commit 1d89216eac8d5c122056165d77322151cc26a70c
author Alex Buynytskyy <alexbuy@google.com> Fri Apr 03 23:00:19 2020 -0700
committer Alex Buynytskyy <alexbuy@google.com> Mon Apr 06 12:22:49 2020 -0700
tree bad152666c0b2e0b2e4728b83418b19f1d73e498
parent 3fc58ee5d501fc4a87455b690762207d8de52a32

Appops permission monitoring for GET_USAGE_STATS.

This makes sure DataLoader won't be able to obtain read logs once user
denies access.

Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest
Test: adb shell appops set 1000 GET_USAGE_STATS deny
Change-Id: Ibbb74933b4ef0dd8f5fe27732743e5820b8ee4dc

services/incremental/IncrementalService.h

diff --git a/services/incremental/IncrementalService.h b/services/incremental/IncrementalService.h
index ff69633..5800297 100644
--- a/services/incremental/IncrementalService.h
+++ b/services/incremental/IncrementalService.h
@@ -40,7 +40,6 @@
 #include "ServiceWrappers.h"
 #include "android/content/pm/BnDataLoaderStatusListener.h"
 #include "incfs.h"
-#include "dataloader_ndk.h"
 #include "path.h"
 
 using namespace android::os::incremental;
@@ -182,7 +181,6 @@
         StorageMap storages;
         BindMap bindPoints;
         DataLoaderParamsParcel dataLoaderParams;
-        DataLoaderFilesystemParams dataLoaderFilesystemParams;
         std::atomic<int> nextStorageDirNo{0};
         std::atomic<int> dataLoaderStatus = -1;
         bool dataLoaderStartRequested = false;
@@ -193,9 +191,7 @@
               : root(std::move(root)),
                 control(std::move(control)),
                 mountId(mountId),
-                incrementalService(incrementalService) {
-            dataLoaderFilesystemParams.readLogsEnabled = false;
-        }
+                incrementalService(incrementalService) {}
         IncFsMount(IncFsMount&&) = delete;
         IncFsMount& operator=(IncFsMount&&) = delete;
         ~IncFsMount();
@@ -234,10 +230,11 @@
     std::string normalizePathToStorage(const IfsMountPtr incfs, StorageId storage,
                                        std::string_view path);
 
-    int applyStorageParams(IncFsMount& ifs);
+    binder::Status applyStorageParams(IncFsMount& ifs, bool enableReadLogs);
 
     void registerAppOpsCallback(const std::string& packageName);
-    void onAppOppChanged(const std::string& packageName);
+    bool unregisterAppOpsCallback(const std::string& packageName);
+    void onAppOpChanged(const std::string& packageName);
 
     // Member variables
     std::unique_ptr<VoldServiceWrapper> const mVold;
@@ -252,7 +249,7 @@
     BindPathMap mBindsByPath;
 
     std::mutex mCallbacksLock;
-    std::set<std::string> mCallbackRegistered;
+    std::map<std::string, sp<AppOpsListener>> mCallbackRegistered;
 
     std::atomic_bool mSystemReady = false;
     StorageId mNextId = 0;