Merge "Revert "Move PermissionsState into PermissionManagerService."" (690dd9a6) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageManagerService.java

+53 −43

Original line number	Diff line number	Diff line
		@@ -103,6 +103,7 @@ import static android.os.incremental.IncrementalManager.isIncrementalPath;
		import static android.os.storage.StorageManager.FLAG_STORAGE_CE;
		import static android.os.storage.StorageManager.FLAG_STORAGE_DE;
		import static android.os.storage.StorageManager.FLAG_STORAGE_EXTERNAL;
		import static android.permission.PermissionManager.KILL_APP_REASON_GIDS_CHANGED;

		import static com.android.internal.annotations.VisibleForTesting.Visibility;
		import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_MANAGED_PROFILE;
		@@ -364,6 +365,7 @@ import com.android.server.pm.parsing.pkg.ParsedPackage;
		import com.android.server.pm.permission.BasePermission;
		import com.android.server.pm.permission.PermissionManagerService;
		import com.android.server.pm.permission.PermissionManagerServiceInternal;
		import com.android.server.pm.permission.PermissionsState;
		import com.android.server.policy.PermissionPolicyInternal;
		import com.android.server.rollback.RollbackManagerInternal;
		import com.android.server.security.VerityUtils;
		@@ -1805,7 +1807,7 @@ public class PackageManagerService extends IPackageManager.Stub
		synchronized (mLock) {
		removeMessages(WRITE_SETTINGS);
		removeMessages(WRITE_PACKAGE_RESTRICTIONS);
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		mDirtyUsers.clear();
		}
		Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND);
		@@ -1825,7 +1827,6 @@ public class PackageManagerService extends IPackageManager.Stub
		Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT);
		synchronized (mLock) {
		removeMessages(WRITE_PACKAGE_LIST);
		mPermissionManager.writePermissionsStateToPackageSettingsTEMP();
		mSettings.writePackageListLPr(msg.arg1);
		}
		Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND);
		@@ -2506,7 +2507,7 @@ public class PackageManagerService extends IPackageManager.Stub
		}

		mSettings.onVolumeForgotten(fsUuid);
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		}
		};
		@@ -3426,7 +3427,6 @@ public class PackageManagerService extends IPackageManager.Stub
		+ ((SystemClock.uptimeMillis()-startTime)/1000f)
		+ " seconds");

		mPermissionManager.readPermissionsStateFromPackageSettingsTEMP();
		// If the platform SDK has changed since the last time we booted,
		// we need to re-grant app permission to catch any new ones that
		// appear. This is really a hack, and means that apps can in some
		@@ -3544,7 +3544,7 @@ public class PackageManagerService extends IPackageManager.Stub

		// can downgrade to reader
		t.traceBegin("write settings");
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		t.traceEnd();
		EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY,
		SystemClock.uptimeMillis());
		@@ -3748,7 +3748,7 @@ public class PackageManagerService extends IPackageManager.Stub
		Slog.e(TAG, "updateAllSharedLibrariesLPw failed: ", e);
		}
		mPermissionManager.updatePermissions(pkg.getPackageName(), pkg);
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		} catch (PackageManagerException e) {
		// Whoops! Something went very wrong; roll back to the stub and disable the package
		@@ -3759,8 +3759,9 @@ public class PackageManagerService extends IPackageManager.Stub
		// If we don't, installing the system package fails during scan
		enableSystemPackageLPw(stubPkg);
		}
		installPackageFromSystemLIF(stubPkg.getCodePath(), null /allUserHandles/,
		null /origUserHandles/, true /writeSettings/);
		installPackageFromSystemLIF(stubPkg.getCodePath(),
		null /allUserHandles/, null /origUserHandles/,
		null /origPermissionsState/, true /writeSettings/);
		} catch (PackageManagerException pme) {
		// Serious WTF; we have to be able to install the stub
		Slog.wtf(TAG, "Failed to restore system package:" + stubPkg.getPackageName(),
		@@ -3774,7 +3775,7 @@ public class PackageManagerService extends IPackageManager.Stub
		stubPs.setEnabled(COMPONENT_ENABLED_STATE_DISABLED,
		UserHandle.USER_SYSTEM, "android");
		}
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		}
		return false;
		@@ -16262,7 +16263,7 @@ public class PackageManagerService extends IPackageManager.Stub
		res.setReturnCode(PackageManager.INSTALL_SUCCEEDED);
		//to update install status
		Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "writeSettings");
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
		}

