Loading cmds/pm/src/com/android/commands/pm/Pm.java +25 −0 Original line number Diff line number Diff line Loading @@ -204,6 +204,10 @@ public final class Pm { return runGrantRevokePermission(false); } if ("reset-permissions".equals(op)) { return runResetPermissions(); } if ("set-permission-enforced".equals(op)) { return runSetPermissionEnforced(); } Loading Loading @@ -1636,6 +1640,24 @@ public final class Pm { } } private int runResetPermissions() { try { mPm.resetRuntimePermissions(); return 0; } catch (RemoteException e) { System.err.println(e.toString()); System.err.println(PM_NOT_RUNNING_ERR); return 1; } catch (IllegalArgumentException e) { System.err.println("Bad argument: " + e.toString()); showUsage(); return 1; } catch (SecurityException e) { System.err.println("Operation not allowed: " + e.toString()); return 1; } } private int runSetPermissionEnforced() { final String permission = nextArg(); if (permission == null) { Loading Loading @@ -1911,6 +1933,7 @@ public final class Pm { System.err.println(" pm unhide [--user USER_ID] PACKAGE_OR_COMPONENT"); System.err.println(" pm grant [--user USER_ID] PACKAGE PERMISSION"); System.err.println(" pm revoke [--user USER_ID] PACKAGE PERMISSION"); System.err.println(" pm reset-permissions"); System.err.println(" pm set-install-location [0/auto] [1/internal] [2/external]"); System.err.println(" pm get-install-location"); System.err.println(" pm set-permission-enforced PERMISSION [true|false]"); Loading Loading @@ -1988,6 +2011,8 @@ public final class Pm { System.err.println(" manifest, be runtime permissions (protection level dangerous),"); System.err.println(" and the app targeting SDK greater than Lollipop MR1."); System.err.println(""); System.err.println("pm reset-permissions: revert all runtime permissions to their default state."); System.err.println(""); System.err.println("pm get-install-location: returns the current install location."); System.err.println(" 0 [auto]: Let system decide the best location"); System.err.println(" 1 [internal]: Install on internal device storage"); Loading core/java/android/content/pm/IPackageManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -102,6 +102,8 @@ interface IPackageManager { void revokeRuntimePermission(String packageName, String permissionName, int userId); void resetRuntimePermissions(); int getPermissionFlags(String permissionName, String packageName, int userId); void updatePermissionFlags(String permissionName, String packageName, int flagMask, Loading services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java +37 −0 Original line number Diff line number Diff line Loading @@ -17,11 +17,13 @@ package com.android.server.pm; import android.Manifest; import android.app.DownloadManager; import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManagerInternal.PackagesProvider; import android.content.pm.PackageParser; import android.content.pm.ProviderInfo; import android.content.pm.ResolveInfo; import android.net.Uri; import android.os.Build; Loading Loading @@ -228,6 +230,7 @@ final class DefaultPermissionGrantPolicy { for (int i = 0; i < installerCount; i++) { PackageParser.Package installPackage = installerPackages.get(i); grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId); } // Verifiers Loading @@ -239,6 +242,7 @@ final class DefaultPermissionGrantPolicy { for (int i = 0; i < verifierCount; i++) { PackageParser.Package verifierPackage = verifierPackages.get(i); grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); } // SetupWizard Loading Loading @@ -273,6 +277,30 @@ final class DefaultPermissionGrantPolicy { && doesPackageSupportRuntimePermissions(cameraPackage)) { grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); } // Media provider PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( MediaStore.AUTHORITY, userId); if (mediaStorePackage != null) { grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, userId); } // Downloads provider PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( "downloads", userId); if (downloadsPackage != null) { grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, userId); } // Downloads UI Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActvityPackageLPr( downloadsUiIntent, userId); if (downloadsUiPackage != null && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, userId); } // Messaging Loading Loading @@ -452,6 +480,15 @@ final class DefaultPermissionGrantPolicy { return null; } private PackageParser.Package getDefaultProviderAuthorityPackageLPr( String authority, int userId) { ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); if (provider != null) { return getSystemPackageLPr(provider.packageName); } return null; } private PackageParser.Package getSystemPackageLPr(String packageName) { PackageParser.Package pkg = mService.mPackages.get(packageName); if (pkg != null && pkg.isSystemApp()) { Loading services/core/java/com/android/server/pm/PackageManagerService.java +39 −4 Original line number Diff line number Diff line Loading @@ -3337,6 +3337,27 @@ public class PackageManagerService extends IPackageManager.Stub { killSettingPackagesForUser(sb, userId, KILL_APP_REASON_PERMISSIONS_REVOKED); } @Override public void resetRuntimePermissions() { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, "revokeRuntimePermission"); int callingUid = Binder.getCallingUid(); if (callingUid != Process.SYSTEM_UID && callingUid != 0) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, "resetRuntimePermissions"); } synchronized (mPackages) { updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL); for (int userId : UserManagerService.getInstance().getUserIds()) { mDefaultPermissionPolicy.grantDefaultPermissions(userId); } } } @Override public int getPermissionFlags(String name, String packageName, int userId) { if (!sUserManager.exists(userId)) { Loading Loading @@ -14188,6 +14209,7 @@ public class PackageManagerService extends IPackageManager.Stub { boolean checkin = false; String packageName = null; ArraySet<String> permissionNames = null; int opti = 0; while (opti < args.length) { Loading @@ -14211,6 +14233,7 @@ public class PackageManagerService extends IPackageManager.Stub { pw.println(" k[eysets]: print known keysets"); pw.println(" r[esolvers]: dump intent resolvers"); pw.println(" perm[issions]: dump permissions"); pw.println(" permission [name ...]: dump declaration and use of given permission"); pw.println(" pref[erred]: print preferred package settings"); pw.println(" preferred-xml [--full]: print preferred package settings as xml"); pw.println(" prov[iders]: dump content providers"); Loading Loading @@ -14252,6 +14275,18 @@ public class PackageManagerService extends IPackageManager.Stub { dumpState.setDump(DumpState.DUMP_RESOLVERS); } else if ("perm".equals(cmd) || "permissions".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PERMISSIONS); } else if ("permission".equals(cmd)) { if (opti >= args.length) { pw.println("Error: permission requires permission name"); return; } permissionNames = new ArraySet<>(); while (opti < args.length) { permissionNames.add(args[opti]); opti++; } dumpState.setDump(DumpState.DUMP_PERMISSIONS | DumpState.DUMP_PACKAGES | DumpState.DUMP_SHARED_USERS); } else if ("pref".equals(cmd) || "preferred".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PREFERRED); } else if ("preferred-xml".equals(cmd)) { Loading Loading @@ -14534,8 +14569,8 @@ public class PackageManagerService extends IPackageManager.Stub { } if (!checkin && dumpState.isDumping(DumpState.DUMP_PERMISSIONS)) { mSettings.dumpPermissionsLPr(pw, packageName, dumpState); if (packageName == null) { mSettings.dumpPermissionsLPr(pw, packageName, permissionNames, dumpState); if (packageName == null && permissionNames == null) { for (int iperm=0; iperm<mAppOpPermissionPackages.size(); iperm++) { if (iperm == 0) { if (dumpState.onTitlePrinted()) Loading Loading @@ -14595,11 +14630,11 @@ public class PackageManagerService extends IPackageManager.Stub { } if (dumpState.isDumping(DumpState.DUMP_PACKAGES)) { mSettings.dumpPackagesLPr(pw, packageName, dumpState, checkin); mSettings.dumpPackagesLPr(pw, packageName, permissionNames, dumpState, checkin); } if (dumpState.isDumping(DumpState.DUMP_SHARED_USERS)) { mSettings.dumpSharedUsersLPr(pw, packageName, dumpState, checkin); mSettings.dumpSharedUsersLPr(pw, packageName, permissionNames, dumpState, checkin); } if (!checkin && dumpState.isDumping(DumpState.DUMP_INSTALLS) && packageName == null) { services/core/java/com/android/server/pm/PermissionsState.java +17 −1 Original line number Diff line number Diff line Loading @@ -218,6 +218,22 @@ public final class PermissionsState { return permissionData != null && permissionData.isGranted(userId); } /** * Returns whether the state has any known request for the given permission name, * whether or not it has been granted. */ public boolean hasRequestedPermission(ArraySet<String> names) { if (mPermissions == null) { return false; } for (int i=names.size()-1; i>=0; i--) { if (mPermissions.get(names.valueAt(i)) != null) { return true; } } return false; } /** * Gets all permissions for a given device user id regardless if they * are install time or runtime permissions. Loading Loading
