Loading services/core/java/com/android/server/pm/PackageManagerService.java +42 −14 Original line number Diff line number Diff line Loading @@ -248,7 +248,7 @@ public class PackageManagerService extends IPackageManager.Stub { private static final boolean DEBUG_DEXOPT = false; private static final boolean DEBUG_ABI_SELECTION = false; private static final boolean RUNTIME_PERMISSIONS_ENABLED = static final boolean RUNTIME_PERMISSIONS_ENABLED = SystemProperties.getInt("ro.runtime.permissions.enabled", 0) == 1; private static final int RADIO_UID = Process.PHONE_UID; Loading Loading @@ -1812,6 +1812,25 @@ public class PackageManagerService extends IPackageManager.Stub { + "; regranting permissions for internal storage"); mSettings.mInternalSdkPlatform = mSdkVersion; // We keep track for which users we granted permissions to be able // to grant runtime permissions to system apps for newly appeared // users. If we supported runtime permissions during the previous // boot, then we already granted permissions for all device users. // In such a case we set the users for which we granted permissions // to avoid clobbering of runtime permissions we granted to system // apps but the user revoked later. if (PackageManagerService.RUNTIME_PERMISSIONS_ENABLED && mSettings.mRuntimePermissionEnabled) { final int[] userIds = UserManagerService.getInstance().getUserIds(); for (PackageSetting ps : mSettings.mPackages.values()) { ps.setPermissionsUpdatedForUserIds(userIds); } for (SharedUserSetting sus : mSettings.mSharedUsers.values()) { sus.setPermissionsUpdatedForUserIds(userIds); } } updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL | (regrantPermissions ? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL) Loading Loading @@ -1843,7 +1862,6 @@ public class PackageManagerService extends IPackageManager.Stub { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY, SystemClock.uptimeMillis()); mRequiredVerifierPackage = getRequiredVerifierLPr(); } // synchronized (mPackages) } // synchronized (mInstallLock) Loading Loading @@ -6993,11 +7011,12 @@ public class PackageManagerService extends IPackageManager.Stub { final int[] currentUserIds = UserManagerService.getInstance().getUserIds(); int[] upgradeUserIds = PermissionsState.USERS_NONE; int[] changedRuntimePermissionUserIds = PermissionsState.USERS_NONE; boolean changedPermission = false; boolean changedInstallPermission = false; if (replace) { ps.permissionsFixed = false; ps.installPermissionsFixed = false; origPermissions = new PermissionsState(permissionsState); permissionsState.reset(); } Loading Loading @@ -7092,7 +7111,7 @@ public class PackageManagerService extends IPackageManager.Stub { } if (grant != GRANT_DENIED) { if (!isSystemApp(ps) && ps.permissionsFixed) { if (!isSystemApp(ps) && ps.installPermissionsFixed) { // If this is an existing, non-system package, then // we can't add any new permissions to it. if (!allowedSig && !origPermissions.hasInstallPermission(perm)) { Loading @@ -7110,7 +7129,7 @@ public class PackageManagerService extends IPackageManager.Stub { // Grant an install permission. if (permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; changedInstallPermission = true; } } break; Loading @@ -7118,9 +7137,11 @@ public class PackageManagerService extends IPackageManager.Stub { // Grant previously granted runtime permissions. for (int userId : UserManagerService.getInstance().getUserIds()) { if (origPermissions.hasRuntimePermission(bp.name, userId)) { if (permissionsState.grantRuntimePermission(bp, userId) != if (permissionsState.grantRuntimePermission(bp, userId) == PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; // If we cannot put the permission as it was, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } } Loading @@ -7132,7 +7153,9 @@ public class PackageManagerService extends IPackageManager.Stub { for (int userId : upgradeUserIds) { if (permissionsState.grantRuntimePermission(bp, userId) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; // If we granted the permission, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } } break; Loading @@ -7149,7 +7172,7 @@ public class PackageManagerService extends IPackageManager.Stub { } else { if (permissionsState.