		@@ -18862,11 +18863,29 @@ public class PackageManagerService extends IPackageManager.Stub
		if (outInfo != null) {
		outInfo.removedAppId = removedAppId;
		}
		if ((deletedPs.sharedUser == null \|\| deletedPs.sharedUser.packages.size() == 0)
		&& !isUpdatedSystemApp(deletedPs)) {
		mPermissionManager.removePermissionsStateTEMP(removedAppId);
		}
		mPermissionManager.updatePermissions(deletedPs.name, null);
		if (deletedPs.sharedUser != null) {
		// Remove permissions associated with package. Since runtime
		// permissions are per user we have to kill the removed package
		// or packages running under the shared user of the removed
		// package if revoking the permissions requested only by the removed
		// package is successful and this causes a change in gids.
		boolean shouldKill = false;
		for (int userId : UserManagerService.getInstance().getUserIds()) {
		final int userIdToKill = mSettings.updateSharedUserPermsLPw(deletedPs,
		userId);
		shouldKill \|= userIdToKill == UserHandle.USER_ALL
		\|\| userIdToKill >= UserHandle.USER_SYSTEM;
		}
		// If gids changed, kill all affected packages.
		if (shouldKill) {
		mHandler.post(() -> {
		// This has to happen with no lock held.
		killApplication(deletedPs.name, deletedPs.appId,
		KILL_APP_REASON_GIDS_CHANGED);
		});
		}
		}
		clearPackagePreferredActivitiesLPw(
		deletedPs.name, changedUsers, UserHandle.USER_ALL);
		}
		@@ -18900,7 +18919,7 @@ public class PackageManagerService extends IPackageManager.Stub
		// can downgrade to reader
		if (writeSettings) {
		// Save settings now
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		if (installedStateChanged) {
		mSettings.writeKernelMappingLPr(deletedPs);
		@@ -18987,7 +19006,8 @@ public class PackageManagerService extends IPackageManager.Stub
		if (DEBUG_REMOVE) Slog.d(TAG, "Re-installing system package: " + disabledPs);
		try {
		installPackageFromSystemLIF(disabledPs.getCodePathString(), allUserHandles,
		outInfo == null ? null : outInfo.origUsers, writeSettings);
		outInfo == null ? null : outInfo.origUsers, deletedPs.getPermissionsState(),
		writeSettings);
		} catch (PackageManagerException e) {
		Slog.w(TAG, "Failed to restore system package:" + deletedPkg.getPackageName() + ": "
		+ e.getMessage());
		@@ -19018,7 +19038,8 @@ public class PackageManagerService extends IPackageManager.Stub
		* Installs a package that's already on the system partition.
		*/
		private AndroidPackage installPackageFromSystemLIF(@NonNull String codePathString,
		@Nullable int[] allUserHandles, @Nullable int[] origUserHandles, boolean writeSettings)
		@Nullable int[] allUserHandles, @Nullable int[] origUserHandles,
		@Nullable PermissionsState origPermissionState, boolean writeSettings)
		throws PackageManagerException {
		final File codePath = new File(codePathString);
		@ParseFlags int parseFlags =
		@@ -19056,8 +19077,12 @@ public class PackageManagerService extends IPackageManager.Stub
		synchronized (mLock) {
		PackageSetting ps = mSettings.mPackages.get(pkg.getPackageName());

		// The update permissions method below will take care of removing obsolete permissions
		// and granting install permissions.
		// Propagate the permissions state as we do not want to drop on the floor
		// runtime permissions. The update permissions method below will take
		// care of removing obsolete permissions and grant install permissions.
		if (origPermissionState != null) {
		ps.getPermissionsState().copyFrom(origPermissionState);
		}
		mPermissionManager.updatePermissions(pkg.getPackageName(), pkg);

		final boolean applyUserRestrictions
		@@ -19091,7 +19116,7 @@ public class PackageManagerService extends IPackageManager.Stub
		}
		// can downgrade to reader here
		if (writeSettings) {
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		}
		return pkg;
		@@ -19165,7 +19190,7 @@ public class PackageManagerService extends IPackageManager.Stub
		} else {
		ps.pkgPrivateFlags &= ~ApplicationInfo.PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER;
		}
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		return true;
		}
		@@ -20357,7 +20382,7 @@ public class PackageManagerService extends IPackageManager.Stub
		(parser1, userId1) -> {
		synchronized (mLock) {
		mSettings.readAllDomainVerificationsLPr(parser1, userId1);
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		});
		} catch (Exception e) {
		@@ -21708,8 +21733,6 @@ public class PackageManagerService extends IPackageManager.Stub
		protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
		if (!DumpUtils.checkDumpAndUsageStatsPermission(mContext, TAG, pw)) return;

		mPermissionManager.writePermissionsStateToPackageSettingsTEMP();

