From 3fd25f895ed738891f020c60246bbaeaae7fdf1c Mon Sep 17 00:00:00 2001
From: Eugene Susla <eugenesusla@google.com>
Date: Thu, 22 Feb 2018 10:39:34 -0800
Subject: [PATCH] [DO NOT MERGE] Copy PermissionChecker from support lib and
 use in RcognitionService

Fixes: 73511076, 73311729
Test: presubmit
Change-Id: Ie98f67ffee4744050ac85d8b229370a16a76a194
(cherry picked from commit 726b51a26e9a54b7352aad90ed15edccc44dd60d)
(cherry picked from commit 5a28e533fe8865ed371b5c0fd909a4ec89f63633)
---
 core/java/android/content/PermissionChecker.java | 173 +++++++++++++++++++++++
 core/java/android/speech/RecognitionService.java |   6 +-
 2 files changed, 176 insertions(+), 3 deletions(-)
 create mode 100644 core/java/android/content/PermissionChecker.java

diff --git a/core/java/android/content/PermissionChecker.java b/core/java/android/content/PermissionChecker.java
new file mode 100644
index 000000000000..9f5c877e7081
--- /dev/null
+++ b/core/java/android/content/PermissionChecker.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.content;
+
+import android.annotation.IntDef;
+import android.annotation.NonNull;
+import android.annotation.Nullable;
+import android.app.AppOpsManager;
+import android.content.pm.PackageManager;
+import android.os.Binder;
+import android.os.Process;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+/**
+ * This class provides permission check APIs that verify both the
+ * permission and the associated app op for this permission if
+ * such is defined.
+ * <p>
+ * In the new permission model permissions with protection level
+ * dangerous are runtime permissions. For apps targeting {@link android.os.Build.VERSION_CODES#M}
+ * and above the user may not grant such permissions or revoke
+ * them at any time. For apps targeting API lower than {@link android.os.Build.VERSION_CODES#M}
+ * these permissions are always granted as such apps do not expect
+ * permission revocations and would crash. Therefore, when the
+ * user disables a permission for a legacy app in the UI the
+ * platform disables the APIs guarded by this permission making
+ * them a no-op which is doing nothing or returning an empty
+ * result or default error.
+ * </p>
+ * <p>
+ * It is important that when you perform an operation on behalf of
+ * another app you use these APIs to check for permissions as the
+ * app may be a legacy app that does not participate in the new
+ * permission model for which the user had disabled the "permission"
+ * which is achieved by disallowing the corresponding app op.
+ * </p>
+ *
+ * @hide
+ */
+public final class PermissionChecker {
+    /** Permission result: The permission is granted. */
+    public static final int PERMISSION_GRANTED =  PackageManager.PERMISSION_GRANTED;
+
+    /** Permission result: The permission is denied. */
+    public static final int PERMISSION_DENIED =  PackageManager.PERMISSION_DENIED;
+
+    /** Permission result: The permission is denied because the app op is not allowed. */
+    public static final int PERMISSION_DENIED_APP_OP =  PackageManager.PERMISSION_DENIED  - 1;
+
+    /** @hide */
+    @IntDef({PERMISSION_GRANTED,
+            PERMISSION_DENIED,
+            PERMISSION_DENIED_APP_OP})
+    @Retention(RetentionPolicy.SOURCE)
+    public @interface PermissionResult {}
+
+    private PermissionChecker() {
+        /* do nothing */
+    }
+
+    /**
+     * Checks whether a given package in a UID and PID has a given permission
+     * and whether the app op that corresponds to this permission is allowed.
+     *
+     * @param context Context for accessing resources.
+     * @param permission The permission to check.
+     * @param pid The process id for which to check.
+     * @param uid The uid for which to check.
+     * @param packageName The package name for which to check. If null the
+     *     the first package for the calling UID will be used.
