fixed = entry.getValue();
if (!requestedPermissions.contains(permission)) {
Log.w(LOG_TAG, "Permission " + permission + " not requested by: " + packageName);
continue;
@@ -512,8 +515,8 @@
}
appendPackagePregrantedPerms(pkg, "split from non-dangerous permission "
- + permission, false, Collections.singleton(extendedPerm),
- outUidStates);
+ + permission, NOT_FIXED,
+ Collections.singleton(extendedPerm), outUidStates);
}
}
}
@@ -544,7 +547,7 @@
}
appendPackagePregrantedPerms(pkg, "permission " + permissionToAdd
- + " is granted to pre-" + targetSdk + " apps", false,
+ + " is granted to pre-" + targetSdk + " apps", NOT_FIXED,
Collections.singleton(permissionToAdd), outUidStates);
}
}
@@ -553,12 +556,12 @@
public static void appendPackagePregrantedPerms(PackageInfo packageInfo, String reason,
boolean fixed, Set<String> pregrantedPerms, SparseArray<UidState> outUidStates) {
- appendPackagePregrantedPerms(packageInfo, reason, fixed, false, pregrantedPerms,
- outUidStates);
+ appendPackagePregrantedPerms(packageInfo, reason, fixed ? FIXED : NOT_FIXED,
+ pregrantedPerms, outUidStates);
}
public static void appendPackagePregrantedPerms(PackageInfo packageInfo, String reason,
- boolean fixed, boolean fromRole, Set<String> pregrantedPerms,
+ UidState.FixedState fixed, Set<String> pregrantedPerms,
SparseArray<UidState> outUidStates) {
final int uid = packageInfo.applicationInfo.uid;
UidState uidState = outUidStates.get(uid);
@@ -568,12 +571,6 @@
}
for (String requestedPermission : packageInfo.requestedPermissions) {
if (pregrantedPerms.contains(requestedPermission)) {
- // Role permissions are not fixed. If we're already getting a fixed pregrant, don't
- // override with a non-fixed role pregrant
- if (fromRole && uidState.grantedPermissions.getOrDefault(requestedPermission,
- false)) {
- continue;
- }
uidState.addGrantedPermission(packageInfo.packageName, reason, requestedPermission,
fixed);
}
@@ -634,8 +631,9 @@
setPermissionGrantState(packageInfo.packageName, permission, false);
+ UidState.FixedState fixedState = uidState.grantedPermissions.valueAt(i);
Boolean fixed = grantAsFixedPackageNames.contains(packageInfo.packageName)
- || uidState.grantedPermissions.valueAt(i);
+ || fixedState == SUPER_FIXED || fixedState == FIXED;
// Weaker grant is fine, e.g. not-fixed instead of fixed.
if (!fixed && packageManager.checkPermission(permission, packageInfo.packageName)
@@ -715,9 +713,9 @@
public class GrantReason {
public final String reason;
public final boolean override;
- public final Boolean fixed;
+ public final FixedState fixed;
- GrantReason(String reason, boolean override, Boolean fixed) {
+ GrantReason(String reason, boolean override, FixedState fixed) {
this.reason = reason;
this.override = override;
this.fixed = fixed;
@@ -739,10 +737,34 @@
}
}
+ /**
+ * Enum representing if a permission's pregrant condition should be fixed and how it should
+ * interact with other pregrant conditions' fixed status.
+ */
+ public enum FixedState {
+
+ /**
+ * Permission is fixed and when merging with other pregrant conditions it won't lose
+ * fixed status and will override non-fixed status.
+ */
+ SUPER_FIXED,
+
+ /**
+ * Permission is fixed and when merging with other pregrant conditions it may lose
+ * fixed status.
+ */
+ FIXED,
+
+ /**
+ * Permission is not fixed.