		DumpState dumpState = new DumpState();
		boolean fullPreferred = false;
		boolean checkin = false;
		@@ -21905,7 +21928,7 @@ public class PackageManagerService extends IPackageManager.Stub
		dumpState.setDump(DumpState.DUMP_SERVICE_PERMISSIONS);
		} else if ("write".equals(cmd)) {
		synchronized (mLock) {
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		pw.println("Settings written.");
		return;
		}
		@@ -22623,7 +22646,7 @@ public class PackageManagerService extends IPackageManager.Stub
		// Yay, everything is now upgraded
		ver.forceCurrent();

		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}

		for (PackageFreezer freezer : freezers) {
		@@ -22673,7 +22696,7 @@ public class PackageManagerService extends IPackageManager.Stub
		AttributeCache.instance().removePackage(ps.name);
		}

		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		}

		@@ -23552,8 +23575,6 @@ public class PackageManagerService extends IPackageManager.Stub
		synchronized (mLock) {
		mDirtyUsers.remove(userId);
		mUserNeedsBadging.delete(userId);
		mPermissionManager.onUserRemoved(userId);
		mPermissionManager.writePermissionsStateToPackageSettingsTEMP();
		mSettings.removeUserLPw(userId);
		mPendingBroadcasts.remove(userId);
		mInstantAppRegistry.onUserRemovedLPw(userId);
		@@ -25110,7 +25131,7 @@ public class PackageManagerService extends IPackageManager.Stub
		if (async) {
		scheduleWriteSettingsLocked();
		} else {
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		}
		}
		@@ -25157,7 +25178,7 @@ public class PackageManagerService extends IPackageManager.Stub
		return;
		}
		mSettings.mReadExternalStorageEnforced = enforced ? Boolean.TRUE : Boolean.FALSE;
		writeSettingsLPrTEMP();
		mSettings.writeLPr();
		}
		}

		@@ -25671,17 +25692,6 @@ public class PackageManagerService extends IPackageManager.Stub
		public List<String> getMimeGroup(String packageName, String mimeGroup) {
		return mSettings.mPackages.get(packageName).getMimeGroup(mimeGroup);
		}

		/**
		* Temporary method that wraps mSettings.writeLPr() and calls
		* mPermissionManager.writePermissionsStateToPackageSettingsTEMP() beforehand.
		*
		* TODO(zhanghai): This should be removed once we finish migration of permission storage.
		*/
		private void writeSettingsLPrTEMP() {
		mPermissionManager.writePermissionsStateToPackageSettingsTEMP();
		mSettings.writeLPr();
		}
		}

		interface PackageSender {

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+16 −0

Original line number	Diff line number	Diff line
		@@ -34,6 +34,7 @@ import android.content.Context;
		import android.content.Intent;
		import android.content.pm.PackageInfoLite;
		import android.content.pm.PackageManager;
		import android.content.pm.PackageManagerInternal;
		import android.content.pm.PackageParser;
		import android.content.pm.PackageParser.PackageParserException;
		import android.content.pm.ResolveInfo;
		@@ -67,6 +68,7 @@ import com.android.server.EventLogTags;
		import com.android.server.pm.dex.DexManager;
		import com.android.server.pm.dex.PackageDexUsage;
		import com.android.server.pm.parsing.pkg.AndroidPackage;
		import com.android.server.pm.permission.PermissionsState;

		import dalvik.system.VMRuntime;

		@@ -965,6 +967,20 @@ public class PackageManagerServiceUtils {
		}
		}

		/**
		* Returns the {@link PermissionsState} for the given package. If the {@link PermissionsState}
		* could not be found, {@code null} will be returned.
		*/
		public static PermissionsState getPermissionsState(
		PackageManagerInternal packageManagerInternal, AndroidPackage pkg) {
		final PackageSetting packageSetting = packageManagerInternal.getPackageSetting(
		pkg.getPackageName());
		if (packageSetting == null) {
		return null;
		}
		return packageSetting.getPermissionsState();
		}

		/**
		* Recursively create target directory
		*/

services/core/java/com/android/server/pm/Settings.java

+108 −0

Original line number	Diff line number	Diff line
		@@ -954,6 +954,93 @@ public final class Settings {
		}
		}

		/*
		* Update the shared user setting when a package with a shared user id is removed. The gids
		* associated with each permission of the deleted package are removed from the shared user'
		* gid list only if its not in use by other permissions of packages in the shared user setting.
		*
		* @return the affected user id
		*/
		@UserIdInt
		int updateSharedUserPermsLPw(PackageSetting deletedPs, int userId) {
		if ((deletedPs == null) \|\| (deletedPs.pkg == null)) {
		Slog.i(PackageManagerService.TAG,
		"Trying to update info for null package. Just ignoring");
		return UserHandle.USER_NULL;
		}

		// No sharedUserId
		if (deletedPs.sharedUser == null) {
		return UserHandle.USER_NULL;
		}

