Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 40d77b9e authored by John Wu's avatar John Wu
Browse files

Migrate permissions when leaving sharedUserId 

- Retrieve the previous uid permission state and create a copy of it as
  the new app's uid state.
- Remove the app from the original shared user group. Other apps in the
  shared user group will perceive as if the original app is uninstalled.
- The new permission state is updated in updatePermissions() just like
  a normal package upgrade.

Test: atest CtsSharedUserMigrationTestCases
Bug: 179284822
Change-Id: I9d7c3b16959dd4b2c2684ddaf8bd223fb32c3c41
parent 12f6d7d9

services/core/java/android/content/pm/PackageManagerInternal.java

+6 −0
Original line number Diff line number Diff line
@@ -667,6 +667,12 @@ public abstract class PackageManagerInternal implements PackageSettingsSnapshotP 
     */

    public abstract @Nullable AndroidPackage getPackage(int uid);





    /**

     * Returns all packages for the given app ID.

     */

    public abstract @NonNull List<AndroidPackage> getPackagesForAppId(int appId);



    /**

     * Returns a list without a change observer.

     *

services/core/java/com/android/server/pm/InitAndSystemPackageHelper.java

+3 −0
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ import android.content.pm.ApplicationInfo; 
import android.content.pm.PackageManager;

import android.content.pm.parsing.ParsingPackageUtils;

import android.os.Environment;

import android.os.Process;

import android.os.SystemClock;

import android.os.Trace;

import android.os.UserHandle;
@@ -575,6 +576,7 @@ public class InitAndSystemPackageHelper { 
                        Slog.w(TAG, "updateAllSharedLibrariesLPw failed: ", e);

                    }

                    mPm.mPermissionManager.onPackageInstalled(pkg,

                            Process.INVALID_UID /* previousAppId */,

                            PermissionManagerServiceInternal.PackageInstalledParams.DEFAULT,

                            UserHandle.USER_ALL);

                    mPm.writeSettingsLPrTEMP();
@@ -907,6 +909,7 @@ public class InitAndSystemPackageHelper { 
            // The method below will take care of removing obsolete permissions and granting

            // install permissions.

            mPm.mPermissionManager.onPackageInstalled(pkg,

                    Process.INVALID_UID /* previousAppId */,

                    PermissionManagerServiceInternal.PackageInstalledParams.DEFAULT,

                    UserHandle.USER_ALL);

            for (final int userId : allUserHandles) {

services/core/java/com/android/server/pm/InstallParams.java

+8 −6
Original line number Diff line number Diff line
@@ -1622,7 +1622,7 @@ final class InstallParams extends HandlerParams { 


            AndroidPackage pkg = mPm.commitReconciledScanResultLocked(reconciledPkg,

                    request.mAllUsers);

            updateSettingsLI(pkg, reconciledPkg.mInstallArgs, request.mAllUsers, res);

            updateSettingsLI(pkg, reconciledPkg, request.mAllUsers, res);



            final PackageSetting ps = mPm.mSettings.getPackageLPr(packageName);

            if (ps != null) {
@@ -1642,17 +1642,18 @@ final class InstallParams extends HandlerParams { 
        return mPm.mSettings.disableSystemPackageLPw(oldPkg.getPackageName(), true);

    }



    private void updateSettingsLI(AndroidPackage newPackage, InstallArgs installArgs,

    private void updateSettingsLI(AndroidPackage newPackage, ReconciledPackage reconciledPkg,

            int[] allUsers, PackageInstalledInfo res) {

        updateSettingsInternalLI(newPackage, installArgs, allUsers, res);

        updateSettingsInternalLI(newPackage, reconciledPkg, allUsers, res);

    }



    private void updateSettingsInternalLI(AndroidPackage pkg, InstallArgs installArgs,

    private void updateSettingsInternalLI(AndroidPackage pkg, ReconciledPackage reconciledPkg,

            int[] allUsers, PackageInstalledInfo res) {

        Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "updateSettings");



        final String pkgName = pkg.getPackageName();

        final int[] installedForUsers = res.mOrigUsers;

        final InstallArgs installArgs = reconciledPkg.mInstallArgs;

        final int installReason = installArgs.mInstallReason;

