Add system server test API to force enforce signature permission allowlist.
So that we can test it in cts-root.
This CL also creates a PermissionManagerLocal that is suitable for
exposing system server local APIs.
Bug: 308573169
Test: SignaturePermissionAllowlistTest
Ignore-AOSP-First: New directory
Change-Id: I5df799fd321e54b6cea14a929529a27f6436161c
diff --git a/services/core/java/com/android/server/permission/OWNERS b/services/core/java/com/android/server/permission/OWNERS
new file mode 100644
index 0000000..fb6099c
--- /dev/null
+++ b/services/core/java/com/android/server/permission/OWNERS
@@ -0,0 +1,3 @@
+# Bug component: 137825
+
+include platform/frameworks/base:/core/java/android/permission/OWNERS
diff --git a/services/core/java/com/android/server/permission/PermissionManagerLocal.java b/services/core/java/com/android/server/permission/PermissionManagerLocal.java
new file mode 100644
index 0000000..7251e6e
--- /dev/null
+++ b/services/core/java/com/android/server/permission/PermissionManagerLocal.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.permission;
+
+import android.annotation.TestApi;
+import com.android.internal.annotations.Keep;
+
+/**
+ * In-process API for server side permission related infrastructure.
+ *
+ * @hide
+ */
+@Keep
+@TestApi
+public interface PermissionManagerLocal {
+
+ /**
+ * Get whether signature permission allowlist is enforced even on debuggable builds.
+ *
+ * @return whether the signature permission allowlist is force enforced
+ */
+ @TestApi
+ boolean isSignaturePermissionAllowlistForceEnforced();
+
+ /**
+ * Set whether signature permission allowlist is enforced even on debuggable builds.
+ *
+ * @param forceEnforced whether the signature permission allowlist is force enforced
+ */
+ @TestApi
+ void setSignaturePermissionAllowlistForceEnforced(boolean forceEnforced);
+}
diff --git a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
index acaec21..fd2e8c8 100644
--- a/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
+++ b/services/permission/java/com/android/server/permission/access/AccessCheckingService.kt
@@ -27,9 +27,11 @@
import com.android.server.SystemConfig
import com.android.server.SystemService
import com.android.server.appop.AppOpsCheckingServiceInterface
+import com.android.server.permission.PermissionManagerLocal
import com.android.server.permission.access.appop.AppOpService
import com.android.server.permission.access.collection.* // ktlint-disable no-wildcard-imports
import com.android.server.permission.access.immutable.* // ktlint-disable no-wildcard-imports
+import com.android.server.permission.access.permission.PermissionManagerLocalImpl
import com.android.server.permission.access.permission.PermissionService
import com.android.server.pm.KnownPackages
import com.android.server.pm.PackageManagerLocal
@@ -63,6 +65,11 @@
LocalServices.addService(AppOpsCheckingServiceInterface::class.java, appOpService)
LocalServices.addService(PermissionManagerServiceInterface::class.java, permissionService)
+
+ LocalManagerRegistry.addManager(
+ PermissionManagerLocal::class.java,
+ PermissionManagerLocalImpl(this)
+ )
}
fun initialize() {
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
index 67df67f..af8ce31 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
@@ -63,6 +63,12 @@
private val privilegedPermissionAllowlistViolations = MutableIndexedSet<String>()
+ /**
+ * Test-only switch to enforce signature permission allowlist even on debuggable builds.
+ */
+ @Volatile
+ var isSignaturePermissionAllowlistForceEnforced = false
+
override val subjectScheme: String
get() = UidUri.SCHEME
@@ -1274,7 +1280,7 @@
SigningDetails.CertCapabilities.PERMISSION
)
if (!Flags.signaturePermissionAllowlistEnabled()) {
- return hasCommonSigner;
+ return hasCommonSigner
}
if (!hasCommonSigner) {
return false
@@ -1308,7 +1314,7 @@
" ${packageState.packageName} (${packageState.path}) not in" +
" signature permission allowlist"
)
- if (!Build.isDebuggable()) {
+ if (!Build.isDebuggable() || isSignaturePermissionAllowlistForceEnforced) {
return false
}
}
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionManagerLocalImpl.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionManagerLocalImpl.kt
new file mode 100644
index 0000000..ad2d70bb
--- /dev/null
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionManagerLocalImpl.kt
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.permission.access.permission
+
+import android.os.Build
+import com.android.server.permission.PermissionManagerLocal
+import com.android.server.permission.access.AccessCheckingService
+import com.android.server.permission.access.PermissionUri
+import com.android.server.permission.access.UidUri
+
+class PermissionManagerLocalImpl(
+ private val service: AccessCheckingService
+) : PermissionManagerLocal {
+ private val policy =
+ service.getSchemePolicy(UidUri.SCHEME, PermissionUri.SCHEME) as AppIdPermissionPolicy
+
+ override fun isSignaturePermissionAllowlistForceEnforced(): Boolean {
+ check(Build.isDebuggable())
+ return policy.isSignaturePermissionAllowlistForceEnforced
+ }
+
+ override fun setSignaturePermissionAllowlistForceEnforced(forceEnforced: Boolean) {
+ check(Build.isDebuggable())
+ policy.isSignaturePermissionAllowlistForceEnforced = forceEnforced
+ }
+}