cmds/pm/src/com/android/commands/pm/Pm.java +25 −0 Original line number Diff line number Diff line Loading @@ -204,6 +204,10 @@ public final class Pm { return runGrantRevokePermission(false); } if ("reset-permissions".equals(op)) { return runResetPermissions(); } if ("set-permission-enforced".equals(op)) { return runSetPermissionEnforced(); } Loading Loading @@ -1636,6 +1640,24 @@ public final class Pm { } } private int runResetPermissions() { try { mPm.resetRuntimePermissions(); return 0; } catch (RemoteException e) { System.err.println(e.toString()); System.err.println(PM_NOT_RUNNING_ERR); return 1; } catch (IllegalArgumentException e) { System.err.println("Bad argument: " + e.toString()); showUsage(); return 1; } catch (SecurityException e) { System.err.println("Operation not allowed: " + e.toString()); return 1; } } private int runSetPermissionEnforced() { final String permission = nextArg(); if (permission == null) { Loading Loading @@ -1911,6 +1933,7 @@ public final class Pm { System.err.println(" pm unhide [--user USER_ID] PACKAGE_OR_COMPONENT"); System.err.println(" pm grant [--user USER_ID] PACKAGE PERMISSION"); System.err.println(" pm revoke [--user USER_ID] PACKAGE PERMISSION"); System.err.println(" pm reset-permissions"); System.err.println(" pm set-install-location [0/auto] [1/internal] [2/external]"); System.err.println(" pm get-install-location"); System.err.println(" pm set-permission-enforced PERMISSION [true|false]"); Loading Loading @@ -1988,6 +2011,8 @@ public final class Pm { System.err.println(" manifest, be runtime permissions (protection level dangerous),"); System.err.println(" and the app targeting SDK greater than Lollipop MR1."); System.err.println(""); System.err.println("pm reset-permissions: revert all runtime permissions to their default state."); System.err.println(""); System.err.println("pm get-install-location: returns the current install location."); System.err.println(" 0 [auto]: Let system decide the best location"); System.err.println(" 1 [internal]: Install on internal device storage"); Loading
core/java/android/content/pm/IPackageManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -102,6 +102,8 @@ interface IPackageManager { void revokeRuntimePermission(String packageName, String permissionName, int userId); void resetRuntimePermissions(); int getPermissionFlags(String permissionName, String packageName, int userId); void updatePermissionFlags(String permissionName, String packageName, int flagMask, Loading
services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java +37 −0 Original line number Diff line number Diff line Loading @@ -17,11 +17,13 @@ package com.android.server.pm; import android.Manifest; import android.app.DownloadManager; import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManagerInternal.PackagesProvider; import android.content.pm.PackageParser; import android.content.pm.ProviderInfo; import android.content.pm.ResolveInfo; import android.net.Uri; import android.os.Build; Loading Loading @@ -228,6 +230,7 @@ final class DefaultPermissionGrantPolicy { for (int i = 0; i < installerCount; i++) { PackageParser.Package installPackage = installerPackages.get(i); grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId); } // Verifiers Loading @@ -239,6 +242,7 @@ final class DefaultPermissionGrantPolicy { for (int i = 0; i < verifierCount; i++) { PackageParser.Package verifierPackage = verifierPackages.get(i); grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); } // SetupWizard Loading Loading @@ -273,6 +277,30 @@ final class DefaultPermissionGrantPolicy { && doesPackageSupportRuntimePermissions(cameraPackage)) { grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); } // Media provider PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( MediaStore.AUTHORITY, userId); if (mediaStorePackage != null) { grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, userId); } // Downloads provider PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( "downloads", userId); if (downloadsPackage != null) { grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, userId); } // Downloads UI Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActvityPackageLPr( downloadsUiIntent, userId); if (downloadsUiPackage != null && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, userId); } // Messaging Loading Loading @@ -452,6 +480,15 @@ final class DefaultPermissionGrantPolicy { return null; } private PackageParser.Package getDefaultProviderAuthorityPackageLPr( String authority, int userId) { ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); if (provider != null) { return getSystemPackageLPr(provider.packageName); } return null; } private PackageParser.Package getSystemPackageLPr(String packageName) { PackageParser.Package pkg = mService.mPackages.get(packageName); if (pkg != null && pkg.isSystemApp()) { Loading
