diff options
| author | Sudheer Shanka <sudheersai@google.com> | 2021-05-13 13:27:35 -0700 |
|---|---|---|
| committer | Sudheer Shanka <sudheersai@google.com> | 2021-05-17 22:31:09 +0000 |
| commit | e9a38062dc475b846af65b1dbae7ab2ce67efae9 (patch) | |
| tree | 141f53f9ad9de67be8541c211e613a051a6cfc42 /apex/blobstore | |
| parent | 46614cfa9960398240c07320d672edfe2024fa93 (diff) | |
Revert "Add API to allow apps with location permission to access data blobs."
This reverts commit e0237fa50b43c7eb0892d7988bf1b344597fa091. Reverting
based on the feedback from Permissions and privacy team.
Bug: 158705914
Test: atest --test-mapping apex/blobstore
Change-Id: Id057e8c61dcf9d3d111ab20530a2074083052392
Diffstat (limited to 'apex/blobstore')
8 files changed, 30 insertions, 212 deletions
diff --git a/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java b/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java index 22ee501bda8c..38500aff34ea 100644 --- a/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java +++ b/apex/blobstore/framework/java/android/app/blob/BlobStoreManager.java @@ -258,8 +258,7 @@ public class BlobStoreManager { public @NonNull ParcelFileDescriptor openBlob(@NonNull BlobHandle blobHandle) throws IOException { try { - return mService.openBlob(blobHandle, mContext.getOpPackageName(), - mContext.getAttributionTag()); + return mService.openBlob(blobHandle, mContext.getOpPackageName()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); throw new RuntimeException(e); @@ -316,7 +315,7 @@ public class BlobStoreManager { @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException { try { mService.acquireLease(blobHandle, descriptionResId, null, leaseExpiryTimeMillis, - mContext.getOpPackageName(), mContext.getAttributionTag()); + mContext.getOpPackageName()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); e.maybeRethrow(LimitExceededException.class); @@ -379,7 +378,7 @@ public class BlobStoreManager { @CurrentTimeMillisLong long leaseExpiryTimeMillis) throws IOException { try { mService.acquireLease(blobHandle, INVALID_RES_ID, description, leaseExpiryTimeMillis, - mContext.getOpPackageName(), mContext.getAttributionTag()); + mContext.getOpPackageName()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); e.maybeRethrow(LimitExceededException.class); @@ -498,8 +497,7 @@ public class BlobStoreManager { */ public void releaseLease(@NonNull BlobHandle blobHandle) throws IOException { try { - mService.releaseLease(blobHandle, mContext.getOpPackageName(), - mContext.getAttributionTag()); + mService.releaseLease(blobHandle, mContext.getOpPackageName()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); throw new RuntimeException(e); @@ -604,8 +602,7 @@ public class BlobStoreManager { @Nullable public LeaseInfo getLeaseInfo(@NonNull BlobHandle blobHandle) throws IOException { try { - return mService.getLeaseInfo(blobHandle, mContext.getOpPackageName(), - mContext.getAttributionTag()); + return mService.getLeaseInfo(blobHandle, mContext.getOpPackageName()); } catch (ParcelableException e) { e.maybeRethrow(IOException.class); throw new RuntimeException(e); @@ -900,64 +897,6 @@ public class BlobStoreManager { } /** - * Allow apps with location permission to access this blob data once it is committed using - * a {@link BlobHandle} representing the blob. - * - * <p> This needs to be called before committing the blob using - * {@link #commit(Executor, Consumer)}. - * - * Note that if a caller allows access to the blob using this API in addition to other APIs - * like {@link #allowPackageAccess(String, byte[])}, then apps satisfying any one of these - * access conditions will be allowed to access the blob. - * - * @param permissionName the name of the location permission that needs to be granted - * for the app. This can be either one of - * {@link android.Manifest.permission#ACCESS_FINE_LOCATION} or - * {@link android.Manifest.permission#ACCESS_COARSE_LOCATION}. - * - * @throws IOException when there is an I/O error while changing the access. - * @throws SecurityException when the caller is not the owner