Upgrade permissions on PermissionController version change (0dc24cba) · Commits · e / os / android_frameworks_base

core/java/android/permission/PermissionControllerService.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -202,7 +202,8 @@ public abstract class PermissionControllerService extends Service {
		/**
		* Grant or upgrade runtime permissions. The upgrade could be performed
		* based on whether the device upgraded, whether the permission database
		* version is old, or because the permission policy changed.
		* version is old, because the permission policy changed, or because the
		* permission controller has updated.
		*
		* @param callback Callback waiting for operation to be complete
		*

services/core/java/android/content/pm/PackageManagerInternal.java

+4 −6

Original line number	Diff line number	Diff line
		@@ -927,13 +927,11 @@ public abstract class PackageManagerInternal {
		IntentSender intentSender, int flags);

		/**
		* Get fingerprint of build that updated the runtime permissions for a user.
		* Update fingerprint of build that updated the runtime permissions for a user.
		*
		* @param userId The user to update
		* @param fingerPrint The fingerprint to set
		*/
		public abstract void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint,
		@UserIdInt int userId);
		public abstract void updateRuntimePermissionsFingerprint(@UserIdInt int userId);

		/**
		* Migrates legacy obb data to its new location.
		@@ -961,8 +959,8 @@ public abstract class PackageManagerInternal {
		public abstract boolean isCallerInstallerOfRecord(
		@NonNull AndroidPackage pkg, int callingUid);

		/** Returns whether or not default runtime permissions are granted for the given user */
		public abstract boolean areDefaultRuntimePermissionsGranted(@UserIdInt int userId);
		/** Returns whether or not permissions need to be upgraded for the given user */
		public abstract boolean isPermissionUpgradeNeeded(@UserIdInt int userId);

		/** Sets the enforcement of reading external storage */
		public abstract void setReadExternalStorageEnforced(boolean enforced);

services/core/java/com/android/server/pm/PackageManagerService.java

+9 −6

Original line number	Diff line number	Diff line
		@@ -3364,6 +3364,10 @@ public class PackageManagerService extends IPackageManager.Stub
		// critical part of the core system.
		mRequiredPermissionControllerPackage = getRequiredPermissionControllerLPr();

		mSettings.setPermissionControllerVersion(
		getPackageInfo(mRequiredPermissionControllerPackage, 0,
		UserHandle.USER_SYSTEM).getLongVersionCode());

		// Initialize InstantAppRegistry's Instant App list for all users.
		final int[] userIds = UserManagerService.getInstance().getUserIds();
		for (AndroidPackage pkg : mPackages.values()) {
		@@ -22668,7 +22672,7 @@ public class PackageManagerService extends IPackageManager.Stub
		boolean readPermissionStateForUser(@UserIdInt int userId) {
		synchronized (mPackages) {
		mSettings.readPermissionStateForUserSyncLPr(userId);
		return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId);
		return mPmInternal.isPermissionUpgradeNeeded(userId);
		}
		}

		@@ -24067,10 +24071,9 @@ public class PackageManagerService extends IPackageManager.Stub
		}

		@Override
		public void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint,
		@UserIdInt int userId) {
		public void updateRuntimePermissionsFingerprint(@UserIdInt int userId) {
		synchronized (mLock) {
		mSettings.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId);
		mSettings.updateRuntimePermissionsFingerprintLPr(userId);
		}
		}

		@@ -24122,9 +24125,9 @@ public class PackageManagerService extends IPackageManager.Stub
		}

		@Override
		public boolean areDefaultRuntimePermissionsGranted(int userId) {
		public boolean isPermissionUpgradeNeeded(int userId) {
		synchronized (mLock) {
		return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId);
		return mSettings.isPermissionUpgradeNeededLPr(userId);
		}
		}

services/core/java/com/android/server/pm/Settings.java

+40 −19

Original line number	Diff line number	Diff line
		@@ -1319,13 +1319,12 @@ public final class Settings {
		}
		}

		boolean areDefaultRuntimePermissionsGrantedLPr(int userId) {
		return mRuntimePermissionsPersistence
		.areDefaultRuntimePermissionsGrantedLPr(userId);
		boolean isPermissionUpgradeNeededLPr(int userId) {
		return mRuntimePermissionsPersistence.isPermissionUpgradeNeeded(userId);
		}

		void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint, @UserIdInt int userId) {
		mRuntimePermissionsPersistence.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId);
		void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
		mRuntimePermissionsPersistence.updateRuntimePermissionsFingerprintLPr(userId);
		}

		int getDefaultRuntimePermissionsVersionLPr(int userId) {
		@@ -1336,6 +1335,10 @@ public final class Settings {
		mRuntimePermissionsPersistence.setVersionLPr(version, userId);
		}

		void setPermissionControllerVersion(long version) {
		mRuntimePermissionsPersistence.setPermissionControllerVersion(version);
		}

		public VersionInfo findOrCreateVersion(String volumeUuid) {
		VersionInfo ver = mVersion.get(volumeUuid);
		if (ver == null) {
		@@ -5294,6 +5297,8 @@ public final class Settings {
		private static final int UPGRADE_VERSION = -1;
		private static final int INITIAL_VERSION = 0;

		private String mExtendedFingerprint;

		private final RuntimePermissionsPersistence mPersistence =
		RuntimePermissionsPersistence.createInstance();

