Loading services/core/java/com/android/server/pm/permission/PermissionManagerService.java +23 −0 Original line number Diff line number Diff line Loading @@ -1347,6 +1347,7 @@ public class PermissionManagerService { updatedUserIds); updatedUserIds = setInitialGrantForNewImplicitPermissionsLocked(origPermissions, permissionsState, pkg, newImplicitPermissions, updatedUserIds); updatedUserIds = checkIfLegacyStorageOpsNeedToBeUpdated(pkg, replace, updatedUserIds); } // Persist the runtime permissions state for users with changes. If permissions Loading Loading @@ -1472,6 +1473,28 @@ public class PermissionManagerService { ps.updatePermissionFlags(mSettings.getPermission(newPerm), userId, flags, flags); } /** * When the app has requested legacy storage we might need to update * {@link android.app.AppOpsManager#OP_LEGACY_STORAGE}. Hence force an update in * {@link com.android.server.policy.PermissionPolicyService#synchronizePackagePermissionsAndAppOpsForUser(Context, String, int)} * * @param pkg The package for which the permissions are updated * @param replace If the app is being replaced * @param updatedUserIds The ids of the users that already changed. * * @return The ids of the users that are changed */ private @NonNull int[] checkIfLegacyStorageOpsNeedToBeUpdated( @NonNull PackageParser.Package pkg, boolean replace, @NonNull int[] updatedUserIds) { if (replace && pkg.applicationInfo.hasRequestedLegacyExternalStorage() && ( pkg.requestedPermissions.contains(READ_EXTERNAL_STORAGE) || pkg.requestedPermissions.contains(WRITE_EXTERNAL_STORAGE))) { return UserManagerService.getInstance().getUserIds(); } return updatedUserIds; } /** * Set the state of a implicit permission that is seen for the first time. * Loading services/core/java/com/android/server/policy/PermissionPolicyService.java +24 −6 Original line number Diff line number Diff line Loading @@ -229,6 +229,15 @@ public final class PermissionPolicyService extends SystemService { * * @see #syncRestrictedOps */ private final @NonNull ArrayList<OpToUnrestrict> mOpsToAllowIfDefault = new ArrayList<>(); /** * All ops that need to be flipped to allow. * * Currently, only used by the restricted permissions logic. * * @see #syncRestrictedOps */ private final @NonNull ArrayList<OpToUnrestrict> mOpsToAllow = new ArrayList<>(); /** Loading @@ -238,7 +247,7 @@ public final class PermissionPolicyService extends SystemService { * * @see #syncRestrictedOps */ private final @NonNull ArrayList<OpToUnrestrict> mOpsToIgnore = new ArrayList<>(); private final @NonNull ArrayList<OpToUnrestrict> mOpsToIgnoreIfDefault = new ArrayList<>(); /** * All foreground permissions Loading @@ -262,11 +271,16 @@ public final class PermissionPolicyService extends SystemService { final int allowCount = mOpsToAllow.size(); for (int i = 0; i < allowCount; i++) { final OpToUnrestrict op = mOpsToAllow.get(i); setUidModeAllowed(op.code, op.uid); } final int allowIfDefaultCount = mOpsToAllowIfDefault.size(); for (int i = 0; i < allowIfDefaultCount; i++) { final OpToUnrestrict op = mOpsToAllowIfDefault.get(i); setUidModeAllowedIfDefault(op.code, op.uid, op.packageName); } final int ignoreCount = mOpsToIgnore.size(); for (int i = 0; i < ignoreCount; i++) { final OpToUnrestrict op = mOpsToIgnore.get(i); final int ignoreIfDefaultCount = mOpsToIgnoreIfDefault.size(); for (int i = 0; i < ignoreIfDefaultCount; i++) { final OpToUnrestrict op = mOpsToIgnoreIfDefault.get(i); setUidModeIgnoredIfDefault(op.code, op.uid, op.packageName); } final int defaultCount = mOpsToDefault.size(); Loading Loading @@ -341,7 +355,7 @@ public final class PermissionPolicyService extends SystemService { if (applyRestriction) { mOpsToDefault.add(new OpToRestrict(uid, opCode)); } else { mOpsToAllow.add(new OpToUnrestrict(uid, pkg.packageName, opCode)); mOpsToAllowIfDefault.add(new OpToUnrestrict(uid, pkg.packageName, opCode)); } } else if (permissionInfo.isSoftRestricted()) { // Storage uses a special app op to decide the mount state and Loading @@ -356,7 +370,7 @@ public final class PermissionPolicyService extends SystemService { mOpsToAllow.add(new OpToUnrestrict(uid, pkg.packageName, AppOpsManager.OP_LEGACY_STORAGE)); } else { mOpsToIgnore.add(new OpToUnrestrict(uid, pkg.packageName, mOpsToIgnoreIfDefault.add(new OpToUnrestrict(uid, pkg.packageName, AppOpsManager.OP_LEGACY_STORAGE)); } } Loading Loading @@ -421,6 +435,10 @@ public final class PermissionPolicyService extends SystemService { setUidModeIfDefault(opCode, uid, AppOpsManager.MODE_ALLOWED, packageName); } private void setUidModeAllowed(int opCode, int uid) { mAppOpsManager.setUidMode(opCode, uid, AppOpsManager.MODE_ALLOWED); } private void setUidModeIgnoredIfDefault(int opCode, int uid, @NonNull String packageName) { setUidModeIfDefault(opCode, uid, AppOpsManager.MODE_IGNORED, packageName); } Loading Loading