+ */
+ NOT_FIXED
+ }
+
// packageName -> permission -> [reason]
public ArrayMap<String, ArrayMap<String, ArraySet<GrantReason>>> mGrantReasons =
new ArrayMap<>();
- public ArrayMap<String, Boolean> grantedPermissions = new ArrayMap<>();
+ public ArrayMap<String, FixedState> grantedPermissions = new ArrayMap<>();
public void log() {
for (String packageName : mGrantReasons.keySet()) {
@@ -794,7 +816,7 @@
}
public void addGrantedPermission(String packageName, String reason, String permission,
- Boolean fixed) {
+ FixedState fixed) {
Context context = getInstrumentation().getTargetContext();
// Add permissions split off from the permission to granted
@@ -813,12 +835,12 @@
}
public void overrideGrantedPermission(String packageName, String reason, String permission,
- Boolean fixed) {
+ FixedState fixed) {
mergeGrantedPermission(packageName, reason, permission, fixed, true);
}
public void mergeGrantedPermission(String packageName, String reason, String permission,
- Boolean fixed, boolean override) {
+ FixedState fixed, boolean override) {
if (!mGrantReasons.containsKey(packageName)) {
mGrantReasons.put(packageName, new ArrayMap<>());
}
@@ -830,18 +852,22 @@
mGrantReasons.get(packageName).get(permission).add(new GrantReason(reason, override,
fixed));
- Boolean oldFixed = grantedPermissions.get(permission);
+ FixedState oldFixed = grantedPermissions.get(permission);
if (oldFixed == null) {
grantedPermissions.put(permission, fixed);
} else {
- if (override) {
- if (oldFixed == Boolean.FALSE && fixed == Boolean.TRUE) {
+ if (oldFixed != SUPER_FIXED && fixed == SUPER_FIXED) {
+ Log.w(LOG_TAG, "override already granted permission " + permission + "("
+ + fixed + ") for " + packageName);
+ grantedPermissions.put(permission, fixed);
+ } else if (override) {
+ if (oldFixed == NOT_FIXED && fixed == FIXED) {
Log.w(LOG_TAG, "override already granted permission " + permission + "("
+ fixed + ") for " + packageName);
grantedPermissions.put(permission, fixed);
}
} else {
- if (oldFixed == Boolean.TRUE && fixed == Boolean.FALSE) {
+ if (oldFixed == FIXED && fixed == NOT_FIXED) {
Log.w(LOG_TAG, "add already granted permission " + permission + "("
+ fixed + ") to " + packageName);
grantedPermissions.put(permission, fixed);
@@ -859,20 +885,20 @@
public String pkg;
public String sha256;
public boolean hasBrand; // in rare cases, brand will be specified instead of SHA256 hash
- public Map<String, Boolean> permissions = new HashMap<>();
+ public Map<String, UidState.FixedState> permissions = new HashMap<>();
public boolean hasNonBrandSha256() {
return !sha256.isEmpty() && !hasBrand;
}
public DefaultPermissionGrantException(String pkg, String sha256,
- Map<String, Boolean> permissions) {
+ Map<String, UidState.FixedState> permissions) {
this(UNSET_PLACEHOLDER, UNSET_PLACEHOLDER, pkg, sha256, permissions);
}
public DefaultPermissionGrantException(String company, String metadata, String pkg,
String sha256,
- Map<String, Boolean> permissions) {
+ Map<String, UidState.FixedState> permissions) {
this.company = company;
this.metadata = metadata;
this.pkg = pkg;
diff --git a/hostsidetests/appcompat/strictjavapackages/src/android/compat/sjp/cts/StrictJavaPackagesTest.java b/hostsidetests/appcompat/strictjavapackages/src/android/compat/sjp/cts/StrictJavaPackagesTest.java
index 1d42357..7a1dcbc 100644
--- a/hostsidetests/appcompat/strictjavapackages/src/android/compat/sjp/cts/StrictJavaPackagesTest.java
