Merge "Revoke internal permissions upon owner change." into sc-dev am: b8dec4bf2c am: e039d85706 (0f82d26c) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/Permission.java

+4 −3

Original line number	Diff line number	Diff line
		@@ -480,9 +480,10 @@ public final class Permission {
		r.append("DUP:");
		r.append(permissionInfo.name);
		}
		if (permission.isRuntime() && (ownerChanged \|\| wasNonRuntime)) {
		// If this is a runtime permission and the owner has changed, or this wasn't a runtime
		// permission, then permission state should be cleaned up
		if ((permission.isInternal() && ownerChanged)
		\|\| (permission.isRuntime() && (ownerChanged \|\| wasNonRuntime))) {
		// If this is an internal/runtime permission and the owner has changed, or this wasn't a
		// runtime permission, then permission state should be cleaned up.
		permission.mDefinitionChanged = true;
		}
		if (PackageManagerService.DEBUG_PACKAGE_SCANNING && r != null) {

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+17 −8

Original line number	Diff line number	Diff line
		@@ -1654,7 +1654,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		isRolePermission = permission.isRole();
		}
		final boolean mayRevokeRolePermission = isRolePermission
		&& mayManageRolePermission(callingUid);
		// Allow ourselves to revoke role permissions due to definition changes.
		&& (callingUid == Process.myUid() \|\| mayManageRolePermission(callingUid));

		final boolean isRuntimePermission;
		synchronized (mLock) {
		@@ -2332,11 +2333,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {

		for (int permNum = 0; permNum < numPermissions; permNum++) {
		final String permName = permissionsToRevoke.get(permNum);
		final boolean isInternalPermission;
		synchronized (mLock) {
		final Permission bp = mRegistry.getPermission(permName);
		if (bp == null \|\| !bp.isRuntime()) {
		if (bp == null \|\| !(bp.isInternal() \|\| bp.isRuntime())) {
		continue;
		}
		isInternalPermission = bp.isInternal();
		}
		mPackageManagerInt.forEachPackage(pkg -> {
		final String packageName = pkg.getPackageName();
		@@ -2356,12 +2359,18 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		if (permissionState == PackageManager.PERMISSION_GRANTED
		&& (flags & flagMask) == 0) {
		final int uid = UserHandle.getUid(userId, appId);
		if (isInternalPermission) {
		EventLog.writeEvent(0x534e4554, "195338390", uid,
		"Revoking permission " + permName + " from package "
		+ packageName + " due to definition change");
		} else {
		EventLog.writeEvent(0x534e4554, "154505240", uid,
		"Revoking permission " + permName + " from package "
		+ packageName + " due to definition change");
		EventLog.writeEvent(0x534e4554, "168319670", uid,
		"Revoking permission " + permName + " from package "
		+ packageName + " due to definition change");
		}
		Slog.e(TAG, "Revoking permission " + permName + " from package "
		+ packageName + " due to definition change");
		try {