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +23 −0 Original line number Diff line number Diff line Loading @@ -1347,6 +1347,7 @@ public class PermissionManagerService { updatedUserIds); updatedUserIds = setInitialGrantForNewImplicitPermissionsLocked(origPermissions, permissionsState, pkg, newImplicitPermissions, updatedUserIds); updatedUserIds = checkIfLegacyStorageOpsNeedToBeUpdated(pkg, replace, updatedUserIds); } // Persist the runtime permissions state for users with changes. If permissions Loading Loading @@ -1472,6 +1473,28 @@ public class PermissionManagerService { ps.updatePermissionFlags(mSettings.getPermission(newPerm), userId, flags, flags); } /** * When the app has requested legacy storage we might need to update * {@link android.app.AppOpsManager#OP_LEGACY_STORAGE}. Hence force an update in * {@link com.android.server.policy.PermissionPolicyService#synchronizePackagePermissionsAndAppOpsForUser(Context, String, int)} * * @param pkg The package for which the permissions are updated * @param replace If the app is being replaced * @param updatedUserIds The ids of the users that already changed. * * @return The ids of the users that are changed */ private @NonNull int[] checkIfLegacyStorageOpsNeedToBeUpdated( @NonNull PackageParser.Package pkg, boolean replace, @NonNull int[] updatedUserIds) { if (replace && pkg.applicationInfo.hasRequestedLegacyExternalStorage() && ( pkg.requestedPermissions.contains(READ_EXTERNAL_STORAGE) || pkg.requestedPermissions.contains(WRITE_EXTERNAL_STORAGE))) { return UserManagerService.getInstance().getUserIds(); } return updatedUserIds; } /** * Set the state of a implicit permission that is seen for the first time. * Loading
services/core/java/com/android/server/policy/PermissionPolicyService.java +24 −6 Original line number Diff line number Diff line Loading @@ -229,6 +229,15 @@ public final class PermissionPolicyService extends SystemService { * * @see #syncRestrictedOps */ private final @NonNull ArrayList<OpToUnrestrict> mOpsToAllowIfDefault = new ArrayList<>(); /** * All ops that need to be flipped to allow. * * Currently, only used by the restricted permissions logic. * * @see #syncRestrictedOps */ private final @NonNull ArrayList<OpToUnrestrict> mOpsToAllow = new ArrayList<>(); /** Loading @@ -238,7 +247,7 @@ public final class PermissionPolicyService extends SystemService { * * @see #syncRestrictedOps */ private final @NonNull ArrayList<OpToUnrestrict> mOpsToIgnore = new ArrayList<>(); private final @NonNull ArrayList<OpToUnrestrict> mOpsToIgnoreIfDefault = new ArrayList<>(); /** * All foreground permissions Loading @@ -262,11 +271,16 @@ public final class PermissionPolicyService extends SystemService { final int allowCount = mOpsToAllow.size(); for (int i = 0; i < allowCount; i++) { final OpToUnrestrict op = mOpsToAllow.get(i); setUidModeAllowed(op.code, op.uid); } final int allowIfDefaultCount = mOpsToAllowIfDefault.size(); for (int i = 0; i < allowIfDefaultCount; i++) { final OpToUnrestrict op = mOpsToAllowIfDefault.get(i); setUidModeAllowedIfDefault(op.code, op.uid, op.packageName); } final int ignoreCount = mOpsToIgnore.size(); for (int i = 0; i < ignoreCount; i++) { final OpToUnrestrict op = mOpsToIgnore.get(i); final int ignoreIfDefaultCount = mOpsToIgnoreIfDefault.size(); for (int i = 0; i < ignoreIfDefaultCount; i++) { final OpToUnrestrict op = mOpsToIgnoreIfDefault.get(i); setUidModeIgnoredIfDefault(op.code, op.uid, op.packageName); } final int defaultCount = mOpsToDefault.size(); Loading Loading @@ -341,7 +355,7 @@ public final class PermissionPolicyService extends SystemService { if (applyRestriction) { mOpsToDefault.add(new OpToRestrict(uid, opCode)); } else { mOpsToAllow.add(new OpToUnrestrict(uid, pkg.packageName, opCode)); mOpsToAllowIfDefault.add(new OpToUnrestrict(uid, pkg.packageName, opCode)); } } else if (permissionInfo.isSoftRestricted()) { // Storage uses a special app op to decide the mount state and Loading @@ -356,7 +370,7 @@ public final class PermissionPolicyService extends SystemService { mOpsToAllow.add(new OpToUnrestrict(uid, pkg.packageName, AppOpsManager.OP_LEGACY_STORAGE)); } else { mOpsToIgnore.add(new OpToUnrestrict(uid, pkg.packageName, mOpsToIgnoreIfDefault.add(new OpToUnrestrict(uid, pkg.packageName, AppOpsManager.OP_LEGACY_STORAGE)); } } Loading Loading @@ -421,6 +435,10 @@ public final class PermissionPolicyService extends SystemService { setUidModeIfDefault(opCode, uid, AppOpsManager.MODE_ALLOWED, packageName); } private void setUidModeAllowed(int opCode, int uid) { mAppOpsManager.setUidMode(opCode, uid, AppOpsManager.MODE_ALLOWED); } private void setUidModeIgnoredIfDefault(int opCode, int uid, @NonNull String packageName) { setUidModeIfDefault(opCode, uid, AppOpsManager.MODE_IGNORED, packageName); } Loading
