diff options
| author | Sudheer Shanka <sudheersai@google.com> | 2021-03-24 14:49:04 -0700 |
|---|---|---|
| committer | Sudheer Shanka <sudheersai@google.com> | 2021-03-26 08:00:10 +0000 |
| commit | e0237fa50b43c7eb0892d7988bf1b344597fa091 (patch) | |
| tree | 74aa249f4ad7e7bab1eee73b92a024dc9eaebd24 /apex/blobstore/framework/java | |
| parent | 5db986d793f6e8f181c389508a04712f291f19c9 (diff) | |
Add API to allow apps with location permission to access data blobs.
This is a new access mode that apps can use while committing data
blobs to specify that only apps with location permission can the
data blobs.
Bug: 158705914
CTS-Coverage-Bug: 158705914
Test: atest --test-mapping apex/blobstore
Change-Id: If69a2ea317719315f782e71a993cec361fef027f
Diffstat (limited to 'apex/blobstore/framework/java')
4 files changed, 78 insertions, 9 deletions
diff --git a/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java b/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java index 38500aff34ea..22ee501bda8c 100644 --- a/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java +++ b/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java @@ -258,7 +258,8 @@ public class BlobStoreManager { public @NonNull ParcelFileDescriptor openBlob(@NonNull BlobHandle blobHandle) throws IOException { try { - return mService.openBlob(blobHandle, mContext.getOpPackageName()); + return mService.openBlob(blobHandle, mContext.getOpPackageName(), + mContext.getAttributionTag()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); throw new RuntimeException(e); @@ -315,7 +316,7 @@ public class BlobStoreManager { @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException { try { mService.acquireLease(blobHandle, descriptionResId, null, leaseExpiryTimeMillis, - mContext.getOpPackageName()); + mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); e.maybeRethrow(LimitExceededException.class); @@ -378,7 +379,7 @@ public class BlobStoreManager { @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException { try { mService.acquireLease(blobHandle, INVALID_RES_ID, description, leaseExpiryTimeMillis, - mContext.getOpPackageName()); + mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); e.maybeRethrow(LimitExceededException.class); @@ -497,7 +498,8 @@ public class BlobStoreManager { */ public void releaseLease(@NonNull BlobHandle blobHandle) throws IOException { try { - mService.releaseLease(blobHandle, mContext.getOpPackageName()); + mService.releaseLease(blobHandle, mContext.getOpPackageName(), + mContext.getAttributionTag()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); throw new RuntimeException(e); @@ -602,7 +604,8 @@ public class BlobStoreManager { @Nullable public LeaseInfo getLeaseInfo(@NonNull BlobHandle blobHandle) throws IOException { try { - return mService.getLeaseInfo(blobHandle, mContext.getOpPackageName()); + return mService.getLeaseInfo(blobHandle, mContext.getOpPackageName(), + mContext.getAttributionTag()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); throw new RuntimeException(e); @@ -897,6 +900,64 @@ public class BlobStoreManager { } /** + * Allow apps with location permission to access this blob data once it is committed using + * a {@link BlobHandle} representing the blob. + * + * <p> This needs to be called before committing the blob using + * {@link #commit(Executor, Consumer)}. + * + * Note that if a caller allows access to the blob using this API in addition to other APIs + * like {@link #allowPackageAccess(String, byte[])}, then apps satisfying any one of these + * access conditions will be allowed to access the blob. + * + * @param permissionName the name of the location permission that needs to be granted + * for the app. This can be either one of + * {@link android.Manifest.permission#ACCESS_FINE_LOCATION} or + * {@link android.Manifest.permission#ACCESS_COARSE_LOCATION}. + * + * @throws IOException when there is an I/O error while changing the access. + * @throws SecurityException when the caller is not the owner of the session. + * @throws IllegalStateException when the caller tries to change access for a blob which is + * already committed. + */ + public void allowPackagesWithLocationPermission(@NonNull String permissionName) + throws IOException { + try { + mSession.allowPackagesWithLocationPermission(permissionName); + } catch (ParcelableException e) { + e.maybeRethrow(IOException.class); + throw new RuntimeException(e); + } catch (RemoteException