Use apex name when querying privapp allowlists (37389f61) · Commits · e / os / android_frameworks_base

core/java/com/android/server/SystemConfig.java

+6 −6

Original line number	Diff line number	Diff line
		@@ -435,15 +435,15 @@ public class SystemConfig {
		}

		/** Get privapp permission allowlist for an apk-in-apex. */
		public ArraySet<String> getApexPrivAppPermissions(String module, String packageName) {
		return mApexPrivAppPermissions.getOrDefault(module, EMPTY_PERMISSIONS)
		.get(packageName);
		public ArraySet<String> getApexPrivAppPermissions(String apexName, String apkPackageName) {
		return mApexPrivAppPermissions.getOrDefault(apexName, EMPTY_PERMISSIONS)
		.get(apkPackageName);
		}

		/** Get privapp permissions denylist for an apk-in-apex. */
		public ArraySet<String> getApexPrivAppDenyPermissions(String module, String packageName) {
		return mApexPrivAppDenyPermissions.getOrDefault(module, EMPTY_PERMISSIONS)
		.get(packageName);
		public ArraySet<String> getApexPrivAppDenyPermissions(String apexName, String apkPackageName) {
		return mApexPrivAppDenyPermissions.getOrDefault(apexName, EMPTY_PERMISSIONS)
		.get(apkPackageName);
		}

		public ArraySet<String> getVendorPrivAppPermissions(String packageName) {

+6 −2

Original line number	Diff line number	Diff line
		@@ -2535,8 +2535,10 @@ class PackageManagerShellCommand extends ShellCommand {
		privAppPermissions = SystemConfig.getInstance()
		.getSystemExtPrivAppPermissions(pkg);
		} else if (isApexApp(pkg)) {
		final String apexName = ApexManager.getInstance().getApexModuleNameForPackageName(
		getApexPackageNameContainingPackage(pkg));
		privAppPermissions = SystemConfig.getInstance()
		.getApexPrivAppPermissions(getApexPackageNameContainingPackage(pkg), pkg);
		.getApexPrivAppPermissions(apexName, pkg);
		} else {
		privAppPermissions = SystemConfig.getInstance().getPrivAppPermissions(pkg);
		}
		@@ -2562,8 +2564,10 @@ class PackageManagerShellCommand extends ShellCommand {
		privAppPermissions = SystemConfig.getInstance()
		.getSystemExtPrivAppDenyPermissions(pkg);
		} else if (isApexApp(pkg)) {
		final String apexName = ApexManager.getInstance().getApexModuleNameForPackageName(
		getApexPackageNameContainingPackage(pkg));
		privAppPermissions = SystemConfig.getInstance()
		.getApexPrivAppDenyPermissions(getApexPackageNameContainingPackage(pkg), pkg);
		.getApexPrivAppDenyPermissions(apexName, pkg);
		} else {
		privAppPermissions = SystemConfig.getInstance().getPrivAppDenyPermissions(pkg);
		}

+4 −1

Original line number	Diff line number	Diff line
		@@ -3291,10 +3291,13 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		} else if (pkg.isSystemExt()) {
		permissions = systemConfig.getSystemExtPrivAppPermissions(pkg.getPackageName());
		} else if (containingApexPackageName != null) {
		final ApexManager apexManager = ApexManager.getInstance();
		final String apexName = apexManager.getApexModuleNameForPackageName(
		containingApexPackageName);
		final Set<String> privAppPermissions = systemConfig.getPrivAppPermissions(
		pkg.getPackageName());
		final Set<String> apexPermissions = systemConfig.getApexPrivAppPermissions(
		containingApexPackageName, pkg.getPackageName());
		apexName, pkg.getPackageName());
		if (privAppPermissions != null) {
		// TODO(andreionea): Remove check as soon as all apk-in-apex
		// permission allowlists are migrated.