Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 05bbc74e authored by Justin Lannin's avatar Justin Lannin
Browse files

AppIdPermissionPolicy: Move package update permission revoke to after package evaluation. 

This ensures that all flag changes (implicit or otherwise) occur before we evaluate for additional revocation.

Bug: 401614607
Test: atest PermissionServiceMockingTests
Flag: EXEMPT bugfix
Change-Id: I6dc9f276568676aadce1b425df2074fb3c252836
parent 91c12d7e

services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt

+6 −2
Original line number Diff line number Diff line
@@ -112,7 +112,6 @@ class AppIdPermissionPolicy : SchemePolicy() { 
            addPermissions(packageState, changedPermissionNames)

            trimPermissions(packageState.packageName, changedPermissionNames)

            trimPermissionStates(packageState.appId)

            revokePermissionsOnPackageUpdate(packageState.appId)

        }

        changedPermissionNames.forEachIndexed { _, permissionName ->

            evaluatePermissionStateForAllPackages(permissionName, null)
@@ -130,6 +129,7 @@ class AppIdPermissionPolicy : SchemePolicy() { 
            newState.externalState.userIds.forEachIndexed { _, userId ->

                inheritImplicitPermissionStates(packageState.appId, userId)

            }

            revokePermissionsOnPackageUpdate(packageState.appId)

        }

    }
@@ -140,7 +140,6 @@ class AppIdPermissionPolicy : SchemePolicy() { 
        addPermissions(packageState, changedPermissionNames)

        trimPermissions(packageState.packageName, changedPermissionNames)

        trimPermissionStates(packageState.appId)

        revokePermissionsOnPackageUpdate(packageState.appId)

        changedPermissionNames.forEachIndexed { _, permissionName ->

            evaluatePermissionStateForAllPackages(permissionName, null)

        }
@@ -148,6 +147,7 @@ class AppIdPermissionPolicy : SchemePolicy() { 
        newState.externalState.userIds.forEachIndexed { _, userId ->

            inheritImplicitPermissionStates(packageState.appId, userId)

        }

        revokePermissionsOnPackageUpdate(packageState.appId)

    }



    override fun MutateStateScope.onPackageRemoved(packageName: String, appId: Int) {
@@ -700,6 +700,10 @@ class AppIdPermissionPolicy : SchemePolicy() { 
    }



    private fun MutateStateScope.revokePermissionsOnPackageUpdate(appId: Int) {

        revokeStorageAndMediaPermissionsOnPackageUpdate(appId)

    }



    private fun MutateStateScope.revokeStorageAndMediaPermissionsOnPackageUpdate(appId: Int) {

        val hasOldPackage =

            appId in oldState.externalState.appIdPackageNames &&

                anyPackageInAppId(appId, oldState) { true }