of the session. - * @throws IllegalStateException when the caller tries to change access for a blob which is - * already committed. - */ - public void allowPackagesWithLocationPermission(@NonNull String permissionName) - throws IOException { - try { - mSession.allowPackagesWithLocationPermission(permissionName); - } catch (ParcelableException e) { - e.maybeRethrow(IOException.class); - throw new RuntimeException(e); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } - } - - /** - * Returns {@code true} if access has been allowed for apps with location permission by - * using {@link #allowPackagesWithLocationPermission(String)}. - * - * @param permissionName the name of the location permission that needs to be granted - * for the app. This can be either one of - * {@link android.Manifest.permission#ACCESS_FINE_LOCATION} or - * {@link android.Manifest.permission#ACCESS_COARSE_LOCATION}. - * - * @throws IOException when there is an I/O error while getting the access type. - * @throws IllegalStateException when the caller tries to get access type from a session - * which is closed or abandoned. - */ - public boolean arePackagesWithLocationPermissionAllowed(@NonNull String permissionName) - throws IOException { - try { - return mSession.arePackagesWithLocationPermissionAllowed(permissionName); - } catch (ParcelableException e) { - e.maybeRethrow(IOException.class); - throw new RuntimeException(e); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } - } - - /** * Commit the file that was written so far to this session to the blob store maintained by * the system. * diff --git a/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl b/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl index db6cb5c972fe..39a9fb4bb1f4 100644 --- a/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl +++ b/apex/blobstore/framework/java/android/app/blob/IBlobStoreManager.aidl @@ -25,13 +25,12 @@ import android.os.RemoteCallback; interface IBlobStoreManager { long createSession(in BlobHandle handle, in String packageName); IBlobStoreSession openSession(long sessionId, in String packageName); - ParcelFileDescriptor openBlob(in BlobHandle handle, in String packageName, - in String attributionTag); + ParcelFileDescriptor openBlob(in BlobHandle handle, in String packageName); void abandonSession(long sessionId, in String packageName); void acquireLease(in BlobHandle handle, int descriptionResId, in CharSequence description, - long leaseTimeoutMillis, in String packageName, in String attributionTag); - void releaseLease(in BlobHandle handle, in String packageName, in String attributionTag); + long leaseTimeoutMillis, in String packageName); + void releaseLease(in BlobHandle handle, in String packageName); long getRemainingLeaseQuotaBytes(String packageName); void waitForIdle(in RemoteCallback callback); @@ -40,6 +39,5 @@ interface IBlobStoreManager { void deleteBlob(long blobId); List<BlobHandle> getLeasedBlobs(in String packageName); - LeaseInfo getLeaseInfo(in BlobHandle blobHandle, in String packageName, - in String attributionTag); + LeaseInfo getLeaseInfo(in BlobHandle blobHandle, in String packageName); }
\ No newline at end of file diff --git a/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl b/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl index e3ccfb8d91c1..4035b96938d9 100644 --- a/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl +++ b/apex/blobstore/framework/java/android/app/blob/IBlobStoreSession.aidl @@ -26,12 +26,10 @@ interface IBlobStoreSession { void allowPackageAccess(in String packageName, in byte[] certificate); void allowSameSignatureAccess(); void allowPublicAccess(); - void allowPackagesWithLocationPermission(in String permissionName); boolean isPackageAccessAllowed(in String packageName, in byte[] certificate); boolean isSameSignatureAccessAllowed(); boolean isPublicAccessAllowed(); - boolean arePackagesWithLocationPermissionAllowed(in String permissionName); long getSize(); void close(); diff --git a/apex/blobstore/framework/java/android/app/blob/XmlTags.java b/apex/blobstore/framework/java/android/app/blob/XmlTags.java