Google Git
Sign in
android / platform / frameworks / base / 9263f255eec6b875c9fb5d022ba35aa2b940ffa4^! / .
commit9263f255eec6b875c9fb5d022ba35aa2b940ffa4[log] [tgz]
authorYi-an Chen <[email protected]>Wed Sep 04 02:46:21 2024 +0000
committerYi-an Chen <[email protected]>Wed Sep 04 23:45:56 2024 +0000
treeca5bfa1adb6e67bb67e9ebe2b44719f7b6fbc809
parentb7faccdcef43ba8538d7c9b25550b34662f7a84f [diff]
Rename checkPrivilegedPermissionAllowlist()

Rename method checkPrivilegedPermissionAllowlist() to avoid
confusions on understanding the code.

We could also split this method into shouldCheckAllowlist()
and checkAllowlist() to avoid the confusion. However, since
we will always call these two methods together, it's cleaner
to put these two together. Hence renamed this method to
checkPrivilegedPermissionAllowlistIfNeeded(). Also added doc
to explain the return values.

Bug: 364435115
Test: Build
Flag: DOCS_ONLY
Change-Id: I8071b6860da4853c7a74e1d2daf1748ccb6cbd6e

diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
index 7ed23cd..d2c91ff 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt

@@ -888,7 +888,7 @@
                     val mayGrantByPrivileged =
                         !permission.isPrivileged ||
                             requestingPackageStates.anyIndexed { _, it ->
-                                checkPrivilegedPermissionAllowlist(it, permission)
+                                checkPrivilegedPermissionAllowlistIfNeeded(it, permission)
                             }
                     val shouldGrantBySignature =
                         permission.isSignature &&
@@ -1280,7 +1280,16 @@
         }
     }
 
-    private fun MutateStateScope.checkPrivilegedPermissionAllowlist(
+    /**
+     * We only check privileged permission allowlist for system privileged apps. Hence, for platform
+     * or for normal apps, we return true to indicate that we don't need to check the allowlist and
+     * will let follow-up checks to decide whether we should grant the permission.
+     *
+     * @return `true`, if the permission is allowlisted for system privileged apps, or if we
+     *         don't need to check the allowlist (for platform or for normal apps).
+     *         `false`, if the permission is not allowlisted for system privileged apps.
+     */
+    private fun MutateStateScope.checkPrivilegedPermissionAllowlistIfNeeded(
         packageState: PackageState,
         permission: Permission
     ): Boolean {