Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2bad176f authored by Hai Zhang's avatar Hai Zhang
Browse files

Move DefaultPermissionGrantPolicy out of PermissionManagerService. 

DefaultPermissionGrantPolicy should be migrated to role in the future,
however it requires exposing a lot of APIs, including
set*PackagesProvider() and grantPermissionsTo*(), which would soon be
deprecated once we finish migration to role. On the other hand, the
benefits of making DefaultPermissionGrantPolicy updatable is
negligible. So we should keep DefaultPermissionGrantPolicy in the
platform.

Since we are making permission updatable, and package is a different
thing from permission, we are creating a new internal service call
LegacyPermissionManagerService to host it. We need this new internal
service instead of directly exposing DefaultPermissionGrantPolicy,
because there are system APIs on the framework PermissionManager class
that needs an AIDL interface, and a small amount of the AIDL methods
there are not DefaultPermissionGrantPolicy but still should remain in
platform. For now, the AIDL methods are delegated to
LegacyPermissionManagerInternal via PermissionManagerService, but
later we will create its own AIDL for LegacyPermissionManagerService
and make the AIDL calls directly, without involving
PermissionManagerService.

So we are exposing a new LegacyPermissionManagerInternal on
LocalServices, and replacing the usages of the previous
PermissionManagerServiceInternal.

LegacyPermissionManagerInternal is also made available in
PackageManagerService to facilitate calling
DefaultPermissionGrantPolicy grantDefaultPermissions().

The system browser permission granting is moved into the browser
role's behavior, to avoid exposing it to RoleManagerService.

Bug: 158736025
Test: presubmit
Change-Id: Ic78f7775eaf0b1d7b5b940ccb03f7afc38437ef4
parent a23b25cd

services/core/java/com/android/server/NetworkScoreService.java

+3 −3
Original line number Diff line number Diff line
@@ -59,7 +59,7 @@ import com.android.internal.annotations.GuardedBy; 
import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.content.PackageMonitor;

import com.android.internal.util.DumpUtils;

import com.android.server.pm.permission.PermissionManagerServiceInternal;

import com.android.server.pm.permission.LegacyPermissionManagerInternal;



import java.io.FileDescriptor;

import java.io.PrintWriter;
@@ -290,7 +290,7 @@ public class NetworkScoreService extends INetworkScoreService.Stub { 
                    String useOpenWifiPackage = Global.getString(mContext.getContentResolver(),

                            Global.USE_OPEN_WIFI_PACKAGE);

                    if (!TextUtils.isEmpty(useOpenWifiPackage)) {

                        LocalServices.getService(PermissionManagerServiceInternal.class)

                        LocalServices.getService(LegacyPermissionManagerInternal.class)

                                .grantDefaultPermissionsToDefaultUseOpenWifiApp(useOpenWifiPackage,

                                        userId);

                    }
@@ -302,7 +302,7 @@ public class NetworkScoreService extends INetworkScoreService.Stub { 
                false /*notifyForDescendants*/,

                mUseOpenWifiPackageObserver);

        // Set a callback for the package manager to query the use open wifi app.

        LocalServices.getService(PermissionManagerServiceInternal.class)

        LocalServices.getService(LegacyPermissionManagerInternal.class)

                .setUseOpenWifiAppPackagesProvider((userId) -> {

                    String useOpenWifiPackage = Global.getString(mContext.getContentResolver(),

                            Global.USE_OPEN_WIFI_PACKAGE);

services/core/java/com/android/server/content/ContentService.java

+3 −4
Original line number Diff line number Diff line
@@ -76,8 +76,7 @@ import com.android.internal.util.DumpUtils; 
import com.android.internal.util.IndentingPrintWriter;

import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.SystemService.TargetUser;

import com.android.server.pm.permission.PermissionManagerServiceInternal;

import com.android.server.pm.permission.LegacyPermissionManagerInternal;



import java.io.FileDescriptor;

import java.io.PrintWriter;
@@ -296,8 +295,8 @@ public final class ContentService extends IContentService.Stub { 


        // Let the package manager query for the sync adapters for a given authority

        // as we grant default permissions to sync adapters for specific authorities.

        final PermissionManagerServiceInternal permissionManagerInternal =

                LocalServices.getService(PermissionManagerServiceInternal.class);

        final LegacyPermissionManagerInternal permissionManagerInternal =

                LocalServices.getService(LegacyPermissionManagerInternal.class);

        permissionManagerInternal.setSyncAdapterPackagesProvider((authority, userId) -> {

            return getSyncAdapterPackagesForAuthorityAsUser(authority, userId);