index 6e4b2f79cadb..bfc582623439 100644 --- a/apex/blobstore/framework/java/android/app/blob/XmlTags.java +++ b/apex/blobstore/framework/java/android/app/blob/XmlTags.java @@ -38,7 +38,6 @@ public final class XmlTags { public static final String ATTR_TYPE = "t"; public static final String TAG_ALLOWED_PACKAGE = "wl"; public static final String ATTR_CERTIFICATE = "ct"; - public static final String TAG_ALLOWED_PERMISSION = "ap"; // For BlobHandle public static final String TAG_BLOB_HANDLE = "bh"; @@ -56,7 +55,4 @@ public final class XmlTags { public static final String TAG_LEASEE = "l"; public static final String ATTR_DESCRIPTION_RES_NAME = "rn"; public static final String ATTR_DESCRIPTION = "d"; - - // Generic - public static final String ATTR_VALUE = "val"; } diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java index 09260b775444..0d17bbc7bbff 100644 --- a/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java +++ b/apex/blobstore/service/java/com/android/server/blob/BlobAccessMode.java @@ -15,30 +15,19 @@ */ package com.android.server.blob; -import static android.Manifest.permission.ACCESS_COARSE_LOCATION; -import static android.Manifest.permission.ACCESS_FINE_LOCATION; import static android.app.blob.XmlTags.ATTR_CERTIFICATE; import static android.app.blob.XmlTags.ATTR_PACKAGE; import static android.app.blob.XmlTags.ATTR_TYPE; -import static android.app.blob.XmlTags.ATTR_VALUE; import static android.app.blob.XmlTags.TAG_ALLOWED_PACKAGE; -import static android.app.blob.XmlTags.TAG_ALLOWED_PERMISSION; - -import static com.android.server.blob.BlobStoreConfig.TAG; import android.annotation.IntDef; import android.annotation.NonNull; -import android.annotation.Nullable; -import android.app.AppOpsManager; import android.content.Context; import android.content.pm.PackageManager; -import android.os.UserHandle; -import android.permission.PermissionManager; import android.util.ArraySet; import android.util.Base64; import android.util.DebugUtils; import android.util.IndentingPrintWriter; -import android.util.Slog; import com.android.internal.util.XmlUtils; @@ -64,27 +53,21 @@ class BlobAccessMode { ACCESS_TYPE_PUBLIC, ACCESS_TYPE_SAME_SIGNATURE, ACCESS_TYPE_ALLOWLIST, - ACCESS_TYPE_LOCATION_PERMISSION, }) @interface AccessType {} public static final int ACCESS_TYPE_PRIVATE = 1 << 0; public static final int ACCESS_TYPE_PUBLIC = 1 << 1; public static final int ACCESS_TYPE_SAME_SIGNATURE = 1 << 2; public static final int ACCESS_TYPE_ALLOWLIST = 1 << 3; - public static final int ACCESS_TYPE_LOCATION_PERMISSION = 1 << 4; private int mAccessType = ACCESS_TYPE_PRIVATE; private final ArraySet<PackageIdentifier> mAllowedPackages = new ArraySet<>(); - private final ArraySet<String> mAllowedPermissions = new ArraySet<>(); void allow(BlobAccessMode other) { if ((other.mAccessType & ACCESS_TYPE_ALLOWLIST) != 0) { mAllowedPackages.addAll(other.mAllowedPackages); } - if ((other.mAccessType & ACCESS_TYPE_LOCATION_PERMISSION) != 0) { - mAllowedPermissions.addAll(other.mAllowedPermissions); - } mAccessType |= other.mAccessType; } @@ -101,11 +84,6 @@ class BlobAccessMode { mAllowedPackages.add(PackageIdentifier.create(packageName, certificate)); } - void allowPackagesWithLocationPermission(@NonNull String permissionName) { - mAccessType |= ACCESS_TYPE_LOCATION_PERMISSION; - mAllowedPermissions.add(permissionName); - } - boolean isPublicAccessAllowed() { return (mAccessType & ACCESS_TYPE_PUBLIC) != 0; } @@ -121,15 +99,8 @@ class BlobAccessMode { return mAllowedPackages.contains(PackageIdentifier.create(packageName, certificate)); } - boolean arePackagesWithLocationPermissionAllowed(@NonNull String permissionName) { - if ((mAccessType & ACCESS_TYPE_LOCATION_PERMISSION) == 0) { - return false; - } - return mAllowedPermissions.contains(permissionName); - } - - boolean isAccessAllowedForCaller(Context context, @NonNull String callingPackage, - @NonNull String committerPackage, int callingUid, @Nullable String attributionTag) { + boolean isAccessAllowedForCaller(Context context, + @NonNull String callingPackage, @NonNull String