Move permission flag methods (230c0a7e) · Commits · e / os / android_frameworks_base

core/java/android/app/ApplicationPackageManager.java

+10 −9

Original line number	Diff line number	Diff line
		@@ -722,31 +722,32 @@ public class ApplicationPackageManager extends PackageManager {
		}

		@Override
		public int getPermissionFlags(String permissionName, String packageName, UserHandle user) {
		public int getPermissionFlags(String permName, String packageName, UserHandle user) {
		try {
		return mPM.getPermissionFlags(permissionName, packageName, user.getIdentifier());
		return mPermissionManager
		.getPermissionFlags(permName, packageName, user.getIdentifier());
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}

		@Override
		public void updatePermissionFlags(String permissionName, String packageName,
		public void updatePermissionFlags(String permName, String packageName,
		int flagMask, int flagValues, UserHandle user) {
		if (DEBUG_TRACE_GRANTS
		&& shouldTraceGrant(packageName, permissionName, user.getIdentifier())) {
		&& shouldTraceGrant(packageName, permName, user.getIdentifier())) {
		Log.i(TAG, "App " + mContext.getPackageName() + " is updating flags for "
		+ permissionName + " for user " + user.getIdentifier() + ": "
		+ permName + " for user " + user.getIdentifier() + ": "
		+ DebugUtils.flagsToString(PackageManager.class, "FLAG_PERMISSION_", flagMask)
		+ " := " + DebugUtils.flagsToString(
		PackageManager.class, "FLAG_PERMISSION_", flagValues),
		new RuntimeException());
		}
		try {
		mPM.updatePermissionFlags(permissionName, packageName, flagMask,
		flagValues,
		mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.Q,
		user.getIdentifier());
		final boolean checkAdjustPolicyFlagPermission =
		mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.Q;
		mPermissionManager.updatePermissionFlags(permName, packageName, flagMask,
		flagValues, checkAdjustPolicyFlagPermission, user.getIdentifier());
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}

core/java/android/content/pm/IPackageManager.aidl

+0 −7

Original line number	Diff line number	Diff line
		@@ -108,13 +108,6 @@ interface IPackageManager {

		void resetRuntimePermissions();

		int getPermissionFlags(String permissionName, String packageName, int userId);

		void updatePermissionFlags(String permissionName, String packageName, int flagMask,
		int flagValues, boolean checkAdjustPolicyFlagPermission, int userId);

		void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId);

		List<String> getWhitelistedRestrictedPermissions(String packageName, int flags,
		int userId);

core/java/android/content/pm/PackageManagerInternal.java

+18 −11

Original line number	Diff line number	Diff line
		@@ -742,17 +742,6 @@ public abstract class PackageManagerInternal {
		public abstract boolean filterAppAccess(
		@Nullable PackageParser.Package pkg, int callingUid, int userId);

		/*
		* NOTE: The following methods are temporary until permissions are extracted from
		* the package manager into a component specifically for handling permissions.
		*/
		/** Returns the flags for the given permission. */
		public abstract @Nullable int getPermissionFlagsTEMP(@NonNull String permName,
		@NonNull String packageName, int userId);
		/** Updates the flags for the given permission. */
		public abstract void updatePermissionFlagsTEMP(@NonNull String permName,
		@NonNull String packageName, int flagMask, int flagValues, int userId);

		/** Returns whether the given package was signed by the platform */
		public abstract boolean isPlatformSigned(String pkg);

		@@ -1006,4 +995,22 @@ public abstract class PackageManagerInternal {
		* the settings have been written.
		*/
		public abstract void writeSettings(boolean async);

		/**
		* Writes all permission settings for the given set of users to disk. If {@code async}
		* is {@code true}, the settings are written at some point in the future. Otherwise,
		* the call blocks until the settings have been written.
		*/
		public abstract void writePermissionSettings(@NonNull @UserIdInt int[] userIds, boolean async);

		/**
		* Returns the target SDK for the given UID. Will return {@code 0} if there is no
		* package associated with the UID or if the package has not been installed for
		* the user. Will return the highest target SDK if the UID references packages with
		* a shared user id.
		*/
		public abstract int getTargetSdk(int uid);