services/core/java/com/android/server/pm/PackageManagerService.java +39 −4 Original line number Diff line number Diff line Loading @@ -3337,6 +3337,27 @@ public class PackageManagerService extends IPackageManager.Stub { killSettingPackagesForUser(sb, userId, KILL_APP_REASON_PERMISSIONS_REVOKED); } @Override public void resetRuntimePermissions() { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, "revokeRuntimePermission"); int callingUid = Binder.getCallingUid(); if (callingUid != Process.SYSTEM_UID && callingUid != 0) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, "resetRuntimePermissions"); } synchronized (mPackages) { updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL); for (int userId : UserManagerService.getInstance().getUserIds()) { mDefaultPermissionPolicy.grantDefaultPermissions(userId); } } } @Override public int getPermissionFlags(String name, String packageName, int userId) { if (!sUserManager.exists(userId)) { Loading Loading @@ -14188,6 +14209,7 @@ public class PackageManagerService extends IPackageManager.Stub { boolean checkin = false; String packageName = null; ArraySet<String> permissionNames = null; int opti = 0; while (opti < args.length) { Loading @@ -14211,6 +14233,7 @@ public class PackageManagerService extends IPackageManager.Stub { pw.println(" k[eysets]: print known keysets"); pw.println(" r[esolvers]: dump intent resolvers"); pw.println(" perm[issions]: dump permissions"); pw.println(" permission [name ...]: dump declaration and use of given permission"); pw.println(" pref[erred]: print preferred package settings"); pw.println(" preferred-xml [--full]: print preferred package settings as xml"); pw.println(" prov[iders]: dump content providers"); Loading Loading @@ -14252,6 +14275,18 @@ public class PackageManagerService extends IPackageManager.Stub { dumpState.setDump(DumpState.DUMP_RESOLVERS); } else if ("perm".equals(cmd) || "permissions".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PERMISSIONS); } else if ("permission".equals(cmd)) { if (opti >= args.length) { pw.println("Error: permission requires permission name"); return; } permissionNames = new ArraySet<>(); while (opti < args.length) { permissionNames.add(args[opti]); opti++; } dumpState.setDump(DumpState.DUMP_PERMISSIONS | DumpState.DUMP_PACKAGES | DumpState.DUMP_SHARED_USERS); } else if ("pref".equals(cmd) || "preferred".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PREFERRED); } else if ("preferred-xml".equals(cmd)) { Loading Loading @@ -14534,8 +14569,8 @@ public class PackageManagerService extends IPackageManager.Stub { } if (!checkin && dumpState.isDumping(DumpState.DUMP_PERMISSIONS)) { mSettings.dumpPermissionsLPr(pw, packageName, dumpState); if (packageName == null) { mSettings.dumpPermissionsLPr(pw, packageName, permissionNames, dumpState); if (packageName == null && permissionNames == null) { for (int iperm=0; iperm<mAppOpPermissionPackages.size(); iperm++) { if (iperm == 0) { if (dumpState.onTitlePrinted()) Loading Loading @@ -14595,11 +14630,11 @@ public class PackageManagerService extends IPackageManager.Stub { } if (dumpState.isDumping(DumpState.DUMP_PACKAGES)) { mSettings.dumpPackagesLPr(pw, packageName, dumpState, checkin); mSettings.dumpPackagesLPr(pw, packageName, permissionNames, dumpState, checkin); } if (dumpState.isDumping(DumpState.DUMP_SHARED_USERS)) { mSettings.dumpSharedUsersLPr(pw, packageName, dumpState, checkin); mSettings.dumpSharedUsersLPr(pw, packageName, permissionNames, dumpState, checkin); } if (!checkin && dumpState.isDumping(DumpState.DUMP_INSTALLS) && packageName == null) {
services/core/java/com/android/server/pm/PermissionsState.java +17 −1 Original line number Diff line number Diff line Loading @@ -218,6 +218,22 @@ public final class PermissionsState { return permissionData != null && permissionData.isGranted(userId); } /** * Returns whether the state has any known request for the given permission name, * whether or not it has been granted. */ public boolean hasRequestedPermission(ArraySet<String> names) { if (mPermissions == null) { return false; } for (int i=names.size()-1; i>=0; i--) { if (mPermissions.get(names.valueAt(i)) != null) { return true; } } return false; } /** * Gets all permissions for a given device user id regardless if they * are install time or runtime permissions. Loading
