Revert "Perform device capability check when checking device aware permission on"
This reverts commit 3c6a28b980c5735d05460cfdf773dcbcf08c6a62.
Reason for revert: Potential culprit for b/332651868- verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: I75a651006ea1e50415f712a4e8595ddbb5228d90
diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
index 613e231..716dee4 100644
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -21,14 +21,12 @@
import static android.os.StrictMode.vmIncorrectContextUseEnabled;
import static android.view.WindowManager.LayoutParams.WindowType;
-import android.Manifest;
import android.annotation.CallbackExecutor;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.SuppressLint;
import android.annotation.UiContext;
-import android.companion.virtual.VirtualDevice;
import android.companion.virtual.VirtualDeviceManager;
import android.compat.annotation.UnsupportedAppUsage;
import android.content.AttributionSource;
@@ -2290,35 +2288,7 @@
Log.v(TAG, "Treating renounced permission " + permission + " as denied");
return PERMISSION_DENIED;
}
-
- // When checking a device-aware permission on a remote device, if the permission is CAMERA
- // or RECORD_AUDIO we need to check remote device's corresponding capability. If the remote
- // device doesn't have capability fall back to checking permission on the default device.
- // Note: we only perform permission check redirection when the device id is not explicitly
- // set in the context.
- int deviceId = getDeviceId();
- if (deviceId != Context.DEVICE_ID_DEFAULT
- && !mIsExplicitDeviceId
- && PermissionManager.DEVICE_AWARE_PERMISSIONS.contains(permission)) {
- VirtualDeviceManager virtualDeviceManager =
- getSystemService(VirtualDeviceManager.class);
- VirtualDevice virtualDevice = virtualDeviceManager.getVirtualDevice(deviceId);
- if (virtualDevice != null) {
- if ((Objects.equals(permission, Manifest.permission.RECORD_AUDIO)
- && !virtualDevice.hasCustomAudioInputSupport())
- || (Objects.equals(permission, Manifest.permission.CAMERA)
- && !virtualDevice.hasCustomCameraSupport())) {
- deviceId = Context.DEVICE_ID_DEFAULT;
- }
- } else {
- Slog.e(
- TAG,
- "virtualDevice is not found when device id is not default. deviceId = "
- + deviceId);
- }
- }
-
- return PermissionManager.checkPermission(permission, pid, uid, deviceId);
+ return PermissionManager.checkPermission(permission, pid, uid, getDeviceId());
}
/** @hide */
diff --git a/core/java/android/permission/PermissionManager.java b/core/java/android/permission/PermissionManager.java
index fe3fa8c..3441244d 100644
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@@ -240,16 +240,6 @@
public static final String EXTRA_PERMISSION_USAGES =
"android.permission.extra.PERMISSION_USAGES";
- /**
- * Specify what permissions are device aware. Only device aware permissions can be granted to
- * a remote device.
- * @hide
- */
- public static final Set<String> DEVICE_AWARE_PERMISSIONS =
- Flags.deviceAwarePermissionsEnabled()
- ? Set.of(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO)
- : Collections.emptySet();
-
private final @NonNull Context mContext;
private final IPackageManager mPackageManager;
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 13906da..b32c544 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -1598,7 +1598,7 @@
) {
with(policy) { getPermissionFlags(appId, userId, permissionName) }
} else {
- if (permissionName !in PermissionManager.DEVICE_AWARE_PERMISSIONS) {
+ if (permissionName !in DEVICE_AWARE_PERMISSIONS) {
Slog.i(
LOG_TAG,
"$permissionName is not device aware permission, " +
@@ -1623,7 +1623,7 @@
) {
with(policy) { setPermissionFlags(appId, userId, permissionName, flags) }
} else {
- if (permissionName !in PermissionManager.DEVICE_AWARE_PERMISSIONS) {
+ if (permissionName !in DEVICE_AWARE_PERMISSIONS) {
Slog.i(
LOG_TAG,
"$permissionName is not device aware permission, " +
@@ -2820,6 +2820,15 @@
PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM or
PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER
+ /** These permissions are supported for virtual devices. */
+ // TODO: b/298661870 - Use new API to get the list of device aware permissions.
+ val DEVICE_AWARE_PERMISSIONS =
+ if (Flags.deviceAwarePermissionsEnabled()) {
+ setOf(Manifest.permission.CAMERA, Manifest.permission.RECORD_AUDIO)
+ } else {
+ emptySet<String>()
+ }
+
fun getFullerPermission(permissionName: String): String? =
FULLER_PERMISSIONS[permissionName]
}