		/** HACK. Remove when listeners move to the permission manager */
		public abstract void onPermissionsChangedTEMP(int uid);
		}

core/java/android/permission/IPermissionManager.aidl

+7 −0

Original line number	Diff line number	Diff line
		@@ -39,4 +39,11 @@ interface IPermissionManager {
		boolean addPermission(in PermissionInfo info, boolean async);

		void removePermission(String name);

		int getPermissionFlags(String permName, String packageName, int userId);

		void updatePermissionFlags(String permName, String packageName, int flagMask,
		int flagValues, boolean checkAdjustPolicyFlagPermission, int userId);

		void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId);
		}

services/core/java/com/android/server/pm/PackageManagerService.java

+52 −123

Original line number	Diff line number	Diff line
		@@ -4569,55 +4569,6 @@ public class PackageManagerService extends IPackageManager.Stub
		return -1;
		}

		/**
		* Check if any package sharing/holding a uid has a low enough target SDK.
		*
		* @param uid The uid of the packages
		* @param higherTargetSDK The target SDK that might be higher than the searched package
		*
		* @return {@code true} if there is a package sharing/holding the uid with
		* {@code package.targetSDK < higherTargetSDK}
		*/
		private boolean hasTargetSdkInUidLowerThan(int uid, int higherTargetSDK) {
		int userId = UserHandle.getUserId(uid);

		synchronized (mPackages) {
		Object obj = mSettings.getSettingLPr(UserHandle.getAppId(uid));
		if (obj == null) {
		return false;
		}

		if (obj instanceof PackageSetting) {
		final PackageSetting ps = (PackageSetting) obj;

		if (!ps.getInstalled(userId)) {
		return false;
		}

		return ps.pkg.applicationInfo.targetSdkVersion < higherTargetSDK;
		} else if (obj instanceof SharedUserSetting) {
		final SharedUserSetting sus = (SharedUserSetting) obj;

		final int numPkgs = sus.packages.size();
		for (int i = 0; i < numPkgs; i++) {
		final PackageSetting ps = sus.packages.valueAt(i);

		if (!ps.getInstalled(userId)) {
		continue;
		}

		if (ps.pkg.applicationInfo.targetSdkVersion < higherTargetSDK) {
		return true;
		}
		}

		return false;
		} else {
		return false;
		}
		}
		}

		@Override
		public int[] getPackageGids(String packageName, int flags, int userId) {
		if (!sUserManager.exists(userId)) return null;
		@@ -5695,7 +5646,8 @@ public class PackageManagerService extends IPackageManager.Stub

		final long identity = Binder.clearCallingIdentity();
		try {
		final int flags = getPermissionFlags(permission, packageName, userId);
		final int flags = mPermissionManager
		.getPermissionFlags(permission, packageName, Binder.getCallingUid(), userId);
		return (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0;
		} finally {
		Binder.restoreCallingIdentity(identity);
		@@ -5798,63 +5750,6 @@ public class PackageManagerService extends IPackageManager.Stub
		}
		}

		@Override
		public int getPermissionFlags(String permName, String packageName, int userId) {
		return mPermissionManager.getPermissionFlags(
		permName, packageName, getCallingUid(), userId);
		}

		@Override
		public void updatePermissionFlags(String permName, String packageName, int flagMask,
		int flagValues, boolean checkAdjustPolicyFlagPermission, int userId) {
		int callingUid = getCallingUid();
		boolean overridePolicy = false;

		if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID) {
		long callingIdentity = Binder.clearCallingIdentity();
		try {
		if ((flagMask & FLAG_PERMISSION_POLICY_FIXED) != 0) {
		if (checkAdjustPolicyFlagPermission) {
		mContext.enforceCallingOrSelfPermission(
		Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY,
		"Need " + Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY
		+ " to change policy flags");
		} else if (!hasTargetSdkInUidLowerThan(callingUid, Build.VERSION_CODES.Q)) {
		throw new IllegalArgumentException(
		Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY + " needs "
		+ " to be checked for packages targeting "
		+ Build.VERSION_CODES.Q + " or later when changing policy "
		+ "flags");
		}

		overridePolicy = true;
		}
		} finally {
		Binder.restoreCallingIdentity(callingIdentity);
		}
		}

		mPermissionManager.updatePermissionFlags(
		permName, packageName, flagMask, flagValues, callingUid, userId,
		overridePolicy, mPermissionCallback);
		}

