Update PermissionChecker usages to avoid unnecessary attribution.

We had accidental usages of the PermissionChecker for cases where no private data was provided to the app but the checkPermission API on the latter also did blame data access on the app. The PermissionChecker was designed to handle IPC calls and not for generic API checks. To avoid future accidental incorrect PermissionChecker usages this change renames the existing APIs of the latter to clearly indicate that they should be used for data delivery and also adds sibling methods for doing the same permission checks for preflight purposes. Also the documentation is improved to furhter assist developers. In addition, this change fixes accidental permission checker usages that blame when they should not by using the new preflight flavor of the permission check APIs. Test: atest com.android.settingslib.location.RecentLocationAppsTest atest CtsPermissionTestCases added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled added: LocationAccessCheckTest#noNotificationIfFeatureDisabled added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess bug:141028068 Merged-In: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e (cherry picked from commit 7fe065eb660cfe8ae54f8cd1e1e615f47d7b311c)
author: Svet Ganov <svetoslavganov@google.com> 2019-09-23 21:32:08 -0700
committer: android-build-team Robot <android-build-team-robot@google.com> 2019-10-11 02:34:48 +0000
commit: 1ba03516d7a64bf1e2394de2ffe4db9c086f81de (patch)
tree: d12cfa40f4b33c92e6e3a73c950efc2a9fc6285d /core/java/android/speech
parent: dedeee88f4c5f2f8c646a73f0dd09e277bdb1dcd (diff)
1 files changed, 17 insertions, 7 deletions
diff --git a/core/java/android/speech/RecognitionService.java b/core/java/android/speech/RecognitionService.java
index 70dfef574ca5..fb13c1f5dde3 100644
--- a/core/java/android/speech/RecognitionService.java
+++ b/core/java/android/speech/RecognitionService.java
@@ -170,13 +170,23 @@ public abstract class RecognitionService extends Service {
      * Checks whether the caller has sufficient permissions
      * 
      * @param listener to send the error message to in case of error
+     * @param forDataDelivery If the permission check is for delivering the sensitive data.
      * @return {@code true} if the caller has enough permissions, {@code false} otherwise
      */
-    private boolean checkPermissions(IRecognitionListener listener) {
+    private boolean checkPermissions(IRecognitionListener listener, boolean forDataDelivery) {
         if (DBG) Log.d(TAG, "checkPermissions");
-        if (PermissionChecker.checkCallingOrSelfPermission(this,
-                android.Manifest.permission.RECORD_AUDIO) == PermissionChecker.PERMISSION_GRANTED) {
-            return true;
+        if (forDataDelivery) {
+            if (PermissionChecker.checkCallingOrSelfPermissionForDataDelivery(this,
+                    android.Manifest.permission.RECORD_AUDIO)
+                             == PermissionChecker.PERMISSION_GRANTED) {
+                return true;
+            }
+        } else {
+            if (PermissionChecker.checkCallingOrSelfPermissionForPreflight(this,
+                    android.Manifest.permission.RECORD_AUDIO)
+                            == PermissionChecker.PERMISSION_GRANTED) {
+                return true;
+            }
         }
         try {
             Log.e(TAG, "call for recognition service without RECORD_AUDIO permissions");
@@ -342,7 +352,7 @@ public abstract class RecognitionService extends Service {
         public void startListening(Intent recognizerIntent, IRecognitionListener listener) {
             if (DBG) Log.d(TAG, "startListening called by:" + listener.asBinder());
             final RecognitionService service = mServiceRef.get();
-            if (service != null && service.checkPermissions(listener)) {
+            if (service != null && service.checkPermissions(listener, true /*forDataDelivery*/)) {
                 service.mHandler.sendMessage(Message.obtain(service.mHandler,
                         MSG_START_LISTENING, service.new StartListeningArgs(
                                 recognizerIntent, listener, Binder.getCallingUid())));
@@ -353,7 +363,7 @@ public abstract class RecognitionService extends Service {
         public void stopListening(IRecognitionListener listener) {
             if (DBG) Log.d(TAG, "stopListening called by:" + listener.asBinder());
             final RecognitionService service = mServiceRef.get();
-            if (service != null && service.checkPermissions(listener)) {
+            if (service != null && service.checkPermissions(listener, false /*forDataDelivery*/)) {
                 service.mHandler.sendMessage(Message.obtain(service.mHandler,
                         MSG_STOP_LISTENING, listener));
             }
@@ -363,7 +373,7 @@ public abstract class RecognitionService extends Service {
         public void cancel(IRecognitionListener listener) {
             if (DBG) Log.d(TAG, "cancel called by:" + listener.asBinder());
             final RecognitionService service = mServiceRef.get();
-            if (service != null && service.checkPermissions(listener)) {
+            if (service != null && service.checkPermissions(listener, false /*forDataDelivery*/)) {
                 service.mHandler.sendMessage(Message.obtain(service.mHandler,
                         MSG_CANCEL, listener));
             }
author	Svet Ganov <svetoslavganov@google.com>	2019-09-23 21:32:08 -0700
committer	android-build-team Robot <android-build-team-robot@google.com>	2019-10-11 02:34:48 +0000
commit	1ba03516d7a64bf1e2394de2ffe4db9c086f81de (patch)
tree	d12cfa40f4b33c92e6e3a73c950efc2a9fc6285d /core/java/android/speech
parent	dedeee88f4c5f2f8c646a73f0dd09e277bdb1dcd (diff)