        });

services/core/java/com/android/server/location/LocationManagerService.java

+3 −3
Original line number Diff line number Diff line
@@ -113,7 +113,7 @@ import com.android.server.location.provider.MockLocationProvider; 
import com.android.server.location.provider.PassiveLocationProvider;

import com.android.server.location.provider.PassiveLocationProviderManager;

import com.android.server.location.provider.proxy.ProxyLocationProvider;

import com.android.server.pm.permission.PermissionManagerServiceInternal;

import com.android.server.pm.permission.LegacyPermissionManagerInternal;



import java.io.FileDescriptor;

import java.io.PrintWriter;
@@ -261,8 +261,8 @@ public class LocationManagerService extends ILocationManager.Stub { 


        // Let the package manager query which are the default location

        // providers as they get certain permissions granted by default.

        PermissionManagerServiceInternal permissionManagerInternal = LocalServices.getService(

                PermissionManagerServiceInternal.class);

        LegacyPermissionManagerInternal permissionManagerInternal = LocalServices.getService(

                LegacyPermissionManagerInternal.class);

        permissionManagerInternal.setLocationPackagesProvider(

                userId -> mContext.getResources().getStringArray(

                        com.android.internal.R.array.config_locationProviderPackageNames));

services/core/java/com/android/server/pm/DefaultAppProvider.java

+2 −12
Original line number Diff line number Diff line
@@ -27,7 +27,6 @@ import android.util.Slog; 
import com.android.internal.infra.AndroidFuture;

import com.android.internal.util.CollectionUtils;

import com.android.server.FgThread;

import com.android.server.pm.permission.PermissionManagerServiceInternal;



import java.util.concurrent.ExecutionException;

import java.util.concurrent.Executor;
@@ -42,19 +41,14 @@ import java.util.function.Supplier; 
public class DefaultAppProvider {

    @NonNull

    private final Supplier<RoleManager> mRoleManagerSupplier;

    @NonNull

    private final PermissionManagerServiceInternal mPermissionManager;



    /**

     * Create a new instance of this class

     *

     * @param roleManagerSupplier the supplier for {@link RoleManager}

     * @param permissionManager the {@link PermissionManagerServiceInternal}

     */

    public DefaultAppProvider(@NonNull Supplier<RoleManager> roleManagerSupplier, @NonNull

            PermissionManagerServiceInternal permissionManager) {

    public DefaultAppProvider(@NonNull Supplier<RoleManager> roleManagerSupplier) {

        mRoleManagerSupplier = roleManagerSupplier;

        mPermissionManager = permissionManager;

    }



    /**
@@ -73,11 +67,10 @@ public class DefaultAppProvider { 
     *

     * @param packageName package name of the default browser, or {@code null} to unset

     * @param async whether the operation should be asynchronous

     * @param doGrant whether to grant default permissions

     * @param userId the user ID

     * @return whether the default browser was successfully set.

     */

    public boolean setDefaultBrowser(@Nullable String packageName, boolean async, boolean doGrant,

    public boolean setDefaultBrowser(@Nullable String packageName, boolean async,

            @UserIdInt int userId) {

        if (userId == UserHandle.USER_ALL) {

            return false;
@@ -114,9 +107,6 @@ public class DefaultAppProvider { 
                    return false;

                }

            }

            if (doGrant && packageName != null) {

                mPermissionManager.grantDefaultPermissionsToDefaultBrowser(packageName, userId);

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

services/core/java/com/android/server/pm/PackageManagerService.java

+43 −14
Original line number Diff line number Diff line
@@ -380,6 +380,8 @@ import com.android.server.pm.parsing.pkg.AndroidPackage; 
import com.android.server.pm.parsing.pkg.AndroidPackageUtils;

import com.android.server.pm.parsing.pkg.PackageImpl;

import com.android.server.pm.parsing.pkg.ParsedPackage;

import com.android.server.pm.permission.LegacyPermissionManagerInternal;

import com.android.server.pm.permission.LegacyPermissionManagerService;

import com.android.server.pm.permission.Permission;

import com.android.server.pm.permission.PermissionManagerService;

import com.android.server.pm.permission.PermissionManagerServiceInternal;
@@ -961,6 +963,8 @@ public class PackageManagerService extends IPackageManager.Stub 
        private final Singleton<PackageInstallerService> mPackageInstallerServiceProducer;

        private final ProducerWithArgument<InstantAppResolverConnection, ComponentName>

                mInstantAppResolverConnectionProducer;

        private final Singleton<LegacyPermissionManagerInternal>

                mLegacyPermissionManagerInternalProducer;

        private final SystemWrapper mSystemWrapper;

        private final ServiceProducer mGetLocalServiceProducer;

        private final ServiceProducer mGetSystemServiceProducer;
@@ -993,6 +997,7 @@ public class PackageManagerService extends IPackageManager.Stub 
                ProducerWithArgument<InstantAppResolverConnection, ComponentName> 