		/**
		* Update the permission flags for all packages and runtime permissions of a user in order
		* to allow device or profile owner to remove POLICY_FIXED.
		*/
		@Override
		public void updatePermissionFlagsForAllApps(int flagMask, int flagValues, int userId) {
		synchronized (mPackages) {
		final boolean changed = mPermissionManager.updatePermissionFlagsForAllApps(
		flagMask, flagValues, getCallingUid(), userId, mPackages.values(),
		mPermissionCallback);
		if (changed) {
		mSettings.writeRuntimePermissionsForUserLPr(userId, false);
		}
		}
		}

		@Override
		public @Nullable List<String> getWhitelistedRestrictedPermissions(@NonNull String packageName,
		@PermissionWhitelistFlags int whitelistFlags, @UserIdInt int userId) {
		@@ -6078,7 +5973,7 @@ public class PackageManagerService extends IPackageManager.Stub
		}

		@Override
		public boolean shouldShowRequestPermissionRationale(String permissionName,
		public boolean shouldShowRequestPermissionRationale(String permName,
		String packageName, int userId) {
		if (UserHandle.getCallingUserId() != userId) {
		mContext.enforceCallingPermission(
		@@ -6091,7 +5986,7 @@ public class PackageManagerService extends IPackageManager.Stub
		return false;
		}

		if (checkPermission(permissionName, packageName, userId)
		if (checkPermission(permName, packageName, userId)
		== PackageManager.PERMISSION_GRANTED) {
		return false;
		}
		@@ -6100,8 +5995,8 @@ public class PackageManagerService extends IPackageManager.Stub

		final long identity = Binder.clearCallingIdentity();
		try {
		flags = getPermissionFlags(permissionName,
		packageName, userId);
		flags = mPermissionManager
		.getPermissionFlags(permName, packageName, Binder.getCallingUid(), userId);
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		@@ -24170,13 +24065,6 @@ public class PackageManagerService extends IPackageManager.Stub
		}

		private class PackageManagerInternalImpl extends PackageManagerInternal {
		@Override
		public void updatePermissionFlagsTEMP(String permName, String packageName, int flagMask,
		int flagValues, int userId) {
		PackageManagerService.this.updatePermissionFlags(
		permName, packageName, flagMask, flagValues, true, userId);
		}

		@Override
		public List<ApplicationInfo> getInstalledApplications(int flags, int userId,
		int callingUid) {
		@@ -24257,11 +24145,6 @@ public class PackageManagerService extends IPackageManager.Stub
		}
		}

		@Override
		public int getPermissionFlagsTEMP(String permName, String packageName, int userId) {
		return PackageManagerService.this.getPermissionFlags(permName, packageName, userId);
		}

		@Override
		public boolean isInstantApp(String packageName, int userId) {
		return PackageManagerService.this.isInstantApp(packageName, userId);
		@@ -25036,6 +24919,52 @@ public class PackageManagerService extends IPackageManager.Stub
		}
		}
		}

		@Override
		public void writePermissionSettings(int[] userIds, boolean async) {
		synchronized (mPackages) {
		for (int userId : userIds) {
		mSettings.writeRuntimePermissionsForUserLPr(userId, !async);
		}
		}
		}

		@Override
		public void onPermissionsChangedTEMP(int uid) {
		mOnPermissionChangeListeners.onPermissionsChanged(uid);
		}

		@Override
		public int getTargetSdk(int uid) {
		int userId = UserHandle.getUserId(uid);

		synchronized (mPackages) {
		final Object obj = mSettings.getSettingLPr(UserHandle.getAppId(uid));
		if (obj instanceof PackageSetting) {
		final PackageSetting ps = (PackageSetting) obj;
		if (!ps.getInstalled(userId)) {
		return 0;
		}
		return ps.pkg.applicationInfo.targetSdkVersion;
		} else if (obj instanceof SharedUserSetting) {
		int maxTargetSdk = 0;
		final SharedUserSetting sus = (SharedUserSetting) obj;
		final int numPkgs = sus.packages.size();
		for (int i = 0; i < numPkgs; i++) {
		final PackageSetting ps = sus.packages.valueAt(i);
		if (!ps.getInstalled(userId)) {
		continue;
		}
		if (ps.pkg.applicationInfo.targetSdkVersion < maxTargetSdk) {
		continue;
		}
		maxTargetSdk = ps.pkg.applicationInfo.targetSdkVersion;
		}
		return maxTargetSdk;
		}
		return 0;
		}
		}
		}

		@GuardedBy("mPackages")