Merge "Only report permissions that require re-evaluation as changed." (3d5494f3) · Commits · e / os / android_frameworks_base

services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPersistence.kt

+2 −2

Original line number	Diff line number	Diff line
		@@ -74,8 +74,8 @@ class AppIdPermissionPersistence {
		if (packageName !in externalState.packageStates &&
		packageName !in externalState.disabledSystemPackageStates) {
		Slog.w(
		LOG_TAG,
		"Dropping permission with unknown package $packageName when parsing permissions"
		LOG_TAG, "Dropping permission ${permission.name} from unknown package" +
		" $packageName when parsing permissions"
		)
		permissions.removeAt(permissionIndex)
		systemState.requestWriteMode(WriteMode.ASYNCHRONOUS)

services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt

+20 −10

Original line number	Diff line number	Diff line
		@@ -427,7 +427,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		// It's a config permission and has no owner, take ownership now.
		oldPermission.copy(
		permissionInfo = newPermissionInfo, isReconciled = true,
		appId = packageState.appId
		type = Permission.TYPE_MANIFEST, appId = packageState.appId
		)
		} else if (newState.externalState.packageStates[oldPackageName]?.isSystem != true) {
		Slog.w(
		@@ -461,11 +461,12 @@ class AppIdPermissionPolicy : SchemePolicy() {
		val isPermissionGroupChanged = newPermissionInfo.isRuntime &&
		newPermissionInfo.group != null &&
		newPermissionInfo.group != oldPermission.groupName
		val isPermissionTypeChanged = oldPermission.type != Permission.TYPE_CONFIG && (
		val isPermissionProtectionChanged =
		oldPermission.type != Permission.TYPE_CONFIG && (
		(newPermissionInfo.isRuntime && !oldPermission.isRuntime) \|\|
		(newPermissionInfo.isInternal && !oldPermission.isInternal)
		)
		if (isPermissionGroupChanged \|\| isPermissionTypeChanged) {
		if (isPermissionGroupChanged \|\| isPermissionProtectionChanged) {
		newState.externalState.userIds.forEachIndexed { _, userId ->
		newState.externalState.appIdPackageNames.forEachIndexed { _, appId, _ ->
		if (isPermissionGroupChanged) {
		@@ -480,11 +481,11 @@ class AppIdPermissionPolicy : SchemePolicy() {
		" to ${newPermissionInfo.group}"
		)
		}
		if (isPermissionTypeChanged) {
		if (isPermissionProtectionChanged) {
		Slog.w(
		LOG_TAG, "Revoking permission $permissionName for" +
		" appId $appId and userId $userId as the permission" +
		" type changed."
		" protection changed."
		)
		}
		setPermissionFlags(appId, userId, permissionName, 0)
		@@ -500,7 +501,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		if (oldPermission != null) {
		oldPermission.copy(
		permissionInfo = newPermissionInfo, isReconciled = true,
		appId = packageState.appId
		type = Permission.TYPE_MANIFEST, appId = packageState.appId
		)
		} else {
		Permission(
		@@ -513,10 +514,19 @@ class AppIdPermissionPolicy : SchemePolicy() {
		newState.mutateSystemState().mutatePermissionTrees()[permissionName] = newPermission
		} else {
		newState.mutateSystemState().mutatePermissions()[permissionName] = newPermission
		}
		val isPermissionChanged = oldPermission == null \|\|
		newPackageName != oldPermission.packageName \|\|
		newPermission.protectionLevel != oldPermission.protectionLevel \|\| (
		oldPermission.isReconciled && newPermission.isRuntime &&
		newPermission.groupName != null &&
		newPermission.groupName != oldPermission.groupName
		)
		if (isPermissionChanged) {
		changedPermissionNames += permissionName
		}
		}
		}
		}

		private fun MutateStateScope.trimPermissions(
		packageName: String,