                        instantAppResolverConnectionProducer,

                Producer<ModuleInfoProvider> moduleInfoProviderProducer,

                Producer<LegacyPermissionManagerInternal> legacyPermissionManagerInternalProducer,

                SystemWrapper systemWrapper,

                ServiceProducer getLocalServiceProducer,

                ServiceProducer getSystemServiceProducer) {
@@ -1026,6 +1031,8 @@ public class PackageManagerService extends IPackageManager.Stub 
            mPackageInstallerServiceProducer = new Singleton<>(packageInstallerServiceProducer);

            mInstantAppResolverConnectionProducer = instantAppResolverConnectionProducer;

            mModuleInfoProviderProducer = new Singleton<>(moduleInfoProviderProducer);

            mLegacyPermissionManagerInternalProducer = new Singleton<>(

                    legacyPermissionManagerInternalProducer);

            mSystemWrapper = systemWrapper;

            mGetLocalServiceProducer = getLocalServiceProducer;

            mGetSystemServiceProducer = getSystemServiceProducer;
@@ -1174,6 +1181,10 @@ public class PackageManagerService extends IPackageManager.Stub 
        public ModuleInfoProvider getModuleInfoProvider() {

            return mModuleInfoProviderProducer.get(this, mPackageManager);

        }













        public LegacyPermissionManagerInternal getLegacyPermissionManagerInternal() {













            return mLegacyPermissionManagerInternalProducer.get(this, mPackageManager);













        }















    }





























    /** Provides an abstraction to static access to system state. */










@@ -1232,6 +1243,7 @@ public class PackageManagerService extends IPackageManager.Stub













        public boolean isPreNupgrade;















        public boolean isPreQupgrade;















        public boolean isUpgrade;













        public LegacyPermissionManagerInternal legacyPermissionManagerInternal;















        public DisplayMetrics Metrics;















        public ModuleInfoProvider moduleInfoProvider;















        public MoveCallbacks moveCallbacks;










@@ -1375,6 +1387,8 @@ public class PackageManagerService extends IPackageManager.Stub



























    private final DefaultAppProvider mDefaultAppProvider;



























    private final LegacyPermissionManagerInternal mLegacyPermissionManager;



























    private final PackageProperty mPackageProperty = new PackageProperty();





























    private static class IFVerificationParams {










@@ -2838,8 +2852,8 @@ public class PackageManagerService extends IPackageManager.Stub













                (i, pm) -> new ViewCompiler(i.getInstallLock(), i.getInstaller()),















                (i, pm) -> (IncrementalManager)















                        i.getContext().getSystemService(Context.INCREMENTAL_SERVICE),













                (i, pm) -> new DefaultAppProvider(() -> context.getSystemService(RoleManager.class),













                        i.getPermissionManagerServiceInternal()),













                (i, pm) -> new DefaultAppProvider(() -> context.getSystemService(













                        RoleManager.class)),















                (i, pm) -> new DisplayMetrics(),















                (i, pm) -> new PackageParser2(pm.mSeparateProcesses, pm.mOnlyCore,















                        i.getDisplayMetrics(), pm.mCacheDir,









@@ -2856,6 +2870,7 @@ public class PackageManagerService extends IPackageManager.Stub













                (i, pm, cn) -> new InstantAppResolverConnection(















                        i.getContext(), cn, Intent.ACTION_RESOLVE_INSTANT_APP_PACKAGE),















                (i, pm) -> new ModuleInfoProvider(i.getContext(), pm),













                (i, pm) -> LegacyPermissionManagerService.create(i.getContext()),















                new DefaultSystemWrapper(),















                LocalServices::getService,















                context::getSystemService);










@@ -3032,6 +3047,7 @@ public class PackageManagerService extends IPackageManager.Stub













        mAvailableFeatures = testParams.availableFeatures;















        mDefParseFlags = testParams.defParseFlags;















        mDefaultAppProvider = testParams.defaultAppProvider;













        mLegacyPermissionManager = testParams.legacyPermissionManagerInternal;















        mDexManager = testParams.dexManager;















        mDirsToScanAsSystem = testParams.dirsToScanAsSystem;















        mFactoryTest = testParams.factoryTest;










