Move mGlobalGids and mSystemPermissions (3bc94726) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageManagerService.java

+2 −59

Original line number	Diff line number	Diff line
		@@ -753,9 +753,6 @@ public class PackageManagerService extends IPackageManager.Stub

		PackageManagerInternal.ExternalSourcesPolicy mExternalSourcesPolicy;

		// System configuration read by SystemConfig.
		final int[] mGlobalGids;
		final SparseArray<ArraySet<String>> mSystemPermissions;
		@GuardedBy("mAvailableFeatures")
		final ArrayMap<String, FeatureInfo> mAvailableFeatures;

		@@ -2430,8 +2427,6 @@ public class PackageManagerService extends IPackageManager.Stub

		Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "get system config");
		SystemConfig systemConfig = SystemConfig.getInstance();
		mGlobalGids = systemConfig.getGlobalGids();
		mSystemPermissions = systemConfig.getSystemPermissions();
		mAvailableFeatures = systemConfig.getAvailableFeatures();
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);

		@@ -5112,59 +5107,7 @@ public class PackageManagerService extends IPackageManager.Stub

		@Override
		public int checkUidPermission(String permName, int uid) {
		final int callingUid = Binder.getCallingUid();
		final int callingUserId = UserHandle.getUserId(callingUid);
		final boolean isCallerInstantApp = getInstantAppPackageName(callingUid) != null;
		final boolean isUidInstantApp = getInstantAppPackageName(uid) != null;
		final int userId = UserHandle.getUserId(uid);
		if (!sUserManager.exists(userId)) {
		return PackageManager.PERMISSION_DENIED;
		}

		synchronized (mPackages) {
		Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
		if (obj != null) {
		if (obj instanceof SharedUserSetting) {
		if (isCallerInstantApp) {
		return PackageManager.PERMISSION_DENIED;
		}
		} else if (obj instanceof PackageSetting) {
		final PackageSetting ps = (PackageSetting) obj;
		if (filterAppAccessLPr(ps, callingUid, callingUserId)) {
		return PackageManager.PERMISSION_DENIED;
		}
		}
		final SettingBase settingBase = (SettingBase) obj;
		final PermissionsState permissionsState = settingBase.getPermissionsState();
		if (permissionsState.hasPermission(permName, userId)) {
		if (isUidInstantApp) {
		if (mSettings.mPermissions.isPermissionInstant(permName)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		} else {
		return PackageManager.PERMISSION_GRANTED;
		}
		}
		// Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
		if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
		.hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		} else {
		ArraySet<String> perms = mSystemPermissions.get(uid);
		if (perms != null) {
		if (perms.contains(permName)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms
		.contains(Manifest.permission.ACCESS_FINE_LOCATION)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		}
		}
		}

		return PackageManager.PERMISSION_DENIED;
		return mPermissionManager.checkUidPermission(permName, uid, getCallingUid());
		}

		@Override
		@@ -12042,7 +11985,7 @@ public class PackageManagerService extends IPackageManager.Stub
		}
		}

		permissionsState.setGlobalGids(mGlobalGids);
		permissionsState.setGlobalGids(mPermissionManager.getGlobalGidsTEMP());

		final int N = pkg.requestedPermissions.size();
		for (int i=0; i<N; i++) {

services/core/java/com/android/server/pm/permission/PermissionManagerInternal.java

+2 −3

Original line number	Diff line number	Diff line
		@@ -144,6 +144,7 @@ public abstract class PermissionManagerInternal {

		public abstract int checkPermission(@NonNull String permName, @NonNull String packageName,
		int callingUid, int userId);
		public abstract int checkUidPermission(String permName, int uid, int callingUid);

		/**
		* Enforces the request is from the system or an app that has INTERACT_ACROSS_USERS
		@@ -159,8 +160,6 @@ public abstract class PermissionManagerInternal {
		public abstract @NonNull DefaultPermissionGrantPolicy getDefaultPermissionGrantPolicy();

		/** HACK HACK methods to allow for partial migration of data to the PermissionManager class */
		public abstract Iterator<BasePermission> getPermissionIteratorTEMP();
		public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName);
		public abstract void putPermissionTEMP(@NonNull String permName,
		@NonNull BasePermission permission);
		public abstract @Nullable int[] getGlobalGidsTEMP();
		}
		No newline at end of file