		@@ -5318,7 +5323,7 @@ public final class Settings {

		@GuardedBy("mLock")
		// The mapping keys are user ids.
		private final SparseBooleanArray mDefaultPermissionsGranted = new SparseBooleanArray();
		private final SparseBooleanArray mPermissionUpgradeNeeded = new SparseBooleanArray();

		public RuntimePermissionPersistence(Object persistenceLock) {
		mPersistenceLock = persistenceLock;
		@@ -5336,17 +5341,36 @@ public final class Settings {
		}

		@GuardedBy("Settings.this.mLock")
		public boolean areDefaultRuntimePermissionsGrantedLPr(int userId) {
		return mDefaultPermissionsGranted.get(userId);
		public boolean isPermissionUpgradeNeeded(int userId) {
		return mPermissionUpgradeNeeded.get(userId, true);
		}

		@GuardedBy("Settings.this.mLock")
		public void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint,
		@UserIdInt int userId) {
		mFingerprints.put(userId, fingerPrint);
		public void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
		if (mExtendedFingerprint == null) {
		throw new RuntimeException("The version of the permission controller hasn't been "
		+ "set before trying to update the fingerprint.");
		}
		mFingerprints.put(userId, mExtendedFingerprint);
		writePermissionsForUserAsyncLPr(userId);
		}

		public void setPermissionControllerVersion(long version) {
		int numUser = mFingerprints.size();
		mExtendedFingerprint = getExtendedFingerprint(version);

		for (int i = 0; i < numUser; i++) {
		int userId = mFingerprints.keyAt(i);
		String fingerprint = mFingerprints.valueAt(i);
		mPermissionUpgradeNeeded.put(userId,
		!TextUtils.equals(mExtendedFingerprint, fingerprint));
		}
		}

		private String getExtendedFingerprint(long version) {
		return Build.FINGERPRINT + "?pc_version=" + version;
		}

		public void writePermissionsForUserSyncLPr(int userId) {
		mHandler.removeMessages(userId);
		writePermissionsSync(userId);
		@@ -5459,7 +5483,7 @@ public final class Settings {
		revokeRuntimePermissionsAndClearFlags(sb, userId);
		}

		mDefaultPermissionsGranted.delete(userId);
		mPermissionUpgradeNeeded.delete(userId);
		mVersions.delete(userId);
		mFingerprints.remove(userId);
		}
		@@ -5501,8 +5525,6 @@ public final class Settings {

		String fingerprint = runtimePermissions.getFingerprint();
		mFingerprints.put(userId, fingerprint);
		boolean defaultPermissionsGranted = Build.FINGERPRINT.equals(fingerprint);
		mDefaultPermissionsGranted.put(userId, defaultPermissionsGranted);

		boolean isUpgradeToR = getInternalVersion().sdkVersion < Build.VERSION_CODES.R;

		@@ -5662,8 +5684,6 @@ public final class Settings {
		mVersions.put(userId, version);
		String fingerprint = parser.getAttributeValue(null, ATTR_FINGERPRINT);
		mFingerprints.put(userId, fingerprint);
		final boolean defaultsGranted = Build.FINGERPRINT.equals(fingerprint);
		mDefaultPermissionsGranted.put(userId, defaultsGranted);
		} break;

		case TAG_PACKAGE: {
		@@ -5728,7 +5748,8 @@ public final class Settings {
		PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
		}

		} break;
		}
		break;
		}
		}
		}

services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

+0 −14

Original line number	Diff line number	Diff line
		@@ -60,10 +60,8 @@ import android.util.ArrayMap;
		import android.util.ArraySet;
		import android.util.Log;
		import android.util.Slog;
		import android.util.SparseIntArray;
		import android.util.Xml;

		import com.android.internal.annotations.GuardedBy;
		import com.android.internal.util.ArrayUtils;
		import com.android.internal.util.XmlUtils;
		import com.android.server.LocalServices;
		@@ -226,9 +224,6 @@ public final class DefaultPermissionGrantPolicy {
		private final PackageManagerInternal mServiceInternal;
		private final PermissionManagerService mPermissionManager;

		@GuardedBy("mLock")
		private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();

		DefaultPermissionGrantPolicy(Context context, Looper looper,
		@NonNull PermissionManagerService permissionManager) {
		mContext = context;
		@@ -297,19 +292,10 @@ public final class DefaultPermissionGrantPolicy {
		}
		}

		public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
		synchronized (mLock) {
		return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
		}
		}

		public void grantDefaultPermissions(int userId) {
		grantPermissionsToSysComponentsAndPrivApps(userId);
		grantDefaultSystemHandlerPermissions(userId);
		grantDefaultPermissionExceptions(userId);
		synchronized (mLock) {
		mDefaultPermissionsGrantedUsers.put(userId, userId);
		}
		}

		private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {