Loading services/core/java/com/android/server/pm/PackageManagerService.java +16 −30 Original line number Diff line number Diff line Loading @@ -21,7 +21,6 @@ import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_DEFAULT; import static android.app.AppOpsManager.MODE_IGNORED; import static android.content.Intent.ACTION_MAIN; Loading @@ -44,7 +43,6 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKED_COMPAT; import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER; import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS; import static android.content.pm.PackageManager.INSTALL_FAILED_BAD_PERMISSION_GROUP; import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE; Loading Loading @@ -2172,7 +2170,7 @@ public class PackageManagerService extends IPackageManager.Stub private void handlePackagePostInstall(PackageInstalledInfo res, boolean grantPermissions, boolean killApp, boolean virtualPreload, String[] grantedPermissions, List<String> whitelistedRestrictedPermissions, String[] grantedPermissions, List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, boolean launchedForRestore, String installerPackage, IPackageInstallObserver2 installObserver, int dataLoaderType) { Loading Loading @@ -2205,32 +2203,21 @@ public class PackageManagerService extends IPackageManager.Stub res.removedInfo.sendPackageRemovedBroadcasts(killApp, false /*removedBySystem*/); } // Allowlist any restricted permissions first as some may be runtime // that the installer requested to be granted at install time. if (whitelistedRestrictedPermissions != null && !whitelistedRestrictedPermissions.isEmpty()) { mPermissionManager.setAllowlistedRestrictedPermissions(res.pkg, whitelistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, res.newUsers); final List<String> grantedPermissionsList; if (grantPermissions) { if (grantedPermissions != null) { grantedPermissionsList = Arrays.asList(grantedPermissions); } else { grantedPermissionsList = res.pkg.getRequestedPermissions(); } if (autoRevokePermissionsMode == MODE_ALLOWED || autoRevokePermissionsMode == MODE_IGNORED) { mPermissionManager.setAutoRevokeExempted(res.pkg, autoRevokePermissionsMode == MODE_IGNORED, res.newUsers); } else { grantedPermissionsList = Collections.emptyList(); } // Now that we successfully installed the package, grant runtime // permissions if requested before broadcasting the install. Also // for legacy apps in permission review mode we clear the permission // review flag which is used to emulate runtime permissions for // legacy apps. if (grantPermissions) { final int callingUid = Binder.getCallingUid(); mPermissionManager.grantRequestedRuntimePermissions(res.pkg, grantedPermissions != null ? Arrays.asList(grantedPermissions) : null, res.newUsers); if (allowlistedRestrictedPermissions == null) { allowlistedRestrictedPermissions = Collections.emptyList(); } mPermissionManager.onPackageInstalled(res.pkg, grantedPermissionsList, allowlistedRestrictedPermissions, autoRevokePermissionsMode, res.newUsers); final String installerPackageName = res.installerPackageName != null Loading Loading @@ -13681,9 +13668,8 @@ public class PackageManagerService extends IPackageManager.Stub != 0) { whiteListedPermissions = pkgSetting.pkg.getRequestedPermissions(); } mPermissionManager.setAllowlistedRestrictedPermissions(pkgSetting.pkg, whiteListedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, new int[] { userId }); mPermissionManager.onPackageInstalled(pkgSetting.pkg, Collections.emptyList(), whiteListedPermissions, MODE_DEFAULT, new int[] { userId }); } if (pkgSetting.pkg != null) { services/core/java/com/android/server/pm/permission/PermissionManagerService.java +28 −22 Original line number Diff line number Diff line Loading @@ -4914,6 +4914,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { return true; } private void onPackageInstalledInternal(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @NonNull int[] userIds) { setAllowlistedRestrictedPermissionsInternal(pkg, allowlistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, userIds); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userIds); } grantRequestedRuntimePermissionsInternal(pkg, grantedPermissions, userIds); } private void onPackageRemovedInternal(@NonNull AndroidPackage pkg) { removeAllPermissionsInternal(pkg); } Loading Loading @@ -5080,28 +5094,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName); } @Override public void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); grantRequestedRuntimePermissionsInternal(pkg, permissions, userIds); } @Override public void setAllowlistedRestrictedPermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAllowlistedRestrictedPermissionsInternal(pkg, permissions, allowlistFlags, userIds); } @Override public void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAutoRevokeExemptedInternal(pkg, exempted, userIds); } @Override public void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) { PermissionManagerService.this .updatePermissions(packageName, pkg, mDefaultPermissionCallback); Loading Loading @@ -5371,6 +5363,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { onPackageAddedInternal(pkg, isInstantApp, oldPkg); } @Override public void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(grantedPermissions, "grantedPermissions"); Objects.requireNonNull(allowlistedRestrictedPermissions, "allowlistedRestrictedPermissions"); Objects.requireNonNull(userIds, "userIds"); onPackageInstalledInternal(pkg, grantedPermissions, allowlistedRestrictedPermissions, autoRevokePermissionsMode, userIds); } @Override public void onPackageRemoved(@NonNull AndroidPackage pkg) { Objects.requireNonNull(pkg); Loading services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +15 −37 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ import android.annotation.AppIdInt; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.content.pm.PackageManager; import android.content.pm.PermissionInfo; import android.permission.PermissionManagerInternal; Loading Loading @@ -189,42 +188,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract boolean isPermissionsReviewRequired(@NonNull String packageName, @UserIdInt int userId); /** * Grant the requested runtime permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be granted, or {@code null} for * granting all the requested permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds); /** * Set the allowlisted restricted permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be allowlisted, or {@code null} * for allowlisting all the requested restricted permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAllowlistedRestrictedPermissions( @NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PackageManager.PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds); /** * Set whether a package is exempted from auto revoke. * * @param pkg the package * @param exempted whether the package is exempted from auto revoke * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds); /** * Update permissions when a package changed. * Loading Loading @@ -525,6 +488,21 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract void onPackageAdded(@NonNull AndroidPackage pkg, boolean isInstantApp, @Nullable AndroidPackage oldPkg); /** * Callback when a package has been installed for certain users. * * @param pkg the installed package * @param grantedPermissions the permissions to be granted * @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted * @param autoRevokePermissionsMode the auto revoke permissions mode for this package * @param userIds the user IDs this package is installed for */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @NonNull int[] userIds); /** * Callback when a package has been removed. * Loading Loading
services/core/java/com/android/server/pm/PackageManagerService.java +16 −30 Original line number Diff line number Diff line Loading @@ -21,7 +21,6 @@ import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_DEFAULT; import static android.app.AppOpsManager.MODE_IGNORED; import static android.content.Intent.ACTION_MAIN; Loading @@ -44,7 +43,6 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKED_COMPAT; import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER; import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS; import static android.content.pm.PackageManager.INSTALL_FAILED_BAD_PERMISSION_GROUP; import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE; Loading Loading @@ -2172,7 +2170,7 @@ public class PackageManagerService extends IPackageManager.Stub private void handlePackagePostInstall(PackageInstalledInfo res, boolean grantPermissions, boolean killApp, boolean virtualPreload, String[] grantedPermissions, List<String> whitelistedRestrictedPermissions, String[] grantedPermissions, List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, boolean launchedForRestore, String installerPackage, IPackageInstallObserver2 installObserver, int dataLoaderType) { Loading Loading @@ -2205,32 +2203,21 @@ public class PackageManagerService extends IPackageManager.Stub res.removedInfo.sendPackageRemovedBroadcasts(killApp, false /*removedBySystem*/); } // Allowlist any restricted permissions first as some may be runtime // that the installer requested to be granted at install time. if (whitelistedRestrictedPermissions != null && !whitelistedRestrictedPermissions.isEmpty()) { mPermissionManager.setAllowlistedRestrictedPermissions(res.pkg, whitelistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, res.newUsers); final List<String> grantedPermissionsList; if (grantPermissions) { if (grantedPermissions != null) { grantedPermissionsList = Arrays.asList(grantedPermissions); } else { grantedPermissionsList = res.pkg.getRequestedPermissions(); } if (autoRevokePermissionsMode == MODE_ALLOWED || autoRevokePermissionsMode == MODE_IGNORED) { mPermissionManager.setAutoRevokeExempted(res.pkg, autoRevokePermissionsMode == MODE_IGNORED, res.newUsers); } else { grantedPermissionsList = Collections.emptyList(); } // Now that we successfully installed the package, grant runtime // permissions if requested before broadcasting the install. Also // for legacy apps in permission review mode we clear the permission // review flag which is used to emulate runtime permissions for // legacy apps. if (grantPermissions) { final int callingUid = Binder.getCallingUid(); mPermissionManager.grantRequestedRuntimePermissions(res.pkg, grantedPermissions != null ? Arrays.asList(grantedPermissions) : null, res.newUsers); if (allowlistedRestrictedPermissions == null) { allowlistedRestrictedPermissions = Collections.emptyList(); } mPermissionManager.onPackageInstalled(res.pkg, grantedPermissionsList, allowlistedRestrictedPermissions, autoRevokePermissionsMode, res.newUsers); final String installerPackageName = res.installerPackageName != null Loading Loading @@ -13681,9 +13668,8 @@ public class PackageManagerService extends IPackageManager.Stub != 0) { whiteListedPermissions = pkgSetting.pkg.getRequestedPermissions(); } mPermissionManager.setAllowlistedRestrictedPermissions(pkgSetting.pkg, whiteListedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, new int[] { userId }); mPermissionManager.onPackageInstalled(pkgSetting.pkg, Collections.emptyList(), whiteListedPermissions, MODE_DEFAULT, new int[] { userId }); } if (pkgSetting.pkg != null) {
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +28 −22 Original line number Diff line number Diff line Loading @@ -4914,6 +4914,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { return true; } private void onPackageInstalledInternal(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @NonNull int[] userIds) { setAllowlistedRestrictedPermissionsInternal(pkg, allowlistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, userIds); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userIds); } grantRequestedRuntimePermissionsInternal(pkg, grantedPermissions, userIds); } private void onPackageRemovedInternal(@NonNull AndroidPackage pkg) { removeAllPermissionsInternal(pkg); } Loading Loading @@ -5080,28 +5094,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName); } @Override public void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); grantRequestedRuntimePermissionsInternal(pkg, permissions, userIds); } @Override public void setAllowlistedRestrictedPermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAllowlistedRestrictedPermissionsInternal(pkg, permissions, allowlistFlags, userIds); } @Override public void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAutoRevokeExemptedInternal(pkg, exempted, userIds); } @Override public void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) { PermissionManagerService.this .updatePermissions(packageName, pkg, mDefaultPermissionCallback); Loading Loading @@ -5371,6 +5363,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { onPackageAddedInternal(pkg, isInstantApp, oldPkg); } @Override public void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(grantedPermissions, "grantedPermissions"); Objects.requireNonNull(allowlistedRestrictedPermissions, "allowlistedRestrictedPermissions"); Objects.requireNonNull(userIds, "userIds"); onPackageInstalledInternal(pkg, grantedPermissions, allowlistedRestrictedPermissions, autoRevokePermissionsMode, userIds); } @Override public void onPackageRemoved(@NonNull AndroidPackage pkg) { Objects.requireNonNull(pkg); Loading
services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +15 −37 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ import android.annotation.AppIdInt; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.content.pm.PackageManager; import android.content.pm.PermissionInfo; import android.permission.PermissionManagerInternal; Loading Loading @@ -189,42 +188,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract boolean isPermissionsReviewRequired(@NonNull String packageName, @UserIdInt int userId); /** * Grant the requested runtime permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be granted, or {@code null} for * granting all the requested permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds); /** * Set the allowlisted restricted permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be allowlisted, or {@code null} * for allowlisting all the requested restricted permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAllowlistedRestrictedPermissions( @NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PackageManager.PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds); /** * Set whether a package is exempted from auto revoke. * * @param pkg the package * @param exempted whether the package is exempted from auto revoke * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds); /** * Update permissions when a package changed. * Loading Loading @@ -525,6 +488,21 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract void onPackageAdded(@NonNull AndroidPackage pkg, boolean isInstantApp, @Nullable AndroidPackage oldPkg); /** * Callback when a package has been installed for certain users. * * @param pkg the installed package * @param grantedPermissions the permissions to be granted * @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted * @param autoRevokePermissionsMode the auto revoke permissions mode for this package * @param userIds the user IDs this package is installed for */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @NonNull int[] userIds); /** * Callback when a package has been removed. * Loading