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+70 −8

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ package com.android.server.pm.permission;

		import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
		import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
		import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;

		import android.Manifest;
		import android.annotation.NonNull;
		@@ -43,6 +44,7 @@ import android.util.ArrayMap;
		import android.util.ArraySet;
		import android.util.Log;
		import android.util.Slog;
		import android.util.SparseArray;

		import com.android.internal.R;
		import com.android.internal.logging.MetricsLogger;
		@@ -58,6 +60,7 @@ import com.android.server.pm.PackageManagerServiceUtils;
		import com.android.server.pm.PackageSetting;
		import com.android.server.pm.ProcessLoggingHandler;
		import com.android.server.pm.SharedUserSetting;
		import com.android.server.pm.UserManagerService;
		import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback;
		import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback;
		import com.android.server.pm.permission.PermissionsState.PermissionState;
		@@ -122,6 +125,10 @@ public class PermissionManagerService {
		/** Default permission policy to provide proper behaviour out-of-the-box */
		private final DefaultPermissionGrantPolicy mDefaultPermissionGrantPolicy;

		// System configuration read by SystemConfig.
		private final SparseArray<ArraySet<String>> mSystemPermissions;
		private final int[] mGlobalGids;

		/** Internal storage for permissions and related settings */
		private final PermissionSettings mSettings;

		@@ -146,6 +153,9 @@ public class PermissionManagerService {

		mDefaultPermissionGrantPolicy = new DefaultPermissionGrantPolicy(
		context, mHandlerThread.getLooper(), defaultGrantCallback, this);
		SystemConfig systemConfig = SystemConfig.getInstance();
		mSystemPermissions = systemConfig.getSystemPermissions();
		mGlobalGids = systemConfig.getGlobalGids();

		// propagate permission configuration
		final ArrayMap<String, SystemConfig.PermissionEntry> permConfig =
		@@ -230,6 +240,60 @@ public class PermissionManagerService {
		return PackageManager.PERMISSION_DENIED;
		}

		private int checkUidPermission(String permName, int uid, int callingUid) {
		final int callingUserId = UserHandle.getUserId(callingUid);
		final boolean isCallerInstantApp =
		mPackageManagerInt.getInstantAppPackageName(callingUid) != null;
		final boolean isUidInstantApp =
		mPackageManagerInt.getInstantAppPackageName(uid) != null;
		final int userId = UserHandle.getUserId(uid);
		if (!mUserManagerInt.exists(userId)) {
		return PackageManager.PERMISSION_DENIED;
		}

		final String[] packages = mContext.getPackageManager().getPackagesForUid(uid);
		if (packages != null && packages.length > 0) {
		final PackageParser.Package pkg = mPackageManagerInt.getPackage(packages[0]);
		if (pkg.mSharedUserId != null) {
		if (isCallerInstantApp) {
		return PackageManager.PERMISSION_DENIED;
		}
		} else {
		if (mPackageManagerInt.filterAppAccess(pkg, callingUid, callingUserId)) {
		return PackageManager.PERMISSION_DENIED;
		}
		}
		final PermissionsState permissionsState =
		((PackageSetting) pkg.mExtras).getPermissionsState();
		if (permissionsState.hasPermission(permName, userId)) {
		if (isUidInstantApp) {
		if (mSettings.isPermissionInstant(permName)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		} else {
		return PackageManager.PERMISSION_GRANTED;
		}
		}
		// Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
		if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
		.hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		} else {
		ArraySet<String> perms = mSystemPermissions.get(uid);
		if (perms != null) {
		if (perms.contains(permName)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms
		.contains(Manifest.permission.ACCESS_FINE_LOCATION)) {
		return PackageManager.PERMISSION_GRANTED;
		}
		}
		}
		return PackageManager.PERMISSION_DENIED;
		}

		private PermissionGroupInfo getPermissionGroupInfo(String groupName, int flags,
		int callingUid) {
		if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
		@@ -1320,6 +1384,10 @@ public class PermissionManagerService {
		permName, packageName, callingUid, userId);
		}
		@Override
		public int checkUidPermission(String permName, int uid, int callingUid) {
		return PermissionManagerService.this.checkUidPermission(permName, uid, callingUid);
		}
		@Override
		public PermissionGroupInfo getPermissionGroupInfo(String groupName, int flags,
		int callingUid) {
		return PermissionManagerService.this.getPermissionGroupInfo(
		@@ -1355,15 +1423,9 @@ public class PermissionManagerService {
		}
		}
		@Override
		public void putPermissionTEMP(String permName, BasePermission permission) {
		synchronized (PermissionManagerService.this.mLock) {
		mSettings.putPermissionLocked(permName, (BasePermission) permission);
		}
		}
		@Override
		public Iterator<BasePermission> getPermissionIteratorTEMP() {
		public int[] getGlobalGidsTEMP() {
		synchronized (PermissionManagerService.this.mLock) {
		return mSettings.getAllPermissionsLocked().iterator();
		return mGlobalGids;
		}
		}
		}