Refactor checkPermissionInternal() and checkUidPermissionInternal().
They were mostly the same but still slightly different, hence make
them share one implementation.
Subtle behavior changes in this change:
1. Return denied if permName or pkgName is null when passed in via
binder; previously such behavior is implicit but now it's made
explicit.
2. Checks existence of userId upon being passed in via binder, instead
of after CheckPermissionDelegate has run.
3. Synchronize on mLock inside checkSingleUidPermissionInternal(),
instead of around calling checkUidPermissionInternal().
4. When checking fuller permission, that fuller permission isn't check
for the instant flag if the package is an instant app. Now it is
checked in the same way as if checked directly.
5. checkUidPermission() was passing callingUserId as userId when
filtering app access. The userId passed there will be used as the user
id for the package setting in shouldFilterApplicationLocked(), so the
user id of the package uid should be passed in instead. This is also
what checkPermission() was doing.
6. Use checkPermission() instead of the old checkPermissionInternal()
in revokeRuntimePermissionsIfGroupChanged(). This shouldn't matter as
other methods are using checkPermission() as well, meanwhile
revokeRuntimePermissionsIfGroupChanged() is posted on system server
main thread, or at least isn't expected to be called by another
process, so calling identity check/filtering shouldn't matter.
Bug: 136503238
Test: atest CtsAppSecurityHostTestCases CtsPermissionTestCases
Change-Id: I6ba961357d707ba31cd34a5bcc03ad0dbe975c30
1 file changed