committerPackage) { if ((mAccessType & ACCESS_TYPE_PUBLIC) != 0) { return true; } @@ -153,37 +124,9 @@ class BlobAccessMode { } } - if ((mAccessType & ACCESS_TYPE_LOCATION_PERMISSION) != 0) { - final AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class); - for (int i = 0; i < mAllowedPermissions.size(); ++i) { - final String permission = mAllowedPermissions.valueAt(i); - if (PermissionManager.checkPackageNamePermission(permission, callingPackage, - UserHandle.getUserId(callingUid)) != PackageManager.PERMISSION_GRANTED) { - continue; - } - // TODO: Add appropriate message - if (appOpsManager.noteOpNoThrow(getAppOp(permission), callingUid, callingPackage, - attributionTag, null /* message */) == AppOpsManager.MODE_ALLOWED) { - return true; - } - } - } - return false; } - private static String getAppOp(String permission) { - switch (permission) { - case ACCESS_FINE_LOCATION: - return AppOpsManager.OPSTR_FINE_LOCATION; - case ACCESS_COARSE_LOCATION: - return AppOpsManager.OPSTR_COARSE_LOCATION; - default: - Slog.w(TAG, "Unknown permission found: " + permission); - return null; - } - } - int getAccessType() { return mAccessType; } @@ -205,16 +148,6 @@ class BlobAccessMode { } fout.decreaseIndent(); } - fout.print("Allowed permissions:"); - if (mAllowedPermissions.isEmpty()) { - fout.println(" (Empty)"); - } else { - fout.increaseIndent(); - for (int i = 0, count = mAllowedPermissions.size(); i < count; ++i) { - fout.println(mAllowedPermissions.valueAt(i).toString()); - } - fout.decreaseIndent(); - } } void writeToXml(@NonNull XmlSerializer out) throws IOException { @@ -226,12 +159,6 @@ class BlobAccessMode { XmlUtils.writeByteArrayAttribute(out, ATTR_CERTIFICATE, packageIdentifier.certificate); out.endTag(null, TAG_ALLOWED_PACKAGE); } - for (int i = 0, count = mAllowedPermissions.size(); i < count; ++i) { - out.startTag(null, TAG_ALLOWED_PERMISSION); - final String permission = mAllowedPermissions.valueAt(i); - XmlUtils.writeStringAttribute(out, ATTR_VALUE, permission); - out.endTag(null, TAG_ALLOWED_PERMISSION); - } } @NonNull @@ -249,10 +176,6 @@ class BlobAccessMode { final byte[] certificate = XmlUtils.readByteArrayAttribute(in, ATTR_CERTIFICATE); blobAccessMode.allowPackageAccess(packageName, certificate); } - if (TAG_ALLOWED_PERMISSION.equals(in.getName())) { - final String permission = XmlUtils.readStringAttribute(in, ATTR_VALUE); - blobAccessMode.allowPackagesWithLocationPermission(permission); - } } return blobAccessMode; } diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java b/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java index e47715685323..e116c8189f91 100644 --- a/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java +++ b/apex/blobstore/service/java/com/android/server/blob/BlobMetadata.java @@ -263,8 +263,7 @@ class BlobMetadata { return getBlobFile().length(); } - boolean isAccessAllowedForCaller(@NonNull String callingPackage, int callingUid, - @Nullable String attributionTag) { + boolean isAccessAllowedForCaller(@NonNull String callingPackage, int callingUid) { // Don't allow the blob to be accessed after it's expiry time has passed. if (getBlobHandle().isExpired()) { return false; @@ -293,7 +292,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, - callingPackage, committer.packageName, callingUid, attributionTag)) { + callingPackage, committer.packageName)) { return true; } } @@ -316,7 +315,7 @@ class BlobMetadata { // Check if the caller is allowed access as per the access mode specified // by the committer. if (committer.blobAccessMode.isAccessAllowedForCaller(mContext, - callingPackage, committer.packageName, callingUid, attributionTag)) { + callingPackage, committer.packageName)) { return true; } } diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java b/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java index cc5e31a91123..9a77aaa3c695 100644 --- a/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java +++ b/apex/blobstore/service/java/com/android/server/blob/BlobStoreManagerService.java @@ -396,11 +396,11 @@ public class BlobStoreManagerService extends SystemService { } private ParcelFileDescriptor openBlobInternal(BlobHandle blobHandle, int callingUid, - String callingPackage, String attributionTag) throws IOException { + String callingPackage) throws IOException { synchronized (mBlobsLock) { final BlobMetadata blobMetadata = mBlobsMap.get(blobHandle); if (blobMetadata == null || !blobMetadata.isAccessAllowedForCaller( - callingPackage, callingUid, attributionTag)) { + callingPackage, callingUid)) { if (blobMetadata == null) { FrameworkStatsLog.write(FrameworkStatsLog.BLOB_OPENED, callingUid, INVALID_BLOB_ID, INVALID_BLOB_SIZE, @@ -448,7 +448,7 @@ public class BlobStoreManagerService extends SystemService { private void acquireLeaseInternal(BlobHandle blobHandle, int descriptionResId, CharSequence description, long leaseExpiryTimeMillis, - int callingUid, String callingPackage, String attributionTag) { + int callingUid, String callingPackage) { synchronized (mBlobsLock) { final int leasesCount = getLeasedBlobsCountLocked(callingUid, callingPackage); if (leasesCount >= getMaxLeasedBlobs()) { @@ -469,7 +469,7 @@ public class BlobStoreManagerService extends SystemService { final BlobMetadata blobMetadata = mBlobsMap.get(blobHandle); if (blobMetadata == null || !blobMetadata.isAccessAllowedForCaller( - callingPackage, callingUid, attributionTag)) { + callingPackage, callingUid)) { if (blobMetadata == null) { FrameworkStatsLog.write(FrameworkStatsLog.BLOB_LEASED, callingUid, INVALID_BLOB_ID, INVALID_BLOB_SIZE, @@ -520,11 +520,11 @@ public class BlobStoreManagerService extends SystemService { } private void releaseLeaseInternal(BlobHandle blobHandle, int callingUid, - String callingPackage, String attributionTag) { + String callingPackage) { synchronized (mBlobsLock) { final BlobMetadata blobMetadata = mBlobsMap.get(blobHandle); if (blobMetadata == null || !blobMetadata.isAccessAllowedForCaller( - callingPackage, callingUid, attributionTag)) { + callingPackage, callingUid)) { throw new SecurityException("Caller not allowed to access " + blobHandle + "; callingUid=" + callingUid + ", callingPackage=" + callingPackage); } @@ -631,11 +631,11 @@ public class BlobStoreManagerService extends SystemService { } private LeaseInfo getLeaseInfoInternal(BlobHandle blobHandle, - int callingUid, @NonNull String callingPackage, String attributionTag) { + int callingUid, @NonNull String callingPackage) { synchronized (mBlobsLock) { final BlobMetadata blobMetadata = mBlobsMap.get(blobHandle); if (blobMetadata == null || !blobMetadata.isAccessAllowedForCaller( - callingPackage, callingUid, attributionTag)) { + callingPackage, callingUid)) { throw new SecurityException("Caller not allowed to access " + blobHandle + "; callingUid=" + callingUid + ", callingPackage=" + callingPackage); } @@ -1458,7 +1458,7 @@ public class BlobStoreManagerService extends SystemService { @Override public ParcelFileDescriptor openBlob(@NonNull BlobHandle blobHandle, - @NonNull String packageName, @Nullable String attributionTag) { + @NonNull String packageName) { Objects.requireNonNull(blobHandle, "blobHandle must not be null"); blobHandle.assertIsValid(); Objects.requireNonNull(packageName, "packageName must not be null"); @@ -1473,7 +1473,7 @@ public class BlobStoreManagerService extends SystemService { } try { - return openBlobInternal(blobHandle, callingUid, packageName, attributionTag); + return openBlobInternal(blobHandle, callingUid, packageName); } catch (IOException e) { throw ExceptionUtils.wrap(e); } @@ -1482,8 +1482,7 @@ public class BlobStoreManagerService extends SystemService { @Override public void acquireLease(@NonNull BlobHandle blobHandle, @IdRes int descriptionResId, @Nullable CharSequence description, - @CurrentTimeSecondsLong long leaseExpiryTimeMillis, @NonNull String packageName, - @Nullable String attributionTag) { + @CurrentTimeSecondsLong long leaseExpiryTimeMillis, @NonNull String packageName) { Objects.requireNonNull(blobHandle, "blobHandle must not be null"); blobHandle.assertIsValid(); Preconditions.checkArgument( @@ -1507,7 +1506,7 @@ public class BlobStoreManagerService extends