e) { + throw e.rethrowFromSystemServer(); + } + } + + /** + * Returns {@code true} if access has been allowed for apps with location permission by + * using {@link #allowPackagesWithLocationPermission(String)}. + * + * @param permissionName the name of the location permission that needs to be granted + * for the app. This can be either one of + * {@link android.Manifest.permission#ACCESS_FINE_LOCATION} or + * {@link android.Manifest.permission#ACCESS_COARSE_LOCATION}. + * + * @throws IOException when there is an I/O error while getting the access type. + * @throws IllegalStateException when the caller tries to get access type from a session + * which is closed or abandoned. + */ + public boolean arePackagesWithLocationPermissionAllowed(@NonNull String permissionName) + throws IOException { + try { + return mSession.arePackagesWithLocationPermissionAllowed(permissionName); + } catch (ParcelableException e) { + e.maybeRethrow(IOException.class); + throw new RuntimeException(e); + } catch (RemoteException e) { + throw e.rethrowFromSystemServer(); + } + } + + /** * Commit the file that was written so far to this session to the blob store maintained by * the system. * diff --git a/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl b/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl index 39a9fb4bb1f4..db6cb5c972fe 100644 --- a/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl +++ b/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl @@ -25,12 +25,13 @@ import android.os.RemoteCallback; interface IBlobStoreManager { long createSession(in BlobHandle handle, in String packageName); IBlobStoreSession openSession(long sessionId, in String packageName); - ParcelFileDescriptor openBlob(in BlobHandle handle, in String packageName); + ParcelFileDescriptor openBlob(in BlobHandle handle, in String packageName, + in String attributionTag); void abandonSession(long sessionId, in String packageName); void acquireLease(in BlobHandle handle, int descriptionResId, in CharSequence description, - long leaseTimeoutMillis, in String packageName); - void releaseLease(in BlobHandle handle, in String packageName); + long leaseTimeoutMillis, in String packageName, in String attributionTag); + void releaseLease(in BlobHandle handle, in String packageName, in String attributionTag); long getRemainingLeaseQuotaBytes(String packageName); void waitForIdle(in RemoteCallback callback); @@ -39,5 +40,6 @@ interface IBlobStoreManager { void deleteBlob(long blobId); List<BlobHandle> getLeasedBlobs(in String packageName); - LeaseInfo getLeaseInfo(in BlobHandle blobHandle, in String packageName); + LeaseInfo getLeaseInfo(in BlobHandle blobHandle, in String packageName, + in String attributionTag); }
\ No newline at end of file diff --git a/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl b/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl index 4035b96938d9..e3ccfb8d91c1 100644 --- a/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl +++ b/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl @@ -26,10 +26,12 @@ interface IBlobStoreSession { void allowPackageAccess(in String packageName, in byte[] certificate); void allowSameSignatureAccess(); void allowPublicAccess(); + void allowPackagesWithLocationPermission(in String permissionName); boolean isPackageAccessAllowed(in String packageName, in byte[] certificate); boolean isSameSignatureAccessAllowed(); boolean isPublicAccessAllowed(); + boolean arePackagesWithLocationPermissionAllowed(in String permissionName); long getSize(); void close(); diff --git a/apex/blobstore/framework/java/android/app/blob/XmlTags.java b/apex/blobstore/framework/java/android/app/blob/XmlTags.java index bfc582623439..6e4b2f79cadb 100644 --- a/apex/blobstore/framework/java/android/app/blob/XmlTags.java +++ b/apex/blobstore/framework/java/android/app/blob/XmlTags.java @@ -38,6 +38,7 @@ public final class XmlTags { public static final String ATTR_TYPE = "t"; public static final String TAG_ALLOWED_PACKAGE = "wl"; public static final String ATTR_CERTIFICATE = "ct"; + public static final String TAG_ALLOWED_PERMISSION = "ap"; // For BlobHandle public static final String TAG_BLOB_HANDLE = "bh"; @@ -55,4 +56,7 @@ public final class XmlTags { public static final String TAG_LEASEE = "l"; public static final String ATTR_DESCRIPTION_RES_NAME = "rn"; public static final String ATTR_DESCRIPTION = "d"; + + // Generic + public static final String ATTR_VALUE = "val"; } |