Merge "Revoke granted permission when the permission defining app is removed."... (0e1a6217) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+42 −2

Original line number	Original line	Diff line number	Diff line
	@@ -48,6 +48,7 @@ import android.annotation.NonNull;
	import android.annotation.Nullable;		import android.annotation.Nullable;
	import android.annotation.UserIdInt;		import android.annotation.UserIdInt;
	import android.content.Context;		import android.content.Context;
			import android.content.pm.ApplicationInfo;
	import android.content.pm.PackageManager;		import android.content.pm.PackageManager;
	import android.content.pm.PackageManager.PermissionWhitelistFlags;		import android.content.pm.PackageManager.PermissionWhitelistFlags;
	import android.content.pm.PackageManagerInternal;		import android.content.pm.PackageManagerInternal;
	@@ -2614,7 +2615,7 @@ public class PermissionManagerService {

	// Make sure all dynamic permissions have been assigned to a package,		// Make sure all dynamic permissions have been assigned to a package,
	// and make sure there are no dangling permissions.		// and make sure there are no dangling permissions.
	flags = updatePermissions(changingPkgName, changingPkg, flags);		flags = updatePermissions(changingPkgName, changingPkg, flags, callback);

	synchronized (mLock) {		synchronized (mLock) {
	if (mBackgroundPermissions == null) {		if (mBackgroundPermissions == null) {
	@@ -2664,7 +2665,8 @@ public class PermissionManagerService {
	Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
	}		}

	private int updatePermissions(String packageName, PackageParser.Package pkg, int flags) {		private int updatePermissions(String packageName, PackageParser.Package pkg, int flags,
			@Nullable PermissionCallback callback) {
	Set<BasePermission> needsUpdate = null;		Set<BasePermission> needsUpdate = null;
	synchronized (mLock) {		synchronized (mLock) {
	final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator();		final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator();
	@@ -2678,6 +2680,44 @@ public class PermissionManagerService {
	&& (pkg == null \|\| !hasPermission(pkg, bp.getName()))) {		&& (pkg == null \|\| !hasPermission(pkg, bp.getName()))) {
	Slog.i(TAG, "Removing old permission tree: " + bp.getName()		Slog.i(TAG, "Removing old permission tree: " + bp.getName()
	+ " from package " + bp.getSourcePackageName());		+ " from package " + bp.getSourcePackageName());
			if (bp.isRuntime()) {
			final int[] userIds = mUserManagerInt.getUserIds();
			final int numUserIds = userIds.length;
			for (int userIdNum = 0; userIdNum < numUserIds; userIdNum++) {
			final int userId = userIds[userIdNum];

			mPackageManagerInt.forEachPackage((Package p) -> {
			final String pName = p.packageName;
			final ApplicationInfo appInfo =
			mPackageManagerInt.getApplicationInfo(pName, 0,
			Process.SYSTEM_UID, UserHandle.USER_SYSTEM);
			if (appInfo != null
			&& appInfo.targetSdkVersion < Build.VERSION_CODES.M) {
			return;
			}

			final String permissionName = bp.getName();
			if (checkPermission(permissionName, pName, Process.SYSTEM_UID,
			userId) == PackageManager.PERMISSION_GRANTED) {
			try {
			revokeRuntimePermission(
			permissionName,
			pName,
			false,
			userId,
			callback);
			} catch (IllegalArgumentException e) {
			Slog.e(TAG,
			"Failed to revoke "
			+ permissionName
			+ " from "
			+ pName,
			e);
			}
			}
			});
			}
			}
	flags \|= UPDATE_PERMISSIONS_ALL;		flags \|= UPDATE_PERMISSIONS_ALL;
	it.remove();		it.remove();
	}		}