Merge "Update BlobStoreMS to augment storage stats with blobs data."

author: Sudheer Shanka <sudheersai@google.com> 2020-02-21 19:28:09 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-02-21 19:28:09 +0000
commit: 77f2a2c3ddc0d689cd35e958500fb6b3b8d75dd0 (patch)
tree: 8f90ee343018ae93da539c791dd7a1aa7eb38e51 /services/usage
parent: 9aa778f56d1c1362b1fad181041b612ca64670bc (diff)
parent: e9232d6d6fc6d5b4b32b3b0c708dc548f88acc45 (diff)
2 files changed, 42 insertions, 22 deletions
diff --git a/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java b/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java
index a5325482605d..47760efe2709 100644
--- a/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java
+++ b/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java
@@ -34,11 +34,9 @@ public abstract class StorageStatsManagerInternal {
     public interface StorageStatsAugmenter {
         void augmentStatsForPackage(@NonNull PackageStats stats,
                 @NonNull String packageName, @UserIdInt int userId,
-                @NonNull String callingPackage);
+                boolean callerHasStatsPermission);
         void augmentStatsForUid(@NonNull PackageStats stats, int uid,
-                @NonNull String callingPackage);
-        void augmentStatsForUser(@NonNull PackageStats stats, @UserIdInt int userId,
-                @NonNull String callingPackage);
+                boolean callerHasStatsPermission);
     }
 
     /**
diff --git a/services/usage/java/com/android/server/usage/StorageStatsService.java b/services/usage/java/com/android/server/usage/StorageStatsService.java
index c3d3d83f02fa..52b0afb56b3c 100644
--- a/services/usage/java/com/android/server/usage/StorageStatsService.java
+++ b/services/usage/java/com/android/server/usage/StorageStatsService.java
@@ -16,10 +16,13 @@
 
 package com.android.server.usage;
 
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
 import static com.android.internal.util.ArrayUtils.defeatNullable;
 import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;
 import static com.android.server.usage.StorageStatsManagerInternal.StorageStatsAugmenter;
 
+import android.Manifest;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.UserIdInt;
@@ -161,18 +164,33 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
     }
 
     private void enforceStatsPermission(int callingUid, String callingPackage) {
-        final int mode = mAppOps.noteOp(AppOpsManager.OP_GET_USAGE_STATS,
-                callingUid, callingPackage);
+        final String errMsg = checkStatsPermission(callingUid, callingPackage, true);
+        if (errMsg != null) {
+            throw new SecurityException(errMsg);
+        }
+    }
+
+    private String checkStatsPermission(int callingUid, String callingPackage, boolean noteOp) {
+        final int mode;
+        if (noteOp) {
+            mode = mAppOps.noteOp(AppOpsManager.OP_GET_USAGE_STATS, callingUid, callingPackage);
+        } else {
+            mode = mAppOps.checkOp(AppOpsManager.OP_GET_USAGE_STATS, callingUid, callingPackage);
+        }
         switch (mode) {
             case AppOpsManager.MODE_ALLOWED:
-                return;
+                return null;
             case AppOpsManager.MODE_DEFAULT:
-                mContext.enforceCallingOrSelfPermission(
-                        android.Manifest.permission.PACKAGE_USAGE_STATS, TAG);
-                return;
+                if (mContext.checkCallingOrSelfPermission(
+                        Manifest.permission.PACKAGE_USAGE_STATS) == PERMISSION_GRANTED) {
+                    return null;
+                } else {
+                    return "Caller does not have " + Manifest.permission.PACKAGE_USAGE_STATS
+                            + "; callingPackage=" + callingPackage + ", callingUid=" + callingUid;
+                }
             default:
-                throw new SecurityException("Package " + callingPackage + " from UID " + callingUid
-                        + " blocked by mode " + mode);
+                return "Package " + callingPackage + " from UID " + callingUid
+                        + " blocked by mode " + mode;
         }
     }
 
@@ -281,10 +299,15 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
             throw new ParcelableException(e);
         }
 
+        final boolean callerHasStatsPermission;
         if (Binder.getCallingUid() == appInfo.uid) {
-            // No permissions required when asking about themselves
+            // No permissions required when asking about themselves. We still check since it is
+            // needed later on but don't throw if caller doesn't have the permission.
+            callerHasStatsPermission = checkStatsPermission(
+                    Binder.getCallingUid(), callingPackage, false) == null;
         } else {
             enforceStatsPermission(Binder.getCallingUid(), callingPackage);
+            callerHasStatsPermission = true;
         }
 
         if (defeatNullable(mPackage.getPackagesForUid(appInfo.uid)).length == 1) {
@@ -314,7 +337,7 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
             if (volumeUuid == StorageManager.UUID_PRIVATE_INTERNAL) {
                 forEachStorageStatsAugmenter((storageStatsAugmenter) -> {
                     storageStatsAugmenter.augmentStatsForPackage(stats,
-                            packageName, userId, callingPackage);
+                            packageName, userId, callerHasStatsPermission);
                 }, "queryStatsForPackage");
             }
             return translate(stats);
@@ -331,10 +354,15 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
                     android.Manifest.permission.INTERACT_ACROSS_USERS, TAG);
         }
 
+        final boolean callerHasStatsPermission;
         if (Binder.getCallingUid() == uid) {
-            // No permissions required when asking about themselves
+            // No permissions required when asking about themselves. We still check since it is
+            // needed later on but don't throw if caller doesn't have the permission.
+            callerHasStatsPermission = checkStatsPermission(
+                    Binder.getCallingUid(), callingPackage, false) == null;
         } else {
             enforceStatsPermission(Binder.getCallingUid(), callingPackage);
+            callerHasStatsPermission = true;
         }
 
         final String[] packageNames = defeatNullable(mPackage.getPackagesForUid(uid));
@@ -373,7 +401,7 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
 
         if (volumeUuid == StorageManager.UUID_PRIVATE_INTERNAL) {
             forEachStorageStatsAugmenter((storageStatsAugmenter) -> {
-                storageStatsAugmenter.augmentStatsForUid(stats, uid, callingPackage);
+                storageStatsAugmenter.augmentStatsForUid(stats, uid, callerHasStatsPermission);
             }, "queryStatsForUid");
         }
         return translate(stats);
@@ -402,12 +430,6 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
         } catch (InstallerException e) {
             throw new ParcelableException(new IOException(e.getMessage()));
         }
-
-        if (volumeUuid == StorageManager.UUID_PRIVATE_INTERNAL) {
-            forEachStorageStatsAugmenter((storageStatsAugmenter) -> {
-                storageStatsAugmenter.augmentStatsForUser(stats, userId, callingPackage);
-            }, "queryStatsForUser");
-        }
         return translate(stats);
     }
author	Sudheer Shanka <sudheersai@google.com>	2020-02-21 19:28:09 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-02-21 19:28:09 +0000
commit	77f2a2c3ddc0d689cd35e958500fb6b3b8d75dd0 (patch)
tree	8f90ee343018ae93da539c791dd7a1aa7eb38e51 /services/usage
parent	9aa778f56d1c1362b1fad181041b612ca64670bc (diff)
parent	e9232d6d6fc6d5b4b32b3b0c708dc548f88acc45 (diff)