SystemService { try { acquireLeaseInternal(blobHandle, descriptionResId, description, - leaseExpiryTimeMillis, callingUid, packageName, attributionTag); + leaseExpiryTimeMillis, callingUid, packageName); } catch (Resources.NotFoundException e) { throw new IllegalArgumentException(e); } catch (LimitExceededException e) { @@ -1516,8 +1515,7 @@ public class BlobStoreManagerService extends SystemService { } @Override - public void releaseLease(@NonNull BlobHandle blobHandle, @NonNull String packageName, - @Nullable String attributionTag) { + public void releaseLease(@NonNull BlobHandle blobHandle, @NonNull String packageName) { Objects.requireNonNull(blobHandle, "blobHandle must not be null"); blobHandle.assertIsValid(); Objects.requireNonNull(packageName, "packageName must not be null"); @@ -1531,7 +1529,7 @@ public class BlobStoreManagerService extends SystemService { + "callingUid=" + callingUid + ", callingPackage=" + packageName); } - releaseLeaseInternal(blobHandle, callingUid, packageName, attributionTag); + releaseLeaseInternal(blobHandle, callingUid, packageName); } @Override @@ -1601,8 +1599,7 @@ public class BlobStoreManagerService extends SystemService { @Override @Nullable - public LeaseInfo getLeaseInfo(@NonNull BlobHandle blobHandle, @NonNull String packageName, - @Nullable String attributionTag) { + public LeaseInfo getLeaseInfo(@NonNull BlobHandle blobHandle, @NonNull String packageName) { Objects.requireNonNull(blobHandle, "blobHandle must not be null"); blobHandle.assertIsValid(); Objects.requireNonNull(packageName, "packageName must not be null"); @@ -1616,7 +1613,7 @@ public class BlobStoreManagerService extends SystemService { + "callingUid=" + callingUid + ", callingPackage=" + packageName); } - return getLeaseInfoInternal(blobHandle, callingUid, packageName, attributionTag); + return getLeaseInfoInternal(blobHandle, callingUid, packageName); } @Override diff --git a/apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java b/apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java index 3f0032fe537e..8eef8cebec3f 100644 --- a/apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java +++ b/apex/blobstore/service/java/com/android/server/blob/BlobStoreSession.java @@ -15,8 +15,6 @@ */ package com.android.server.blob; -import static android.Manifest.permission.ACCESS_COARSE_LOCATION; -import static android.Manifest.permission.ACCESS_FINE_LOCATION; import static android.app.blob.BlobStoreManager.COMMIT_RESULT_ERROR; import static android.app.blob.XmlTags.ATTR_CREATION_TIME_MS; import static android.app.blob.XmlTags.ATTR_ID; @@ -368,21 +366,6 @@ class BlobStoreSession extends IBlobStoreSession.Stub { } @Override - public void allowPackagesWithLocationPermission(@NonNull String permissionName) { - assertCallerIsOwner(); - Preconditions.checkArgument(ACCESS_FINE_LOCATION.equals(permissionName) - || ACCESS_COARSE_LOCATION.equals(permissionName), - "permissionName is unknown: " + permissionName); - synchronized (mSessionLock) { - if (mState != STATE_OPENED) { - throw new IllegalStateException("Not allowed to change access type in state: " - + stateToString(mState)); - } - mBlobAccessMode.allowPackagesWithLocationPermission(permissionName); - } - } - - @Override public boolean isPackageAccessAllowed(@NonNull String packageName, @NonNull byte[] certificate) { assertCallerIsOwner(); @@ -423,21 +406,6 @@ class BlobStoreSession extends IBlobStoreSession.Stub { } @Override - public boolean arePackagesWithLocationPermissionAllowed(@NonNull String permissionName) { - assertCallerIsOwner(); - Preconditions.checkArgument(ACCESS_FINE_LOCATION.equals(permissionName) - || ACCESS_COARSE_LOCATION.equals(permissionName), - "permissionName is unknown: " + permissionName); - synchronized (mSessionLock) { - if (mState != STATE_OPENED) { - throw new IllegalStateException("Not allowed to change access type in state: " - + stateToString(mState)); - } - return mBlobAccessMode.arePackagesWithLocationPermissionAllowed(permissionName); - } - } - - @Override public void close() { closeSession(STATE_CLOSED, false /* sendCallback */); } |