@@ -3136,6 +3152,7 @@ public class PackageManagerService extends IPackageManager.Stub













        mPermissionManagerService = injector.getPermissionManagerService();















        mIncrementalManager = mInjector.getIncrementalManager();















        mDefaultAppProvider = mInjector.getDefaultAppProvider();













        mLegacyPermissionManager = mInjector.getLegacyPermissionManagerInternal();















        PlatformCompat platformCompat = mInjector.getCompatibility();















        mPackageParserCallback = new PackageParser2.Callback() {















            @Override










@@ -20702,7 +20719,7 @@ public class PackageManagerService extends IPackageManager.Stub













        final String defaultBrowserPackageName = mDefaultAppProvider.getDefaultBrowser(userId);















        if (!TextUtils.isEmpty(defaultBrowserPackageName)) {















            if (packageName.equals(defaultBrowserPackageName)) {













                mDefaultAppProvider.setDefaultBrowser(null, true, true, userId);













                mDefaultAppProvider.setDefaultBrowser(null, true, userId);















            }















        }















    }









@@ -20717,7 +20734,7 @@ public class PackageManagerService extends IPackageManager.Stub













            // If this browser is restored from user's backup, do not clear















            // default-browser state for this user















            if (installReason != PackageManager.INSTALL_REASON_DEVICE_RESTORE) {













                mDefaultAppProvider.setDefaultBrowser(null, true, true, userId);













                mDefaultAppProvider.setDefaultBrowser(null, true, userId);















            }















        }
























@@ -20755,7 +20772,7 @@ public class PackageManagerService extends IPackageManager.Stub













            // significant refactoring to keep all default apps in the package















            // manager (cleaner but more work) or have the services provide















            // callbacks to the package manager to request a default app reset.













            mDefaultAppProvider.setDefaultBrowser(null, true, true, userId);













            mDefaultAppProvider.setDefaultBrowser(null, true, userId);















            resetNetworkPolicies(userId);















            synchronized (mLock) {















                scheduleWritePackageRestrictionsLocked(userId);










@@ -20989,8 +21006,7 @@ public class PackageManagerService extends IPackageManager.Stub













                            defaultBrowser = mSettings.removeDefaultBrowserPackageNameLPw(userId1);















                        }















                        if (defaultBrowser != null) {













                            mDefaultAppProvider.setDefaultBrowser(defaultBrowser, false, false,













                                    userId1);













                            mDefaultAppProvider.setDefaultBrowser(defaultBrowser, false, userId1);















                        }















                    });















        } catch (Exception e) {










@@ -22250,6 +22266,24 @@ public class PackageManagerService extends IPackageManager.Stub



























        mPermissionManager.systemReady();



























        int[] grantPermissionsUserIds = EMPTY_INT_ARRAY;













        for (int userId : UserManagerService.getInstance().getUserIds()) {













            if (mPmInternal.isPermissionUpgradeNeeded(userId)) {













                grantPermissionsUserIds = ArrayUtils.appendInt(













                        grantPermissionsUserIds, userId);













            }













        }













        // If we upgraded grant all default permissions before kicking off.













        for (int userId : grantPermissionsUserIds) {













            mLegacyPermissionManager.grantDefaultPermissions(userId);













        }













        if (grantPermissionsUserIds == EMPTY_INT_ARRAY) {













            // If we did not grant default permissions, we preload from this the













            // default permission exceptions lazily to ensure we don't hit the













            // disk on a new user creation.













            mLegacyPermissionManager.scheduleReadDefaultPermissionExceptions();













        }



























        if (mInstantAppResolverConnection != null) {















            mContext.registerReceiver(new BroadcastReceiver() {















                @Override










@@ -24331,14 +24365,9 @@ public class PackageManagerService extends IPackageManager.Stub













            Slog.d(TAG, "onNewUserCreated(id=" + userId















                    + ", convertedFromPreCreated=" + convertedFromPreCreated + ")");















        }













        if (!convertedFromPreCreated) {













            mPermissionManager.onUserCreated(userId);













            return;













        }













        if (!readPermissionStateForUser(userId)) {













            // Could not read the existing permissions, re-grant them.













            Slog.i(TAG, "re-granting permissions for pre-created user " + userId);













        if (!convertedFromPreCreated || !readPermissionStateForUser(userId)) {















            mPermissionManager.onUserCreated(userId);













            mLegacyPermissionManager.grantDefaultPermissions(userId);















        }















    }