        InstallSource installSource = installArgs.mInstallSource;

        final String installerPackageName = installSource.installerPackageName;
@@ -1808,8 +1809,9 @@ final class InstallParams extends HandlerParams { 
                }

                final int autoRevokePermissionsMode = installArgs.mAutoRevokePermissionsMode;

                permissionParamsBuilder.setAutoRevokePermissionsMode(autoRevokePermissionsMode);

                mPm.mPermissionManager.onPackageInstalled(pkg, permissionParamsBuilder.build(),

                        userId);

                final ScanResult scanResult = reconciledPkg.mScanResult;

                mPm.mPermissionManager.onPackageInstalled(pkg, scanResult.mPreviousAppId,

                        permissionParamsBuilder.build(), userId);

            }

            res.mName = pkgName;

            res.mUid = pkg.getUid();

services/core/java/com/android/server/pm/PackageManagerService.java

+18 −0
Original line number Diff line number Diff line
@@ -13102,6 +13102,7 @@ public class PackageManagerService extends IPackageManager.Stub 
                                pkgSetting.pkg.getRequestedPermissions());

                    }

                    mPermissionManager.onPackageInstalled(pkgSetting.pkg,

                            Process.INVALID_UID /* previousAppId */,

                            permissionParamsBuilder.build(), userId);

                }










@@ -20022,6 +20023,23 @@ public class PackageManagerService extends IPackageManager.Stub













            return PackageManagerService.this.getPackage(uid);















        }



























        @Override













        public List<AndroidPackage> getPackagesForAppId(int appId) {













            final Object obj;













            synchronized (mLock) {













                obj = mSettings.getSettingLPr(appId);













            }













            if (obj instanceof SharedUserSetting) {













                final SharedUserSetting sus = (SharedUserSetting) obj;













                return sus.getPackages();













            } else if (obj instanceof PackageSetting) {













                final PackageSetting ps = (PackageSetting) obj;













                return List.of(ps.getPkg());













            } else {













                return Collections.emptyList();













            }













        }



























        @Nullable















        @Override















        public PackageSetting getPackageSetting(String packageName) {

























services/core/java/com/android/server/pm/ScanPackageHelper.java



+10
−7




























Original line number
Diff line number
Diff line








@@ -73,6 +73,7 @@ import android.content.pm.parsing.component.ParsedService;













import android.content.pm.parsing.result.ParseResult;















import android.content.pm.parsing.result.ParseTypeImpl;















import android.os.Build;













import android.os.Process;















import android.os.SystemProperties;















import android.os.Trace;















import android.os.UserHandle;










@@ -130,10 +131,12 @@ public final class ScanPackageHelper {













     */















    public boolean optimisticallyRegisterAppId(@NonNull ScanResult result)















            throws PackageManagerException {













        if (!result.mExistingSettingCopied || result.mNeedsNewAppId) {













        if (!result.mExistingSettingCopied || result.needsNewAppId()) {













            synchronized (mPm.mLock) {















                // THROWS: when we can't allocate a user id. add call to check if there's















                // enough space to ensure we won't throw; otherwise, don't modify state













            return mPm.mSettings.registerAppIdLPw(result.mPkgSetting, result.mNeedsNewAppId);













                return mPm.mSettings.registerAppIdLPw(result.mPkgSetting, result.needsNewAppId());













            }















        }















        return false;















    }










@@ -337,11 +340,11 @@ public final class ScanPackageHelper {













            }















        }





























        boolean leavingSharedUser = false;













        int previousAppId = Process.INVALID_UID;































        if (pkgSetting != null && pkgSetting.sharedUser != sharedUserSetting) {















            if (pkgSetting.sharedUser != null && sharedUserSetting == null) {













                leavingSharedUser = true;













                previousAppId = pkgSetting.appId;















                // Log that something is leaving shareduid and keep going















                Slog.i(TAG,















                        "Package " + parsedPackage.getPackageName() + " shared user changed from "










@@ -630,7 +633,7 @@ public final class ScanPackageHelper {





























        return new ScanResult(request, true, pkgSetting, changedAbiCodePath,















                !createNewPackage /* existingSettingCopied */,













                leavingSharedUser /* needsNewAppId */, staticSharedLibraryInfo,













                previousAppId, staticSharedLibraryInfo,















                dynamicSharedLibraryInfos);















    }