Allow UiAutomation to adopt the shell permission indentity
For testing we often need to run shell commands. This can be done
today via running a shell command from an instrumentation test
started from the shell. However, this requires adding shell commands
which are not in the API contract, involve boilerplate code, require
string parsing, etc.
This change allows an instrumentation started from the shell to
adopt the shell UID permission state. As a result one can call APIs
protected by permissions normal apps cannot get by are granted to
the shell. This enables adding dedicated test APIs protected by
signatures permissions granted to the shell.
Test: cts-tradefed run cts-dev -m CtsUiAutomationTestCases
-t android.app.uiautomation.cts.UiAutomationTest#testAdoptShellPermissions
bug:80415658
Change-Id: I4bfd4b475225125512abf80ea98cd8fcacb6a1be
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index 1167e1d..b3f6bd1 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -22,6 +22,7 @@
import android.app.AppGlobals;
import android.app.AppOpsManager;
import android.app.AppOpsManagerInternal;
+import android.app.AppOpsManagerInternal.CheckOpsDelegate;
import android.content.ContentResolver;
import android.content.Context;
import android.content.pm.ApplicationInfo;
@@ -207,6 +208,8 @@
SparseIntArray mProfileOwners;
+ private CheckOpsDelegate mCheckOpsDelegate;
+
/**
* All times are in milliseconds. These constants are kept synchronized with the system
* global Settings. Any access to this class or its fields should be done while
@@ -1411,15 +1414,39 @@
}
}
+ public CheckOpsDelegate getAppOpsServiceDelegate() {
+ synchronized (this) {
+ return mCheckOpsDelegate;
+ }
+ }
+
+ public void setAppOpsServiceDelegate(CheckOpsDelegate delegate) {
+ synchronized (this) {
+ mCheckOpsDelegate = delegate;
+ }
+ }
+
@Override
public int checkOperation(int code, int uid, String packageName) {
- verifyIncomingUid(uid);
- verifyIncomingOp(code);
- String resolvedPackageName = resolvePackageName(uid, packageName);
- if (resolvedPackageName == null) {
- return AppOpsManager.MODE_IGNORED;
- }
+ final CheckOpsDelegate delegate;
synchronized (this) {
+ if (mCheckOpsDelegate == null) {
+ return checkOperationImpl(code, uid, packageName);
+ }
+ delegate = mCheckOpsDelegate;
+ }
+ return delegate.checkOperation(code, uid, packageName,
+ AppOpsService.this::checkOperationImpl);
+ }
+
+ private int checkOperationImpl(int code, int uid, String packageName) {
+ synchronized (this) {
+ verifyIncomingUid(uid);
+ verifyIncomingOp(code);
+ String resolvedPackageName = resolvePackageName(uid, packageName);
+ if (resolvedPackageName == null) {
+ return AppOpsManager.MODE_IGNORED;
+ }
if (isOpRestrictedLocked(uid, code, resolvedPackageName)) {
return AppOpsManager.MODE_IGNORED;
}
@@ -1439,20 +1466,33 @@
@Override
public int checkAudioOperation(int code, int usage, int uid, String packageName) {
- boolean suspended;
- try {
- suspended = isPackageSuspendedForUser(packageName, uid);
- } catch (IllegalArgumentException ex) {
- // Package not found.
- suspended = false;
- }
-
- if (suspended) {
- Slog.i(TAG, "Audio disabled for suspended package=" + packageName + " for uid=" + uid);
- return AppOpsManager.MODE_IGNORED;
- }
-
+ final CheckOpsDelegate delegate;
synchronized (this) {
+ if (mCheckOpsDelegate == null) {
+ return checkAudioOperationImpl(code, usage, uid, packageName);
+ }
+ delegate = mCheckOpsDelegate;
+ }
+ return delegate.checkAudioOperation(code, usage, uid, packageName,
+ AppOpsService.this::checkAudioOperationImpl);
+ }
+
+ private int checkAudioOperationImpl(int code, int usage, int uid, String packageName) {
+ synchronized (this) {
+ boolean suspended;
+ try {
+ suspended = isPackageSuspendedForUser(packageName, uid);
+ } catch (IllegalArgumentException ex) {
+ // Package not found.
+ suspended = false;
+ }
+
+ if (suspended) {
+ Slog.i(TAG, "Audio disabled for suspended package=" + packageName
+ + " for uid=" + uid);
+ return AppOpsManager.MODE_IGNORED;
+ }
+
final int mode = checkRestrictionLocked(code, usage, uid, packageName);
if (mode != AppOpsManager.MODE_ALLOWED) {
return mode;
@@ -1530,10 +1570,10 @@
}
@Override
- public int noteProxyOperation(int code, String proxyPackageName,
- int proxiedUid, String proxiedPackageName) {
+ public int noteProxyOperation(int code, int proxyUid,
+ String proxyPackageName, int proxiedUid, String proxiedPackageName) {
+ verifyIncomingUid(proxyUid);
verifyIncomingOp(code);
- final int proxyUid = Binder.getCallingUid();
String resolveProxyPackageName = resolvePackageName(proxyUid, proxyPackageName);
if (resolveProxyPackageName == null) {
return AppOpsManager.MODE_IGNORED;
@@ -1553,6 +1593,18 @@
@Override
public int noteOperation(int code, int uid, String packageName) {
+ final CheckOpsDelegate delegate;
+ synchronized (this) {
+ if (mCheckOpsDelegate == null) {
+ return noteOperationImpl(code, uid, packageName);
+ }
+ delegate = mCheckOpsDelegate;
+ }
+ return delegate.noteOperation(code, uid, packageName,
+ AppOpsService.this::noteOperationImpl);
+ }
+
+ private int noteOperationImpl(int code, int uid, String packageName) {
verifyIncomingUid(uid);
verifyIncomingOp(code);
String resolvedPackageName = resolvePackageName(uid, packageName);