+     * @return The permission check result which is either {@link #PERMISSION_GRANTED}
+     *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
+     */
+    @PermissionResult
+    public static int checkPermission(@NonNull Context context, @NonNull String permission,
+            int pid, int uid, @Nullable String packageName) {
+        if (context.checkPermission(permission, pid, uid) == PackageManager.PERMISSION_DENIED) {
+            return PERMISSION_DENIED;
+        }
+
+        AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);
+        String op = appOpsManager.permissionToOp(permission);
+        if (op == null) {
+            return PERMISSION_GRANTED;
+        }
+
+        if (packageName == null) {
+            String[] packageNames = context.getPackageManager().getPackagesForUid(uid);
+            if (packageNames == null || packageNames.length <= 0) {
+                return PERMISSION_DENIED;
+            }
+            packageName = packageNames[0];
+        }
+
+        if (appOpsManager.noteProxyOpNoThrow(op, packageName)
+                != AppOpsManager.MODE_ALLOWED) {
+            return PERMISSION_DENIED_APP_OP;
+        }
+
+        return PERMISSION_GRANTED;
+    }
+
+    /**
+     * Checks whether your app has a given permission and whether the app op
+     * that corresponds to this permission is allowed.
+     *
+     * @param context Context for accessing resources.
+     * @param permission The permission to check.
+     * @return The permission check result which is either {@link #PERMISSION_GRANTED}
+     *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
+     */
+    @PermissionResult
+    public static int checkSelfPermission(@NonNull Context context,
+            @NonNull String permission) {
+        return checkPermission(context, permission, Process.myPid(),
+                Process.myUid(), context.getPackageName());
+    }
+
+    /**
+     * Checks whether the IPC you are handling has a given permission and whether
+     * the app op that corresponds to this permission is allowed.
+     *
+     * @param context Context for accessing resources.
+     * @param permission The permission to check.
+     * @param packageName The package name making the IPC. If null the
+     *     the first package for the calling UID will be used.
+     * @return The permission check result which is either {@link #PERMISSION_GRANTED}
+     *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
+     */
+    @PermissionResult
+    public static int checkCallingPermission(@NonNull Context context,
+            @NonNull String permission, @Nullable String packageName) {
+        if (Binder.getCallingPid() == Process.myPid()) {
+            return PERMISSION_DENIED;
+        }
+        return checkPermission(context, permission, Binder.getCallingPid(),
+                Binder.getCallingUid(), packageName);
+    }
+
+    /**
+     * Checks whether the IPC you are handling or your app has a given permission
+     * and whether the app op that corresponds to this permission is allowed.
+     *
+     * @param context Context for accessing resources.
+     * @param permission The permission to check.
+     * @return The permission check result which is either {@link #PERMISSION_GRANTED}
+     *     or {@link #PERMISSION_DENIED} or {@link #PERMISSION_DENIED_APP_OP}.
+     */
+    @PermissionResult
+    public static int checkCallingOrSelfPermission(@NonNull Context context,
+            @NonNull String permission) {
+        String packageName = (Binder.getCallingPid() == Process.myPid())
+                ? context.getPackageName() : null;
+        return checkPermission(context, permission, Binder.getCallingPid(),
+                Binder.getCallingUid(), packageName);
+    }
+}
diff --git a/core/java/android/speech/RecognitionService.java b/core/java/android/speech/RecognitionService.java
index 674f809ef0f5..70dfef574ca5 100644
--- a/core/java/android/speech/RecognitionService.java
+++ b/core/java/android/speech/RecognitionService.java
@@ -20,7 +20,7 @@ import android.annotation.SdkConstant;
 import android.annotation.SdkConstant.SdkConstantType;
 import android.app.Service;
 import android.content.Intent;
-import android.content.pm.PackageManager;
+import android.content.PermissionChecker;
 import android.os.Binder;
 import android.os.Bundle;
 import android.os.Handler;
@@ -174,8 +174,8 @@ public abstract class RecognitionService extends Service {
      */
     private boolean checkPermissions(IRecognitionListener listener) {
         if (DBG) Log.d(TAG, "checkPermissions");
-        if (RecognitionService.this.checkCallingOrSelfPermission(android.Manifest.permission.
-                RECORD_AUDIO) == PackageManager.PERMISSION_GRANTED) {
+        if (PermissionChecker.checkCallingOrSelfPermission(this,
+                android.Manifest.permission.RECORD_AUDIO) == PermissionChecker.PERMISSION_GRANTED) {
             return true;
         }
         try {
-- 
2.11.0