Support for getting the calling app's permission state for activities

This allows for apps that can already access the calling app identity
that opens their activity, along with system browser, to check whenever
a permission is granted, similar to the permission entry in activity
section of AndroidManifest.xml.

core/java/android/app/Activity.java

@@ -6931,6 +6931,19 @@ public String getLaunchedFromPackage() {
         return ActivityClient.getInstance().getLaunchedFromPackage(getActivityToken());
     }
 
+    /**
+     * Returns if the permission is granted on app that initially launched this activity.
+     *
+     * <p>In order to receive the launching app's package name permission state,
+     * the current activity is from a system browser, otherwise {@code SecurityException} is thrown.
+     * @return the permission state of a permission if it's granted
+     * @hide
+     */
+    @UnsupportedAppUsage
+    public int checkLaunchedFromPackagePermission(String permission) {
+        return ActivityClient.getInstance().checkLaunchedFromPackagePermission(getActivityToken(), permission);
+    }
+
     /**
      * Control whether this activity's main window is visible.  This is intended
      * only for the special case of an activity that is not going to show a

core/java/android/app/ActivityClient.java

@@ -294,6 +294,14 @@ public String getLaunchedFromPackage(IBinder token) {
         }
     }
 
+    public int checkLaunchedFromPackagePermission(IBinder token, String permission) {
+        try {
+            return getActivityClientController().checkLaunchedFromPackagePermission(token, permission);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
     public void setRequestedOrientation(IBinder token, int requestedOrientation) {
         try {
             getActivityClientController().setRequestedOrientation(token, requestedOrientation);

core/java/android/app/IActivityClientController.aidl

@@ -191,4 +191,11 @@ interface IActivityClientController {
      */
     boolean isRequestedToLaunchInTaskFragment(in IBinder activityToken,
             in IBinder taskFragmentToken);
+
+    /**
+     * Return {@code true} if the calling package had a permission granted.
+     * Only accessible to system browser app and apps that can already access
+     * the app launching the activity via getLaunchedFrom{Uid,Package}
+     */
+    int checkLaunchedFromPackagePermission(in IBinder token, String permission);
 }

services/core/java/com/android/server/wm/ActivityClientController.java

@@ -705,6 +705,18 @@ public String getLaunchedFromPackage(IBinder token) {
         return null;
     }
 
+    @Override
+    public int checkLaunchedFromPackagePermission(IBinder token, String permission) {
+        if (!WindowManagerHooks.canAccessLaunchedFromPackagePermission()) {
+            throw new SecurityException();
+        }
+
+        synchronized (mGlobalLock) {
+            final ActivityRecord r = ActivityRecord.forTokenLocked(token);
+            return WindowManagerHooks.checkLaunchedFromPackagePermission(r, permission);
+        }
+    }
+
     /** Whether the call to one of the getLaunchedFrom APIs is performed by an internal caller. */
     private boolean isInternalCallerGetLaunchedFrom(int uid) {
         if (UserHandle.getAppId(uid) == SYSTEM_UID) {

services/core/java/com/android/server/wm/WindowManagerHooks.java

@@ -0,0 +1,77 @@
+package com.android.server.wm;
+
+import android.annotation.NonNull;
+import android.annotation.Nullable;
+import android.app.ActivityThread;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManagerInternal;
+import android.ext.BrowserUtils;
+import android.os.Binder;
+import android.os.Build;
+import android.os.SystemProperties;
+import android.os.UserHandle;
+
+import com.android.internal.util.ArrayUtils;
+
+import com.android.server.LocalServices;
+import com.android.server.pm.permission.PermissionManagerServiceInternal;
+import com.android.server.pm.pkg.AndroidPackage;
+import com.android.server.pm.pkg.PackageStateInternal;
+
+class WindowManagerHooks {
+
+    static boolean canAccessLaunchedFromPackagePermission() {
+        final int callingUid = Binder.getCallingUid();
+        var pmi = LocalServices.getService(PackageManagerInternal.class);
+        AndroidPackage callingPkg = pmi.getPackage(callingUid);
+        if (callingPkg == null) {
+            return false;
+        }
+
+        String callingPkgName = callingPkg.getPackageName();
+        if (canAccessForDebuggingPurposes(callingPkgName)) {
+            return true;
+        }
+
+        Context ctx = ActivityThread.currentActivityThread().getSystemContext();
+        if (!BrowserUtils.isSystemBrowser(ctx, callingPkgName)) {
+            return false;
+        }
+
+        PackageStateInternal callingPsi = pmi.getPackageStateInternal(callingPkg.getPackageName());
+        if (callingPsi == null) {
+            return false;
+        }
+
+        return callingPsi.isSystem();
+    }
+
+    static boolean canAccessForDebuggingPurposes(@NonNull String packageName) {
+        if (!Build.isDebuggable()) {
+            return false;
+        }
+
+        String testPkgs = SystemProperties.get("persist.launchedFromPackagePermission_test_pkgs");
+        return ArrayUtils.contains(testPkgs.split(","), packageName);
+    }
+
+    static int checkLaunchedFromPackagePermission(@Nullable ActivityRecord r, @NonNull String permission) {
+        if (r == null) {
+            return PackageManager.PERMISSION_DENIED;
+        }
+
+        String packageName = r.launchedFromPackage;
+        final int userId = UserHandle.getUserId(r.launchedFromUid);
+        var permService = LocalServices.getService(PermissionManagerServiceInternal.class);
+
+        // Do not take into account of package visibility here.
+        long token = Binder.clearCallingIdentity();
+        try {
+            return permService.checkPermission(packageName, permission, userId);
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+
+    }
+}