+++ b/hostsidetests/appcompat/strictjavapackages/src/android/compat/sjp/cts/StrictJavaPackagesTest.java
@@ -236,7 +236,7 @@
"Landroid/app/sdksandbox/ILoadSdkCallback;",
"Landroid/app/sdksandbox/IRequestSurfacePackageCallback;",
"Landroid/app/sdksandbox/ISdkSandboxManager;",
- "Landroid/app/sdksandbox/ISdkSandboxLifecycleCallback;",
+ "Landroid/app/sdksandbox/ISdkSandboxProcessDeathCallback;",
"Landroid/app/sdksandbox/ISendDataCallback;",
"Landroid/app/sdksandbox/ISharedPreferencesSyncCallback;",
"Landroid/app/sdksandbox/ISdkToServiceCallback;"
diff --git a/tests/tests/permission/src/android/permission/cts/AccessibilityPrivacySourceTest.kt b/tests/tests/permission/src/android/permission/cts/AccessibilityPrivacySourceTest.kt
index 75d48ce..513e1df 100644
--- a/tests/tests/permission/src/android/permission/cts/AccessibilityPrivacySourceTest.kt
+++ b/tests/tests/permission/src/android/permission/cts/AccessibilityPrivacySourceTest.kt
@@ -33,6 +33,7 @@
import android.permission.cts.SafetyCenterUtils.assertSafetyCenterIssueDoesNotExist
import android.permission.cts.SafetyCenterUtils.assertSafetyCenterIssueExist
import android.permission.cts.SafetyCenterUtils.assertSafetyCenterStarted
+import android.permission.cts.SafetyCenterUtils.deleteDeviceConfigPrivacyProperty
import android.permission.cts.SafetyCenterUtils.deviceSupportsSafetyCenter
import android.permission.cts.SafetyCenterUtils.setDeviceConfigPrivacyProperty
import android.platform.test.annotations.AppModeFull
@@ -123,11 +124,16 @@
cancelNotification(permissionControllerPackage, ACCESSIBILITY_NOTIFICATION_ID)
InstrumentedAccessibilityService.disableAllServices()
setDeviceConfigPrivacyProperty(ACCESSIBILITY_LISTENER_ENABLED, false.toString())
+ setDeviceConfigPrivacyProperty(ACCESSIBILITY_JOB_INTERVAL_MILLIS, "0")
// enable service again and verify a notification
- mAccessibilityServiceRule.enableService()
- runJobAndWaitUntilCompleted()
- assertNotificationExist(permissionControllerPackage, ACCESSIBILITY_NOTIFICATION_ID)
+ try {
+ mAccessibilityServiceRule.enableService()
+ runJobAndWaitUntilCompleted()
+ assertNotificationExist(permissionControllerPackage, ACCESSIBILITY_NOTIFICATION_ID)
+ } finally {
+ deleteDeviceConfigPrivacyProperty(ACCESSIBILITY_JOB_INTERVAL_MILLIS)
+ }
}
@Test
@@ -311,6 +317,7 @@
private const val ACCESSIBILITY_SOURCE_ENABLED = "sc_accessibility_source_enabled"
private const val SAFETY_CENTER_ENABLED = "safety_center_is_enabled"
private const val ACCESSIBILITY_LISTENER_ENABLED = "sc_accessibility_listener_enabled"
+ private const val ACCESSIBILITY_JOB_INTERVAL_MILLIS = "sc_accessibility_job_interval_millis"
private const val ACCESSIBILITY_JOB_ID = 6
private const val ACCESSIBILITY_NOTIFICATION_ID = 4
diff --git a/tests/tests/permission/src/android/permission/cts/SafetyCenterUtils.kt b/tests/tests/permission/src/android/permission/cts/SafetyCenterUtils.kt
index 931ecd1..7514079 100644
--- a/tests/tests/permission/src/android/permission/cts/SafetyCenterUtils.kt
+++ b/tests/tests/permission/src/android/permission/cts/SafetyCenterUtils.kt
@@ -88,6 +88,16 @@
}
@JvmStatic
+ fun deleteDeviceConfigPrivacyProperty(
+ propertyName: String,
+ uiAutomation: UiAutomation = instrumentation.uiAutomation
+ ) {
+ runWithShellPermissionIdentity(uiAutomation) {
+ DeviceConfig.deleteProperty(DeviceConfig.NAMESPACE_PRIVACY, propertyName)
+ }
+ }
+
+ @JvmStatic
private fun getSafetyCenterIssues(
automation: UiAutomation = instrumentation.uiAutomation
): List<SafetyCenterIssue> {