		SharedUserSetting sus = deletedPs.sharedUser;

		int affectedUserId = UserHandle.USER_NULL;
		// Update permissions
		for (String eachPerm : deletedPs.pkg.getRequestedPermissions()) {
		BasePermission bp = mPermissions.getPermission(eachPerm);
		if (bp == null) {
		continue;
		}

		// Check if another package in the shared user needs the permission.
		boolean used = false;
		for (PackageSetting pkg : sus.packages) {
		if (pkg.pkg != null
		&& !pkg.pkg.getPackageName().equals(deletedPs.pkg.getPackageName())
		&& pkg.pkg.getRequestedPermissions().contains(eachPerm)) {
		used = true;
		break;
		}
		}
		if (used) {
		continue;
		}

		PermissionsState permissionsState = sus.getPermissionsState();
		PackageSetting disabledPs = getDisabledSystemPkgLPr(deletedPs.pkg.getPackageName());

		// If the package is shadowing is a disabled system package,
		// do not drop permissions that the shadowed package requests.
		if (disabledPs != null) {
		boolean reqByDisabledSysPkg = false;
		for (String permission : disabledPs.pkg.getRequestedPermissions()) {
		if (permission.equals(eachPerm)) {
		reqByDisabledSysPkg = true;
		break;
		}
		}
		if (reqByDisabledSysPkg) {
		continue;
		}
		}

		// Try to revoke as an install permission which is for all users.
		// The package is gone - no need to keep flags for applying policy.
		permissionsState.updatePermissionFlags(bp, userId,
		PackageManager.MASK_PERMISSION_FLAGS_ALL, 0);

		if (permissionsState.revokeInstallPermission(bp) ==
		PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED) {
		affectedUserId = UserHandle.USER_ALL;
		}

		// Try to revoke as an install permission which is per user.
		if (permissionsState.revokeRuntimePermission(bp, userId) ==
		PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED) {
		if (affectedUserId == UserHandle.USER_NULL) {
		affectedUserId = userId;
		} else if (affectedUserId != userId) {
		// Multiple users affected.
		affectedUserId = UserHandle.USER_ALL;
		}
		}
		}

		return affectedUserId;
		}

		int removePackageLPw(String name) {
		final PackageSetting p = mPackages.get(name);
		if (p != null) {
		@@ -5460,11 +5547,32 @@ public final class Settings {
		// Make sure we do not
		mHandler.removeMessages(userId);

		for (SettingBase sb : mPackages.values()) {
		revokeRuntimePermissionsAndClearFlags(sb, userId);
		}

		for (SettingBase sb : mSharedUsers.values()) {
		revokeRuntimePermissionsAndClearFlags(sb, userId);
		}

		mPermissionUpgradeNeeded.delete(userId);
		mVersions.delete(userId);
		mFingerprints.remove(userId);
		}

		private void revokeRuntimePermissionsAndClearFlags(SettingBase sb, int userId) {
		PermissionsState permissionsState = sb.getPermissionsState();
		for (PermissionState permissionState
		: permissionsState.getRuntimePermissionStates(userId)) {
		BasePermission bp = mPermissions.getPermission(permissionState.getName());
		if (bp != null) {
		permissionsState.revokeRuntimePermission(bp, userId);
		permissionsState.updatePermissionFlags(bp, userId,
		PackageManager.MASK_PERMISSION_FLAGS_ALL, 0);
		}
		}
		}

		public void deleteUserRuntimePermissionsFile(int userId) {
		mPersistence.deleteForUser(UserHandle.of(userId));
		}

services/core/java/com/android/server/pm/permission/BasePermission.java

+3 −1

Original line number	Diff line number	Diff line
		@@ -38,6 +38,7 @@ import android.util.Slog;

		import com.android.server.pm.DumpState;
		import com.android.server.pm.PackageManagerService;
		import com.android.server.pm.PackageSetting;
		import com.android.server.pm.PackageSettingBase;
		import com.android.server.pm.parsing.PackageInfoUtils;
		import com.android.server.pm.parsing.pkg.AndroidPackage;
		@@ -419,7 +420,8 @@ public final class BasePermission {
		}

		public void enforceDeclaredUsedAndRuntimeOrDevelopment(AndroidPackage pkg,
		PermissionsState permsState) {
		PackageSetting pkgSetting) {
		final PermissionsState permsState = pkgSetting.getPermissionsState();
		int index = pkg.getRequestedPermissions().indexOf(name);
		if (!permsState.hasRequestedPermission(name) && index == -1) {
		throw new SecurityException("Package " + pkg.getPackageName()

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+93 −178

File changed.

Preview size limit exceeded, changes collapsed.