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; changedInstallPermission = true; Slog.i(TAG, "Un-granting permission " + perm + " from package " + pkg.packageName + " (protectionLevel=" + bp.protectionLevel Loading @@ -7169,15 +7192,20 @@ public class PackageManagerService extends IPackageManager.Stub { } } if ((changedPermission || replace) && !ps.permissionsFixed && if ((changedInstallPermission || replace) && !ps.installPermissionsFixed && !isSystemApp(ps) || isUpdatedSystemApp(ps)){ // This is the first that we have heard about this package, so the // permissions we have now selected are fixed until explicitly // changed. ps.permissionsFixed = true; ps.installPermissionsFixed = true; } ps.setPermissionsUpdatedForUserIds(currentUserIds); ps.setPermissionsUpdatedForUserIds(changedRuntimePermissionUserIds); // Persist the runtime permissions state for users with changes. for (int userId : changedRuntimePermissionUserIds) { mSettings.writeRuntimePermissionsForUserLPr(userId, true); } } private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) { Loading services/core/java/com/android/server/pm/PackageSettingBase.java +3 −3 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ abstract class PackageSettingBase extends SettingBase { PackageSignatures signatures = new PackageSignatures(); boolean permissionsFixed; boolean installPermissionsFixed; PackageKeySetData keySetData = new PackageKeySetData(); Loading Loading @@ -145,7 +145,7 @@ abstract class PackageSettingBase extends SettingBase { signatures = new PackageSignatures(base.signatures); permissionsFixed = base.permissionsFixed; installPermissionsFixed = base.installPermissionsFixed; userState.clear(); for (int i=0; i<base.userState.size(); i++) { userState.put(base.userState.keyAt(i), Loading Loading @@ -207,7 +207,7 @@ abstract class PackageSettingBase extends SettingBase { firstInstallTime = base.firstInstallTime; lastUpdateTime = base.lastUpdateTime; signatures = base.signatures; permissionsFixed = base.permissionsFixed; installPermissionsFixed = base.installPermissionsFixed; userState.clear(); for (int i=0; i<base.userState.size(); i++) { userState.put(base.userState.keyAt(i), base.userState.valueAt(i)); Loading services/core/java/com/android/server/pm/Settings.java +12 −13 Original line number Diff line number Diff line Loading @@ -175,6 +175,7 @@ final class Settings { private static final String ATTR_HIDDEN = "hidden"; private static final String ATTR_INSTALLED = "inst"; private static final String ATTR_BLOCK_UNINSTALL = "blockUninstall"; private static final String ATTR_RUNTIME_PERMSISSIONS_ENABLED = "runtime-permissions-enabled"; private final Object mLock; private final Context mContext; Loading @@ -201,6 +202,10 @@ final class Settings { int mInternalSdkPlatform; int mExternalSdkPlatform; // Whether runtime permissions are enabled. boolean mRuntimePermissionEnabled; /** * The current database version for apps on internal storage. This is * used to upgrade the format of the packages.xml database not necessarily Loading Loading @@ -1645,6 +1650,8 @@ final class Settings { serializer.attribute(null, "internal", Integer.toString(mInternalSdkPlatform)); serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform)); serializer.attribute(null, "fingerprint", mFingerprint); serializer.attribute(null, ATTR_RUNTIME_PERMSISSIONS_ENABLED, String.valueOf(PackageManagerService.RUNTIME_PERMISSIONS_ENABLED)); serializer.endTag(null, "last-platform-version"); serializer.startTag(null, "database-version"); Loading Loading @@ -2141,6 +2148,8 @@ final class Settings { } catch (NumberFormatException e) { } mFingerprint = parser.getAttributeValue(null, "fingerprint"); mRuntimePermissionEnabled = XmlUtils.readBooleanAttribute(parser, ATTR_RUNTIME_PERMSISSIONS_ENABLED); } else if (tagName.equals("database-version")) { mInternalDatabaseVersion = mExternalDatabaseVersion = 0; try { Loading Loading @@ -2253,17 +2262,6 @@ final class Settings { mReadMessages.append("Read completed successfully: " + mPackages.size() + " packages, " + mSharedUsers.size() + " shared uids\n"); // The persisted state we just read was generated after a permissions // update for all users, update each package and shared user setting // with the device users ids to start from were we left off. final int[] userIds = UserManagerService.getInstance().getUserIds(); for (PackageSetting ps : mPackages.values()) { ps.setPermissionsUpdatedForUserIds(userIds); } for (SharedUserSetting sus : mSharedUsers.values()) { sus.setPermissionsUpdatedForUserIds(userIds); } return true; } Loading Loading @@ -3001,7 +2999,7 @@ final class Settings { } else if (tagName.equals(TAG_PERMISSIONS)) { readInstallPermissionsLPr(parser, packageSetting.getPermissionsState()); packageSetting.permissionsFixed = true; packageSetting.installPermissionsFixed = true; } else if (tagName.equals("proper-signing-keyset")) { long id = Long.parseLong(parser.getAttributeValue(null, "identifier")); packageSetting.keySetData.setProperSigningKeySet(id); Loading Loading @@ -3574,7 +3572,8 @@ final class Settings { pw.println(ps.installerPackageName); } pw.print(prefix); pw.print(" signatures="); pw.println(ps.signatures); pw.print(prefix); pw.print(" permissionsFixed="); pw.print(ps.permissionsFixed); pw.print(prefix); pw.print(" installPermissionsFixed="); pw.print(ps.installPermissionsFixed); pw.print(" installStatus="); pw.println(ps.installStatus); pw.print(prefix); pw.print(" pkgFlags="); printFlags(pw, ps.pkgFlags, FLAG_DUMP_SPEC); pw.println(); Loading Loading
services/core/java/com/android/server/pm/PackageManagerService.java +42 −14 Original line number Diff line number Diff line Loading @@ -248,7 +248,7 @@ public class PackageManagerService extends IPackageManager.Stub { private static final boolean DEBUG_DEXOPT = false; private static final boolean DEBUG_ABI_SELECTION = false; private static final boolean RUNTIME_PERMISSIONS_ENABLED = static final boolean RUNTIME_PERMISSIONS_ENABLED = SystemProperties.getInt("ro.runtime.permissions.enabled", 0) == 1; private static final int RADIO_UID = Process.PHONE_UID; Loading Loading @@ -1812,6 +1812,25 @@ public class PackageManagerService extends IPackageManager.Stub { + "; regranting permissions for internal storage"); mSettings.mInternalSdkPlatform = mSdkVersion; // We keep track for which users we granted permissions to be able // to grant runtime permissions to system apps for newly appeared // users. If we supported runtime permissions during the previous // boot, then we already granted permissions for all device users. // In such a case we set the users for which we granted permissions // to avoid clobbering of runtime permissions we granted to system // apps but the user revoked later. if (PackageManagerService.RUNTIME_PERMISSIONS_ENABLED && mSettings.mRuntimePermissionEnabled) { final int[] userIds = UserManagerService.getInstance().getUserIds(); for (PackageSetting ps : mSettings.mPackages.values()) { ps.setPermissionsUpdatedForUserIds(userIds); } for (SharedUserSetting sus : mSettings.mSharedUsers.values()) { sus.setPermissionsUpdatedForUserIds(userIds); } } updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL | (regrantPermissions ? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL) Loading Loading @@ -1843,7 +1862,6 @@ public class PackageManagerService extends IPackageManager.Stub { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY, SystemClock.uptimeMillis()); mRequiredVerifierPackage = getRequiredVerifierLPr(); } // synchronized (mPackages) } // synchronized (mInstallLock) Loading Loading @@ -6993,11 +7011,12 @@ public class PackageManagerService extends IPackageManager.Stub { final int[] currentUserIds = UserManagerService.getInstance().getUserIds(); int[] upgradeUserIds = PermissionsState.USERS_NONE; int[] changedRuntimePermissionUserIds = PermissionsState.USERS_NONE; boolean changedPermission = false; boolean changedInstallPermission = false; if (replace) { ps.permissionsFixed = false; ps.installPermissionsFixed = false; origPermissions = new PermissionsState(permissionsState); permissionsState.reset(); } Loading Loading @@ -7092,7 +7111,7 @@ public class PackageManagerService extends IPackageManager.Stub { } if (grant != GRANT_DENIED) { if (!isSystemApp(ps) && ps.permissionsFixed) { if (!isSystemApp(ps) && ps.installPermissionsFixed) { // If this is an existing, non-system package, then // we can't add any new permissions to it. if (!allowedSig && !origPermissions.hasInstallPermission(perm)) { Loading @@ -7110,7 +7129,7 @@ public class PackageManagerService extends IPackageManager.Stub { // Grant an install permission. if (permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; changedInstallPermission = true; } } break; Loading @@ -7118,9 +7137,11 @@ public class PackageManagerService extends IPackageManager.Stub { // Grant previously granted runtime permissions. for (int userId : UserManagerService.getInstance().getUserIds()) { if (origPermissions.hasRuntimePermission(bp.name, userId)) { if (permissionsState.grantRuntimePermission(bp, userId) != if (permissionsState.grantRuntimePermission(bp, userId) == PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; // If we cannot put the permission as it was, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } } Loading @@ -7132,7 +7153,9 @@ public class PackageManagerService extends IPackageManager.Stub { for (int userId : upgradeUserIds) { if (permissionsState.grantRuntimePermission(bp, userId) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; // If we granted the permission, we have to write. changedRuntimePermissionUserIds = ArrayUtils.appendInt( changedRuntimePermissionUserIds, userId); } } } break; Loading @@ -7149,7 +7172,7 @@ public class PackageManagerService extends IPackageManager.Stub { } else { if (permissionsState.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { changedPermission = true; changedInstallPermission = true; Slog.i(TAG, "Un-granting permission " + perm + " from package " + pkg.packageName + " (protectionLevel=" + bp.protectionLevel Loading @@ -7169,15 +7192,20 @@ public class PackageManagerService extends IPackageManager.Stub { } } if ((changedPermission || replace) && !ps.permissionsFixed && if ((changedInstallPermission || replace) && !ps.installPermissionsFixed && !isSystemApp(ps) || isUpdatedSystemApp(ps)){ // This is the first that we have heard about this package, so the // permissions we have now selected are fixed until explicitly // changed. ps.permissionsFixed = true; ps.installPermissionsFixed = true; } ps.setPermissionsUpdatedForUserIds(currentUserIds); ps.setPermissionsUpdatedForUserIds(changedRuntimePermissionUserIds); // Persist the runtime permissions state for users with changes. for (int userId : changedRuntimePermissionUserIds) { mSettings.writeRuntimePermissionsForUserLPr(userId, true); } } private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) { Loading
services/core/java/com/android/server/pm/PackageSettingBase.java +3 −3 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ abstract class PackageSettingBase extends SettingBase { PackageSignatures signatures = new PackageSignatures(); boolean permissionsFixed; boolean installPermissionsFixed; PackageKeySetData keySetData = new PackageKeySetData(); Loading Loading @@ -145,7 +145,7 @@ abstract class PackageSettingBase extends SettingBase { signatures = new PackageSignatures(base.signatures); permissionsFixed = base.permissionsFixed; installPermissionsFixed = base.installPermissionsFixed; userState.clear(); for (int i=0; i<base.userState.size(); i++) { userState.put(base.userState.keyAt(i), Loading Loading @@ -207,7 +207,7 @@ abstract class PackageSettingBase extends SettingBase { firstInstallTime = base.firstInstallTime; lastUpdateTime = base.lastUpdateTime; signatures = base.signatures; permissionsFixed = base.permissionsFixed; installPermissionsFixed = base.installPermissionsFixed; userState.clear(); for (int i=0; i<base.userState.size(); i++) { userState.put(base.userState.keyAt(i), base.userState.valueAt(i)); Loading
services/core/java/com/android/server/pm/Settings.java +12 −13 Original line number Diff line number Diff line Loading @@ -175,6 +175,7 @@ final class Settings { private static final String ATTR_HIDDEN = "hidden"; private static final String ATTR_INSTALLED = "inst"; private static final String ATTR_BLOCK_UNINSTALL = "blockUninstall"; private static final String ATTR_RUNTIME_PERMSISSIONS_ENABLED = "runtime-permissions-enabled"; private final Object mLock; private final Context mContext; Loading @@ -201,6 +202,10 @@ final class Settings { int mInternalSdkPlatform; int mExternalSdkPlatform; // Whether runtime permissions are enabled. boolean mRuntimePermissionEnabled; /** * The current database version for apps on internal storage. This is * used to upgrade the format of the packages.xml database not necessarily Loading Loading @@ -1645,6 +1650,8 @@ final class Settings { serializer.attribute(null, "internal", Integer.toString(mInternalSdkPlatform)); serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform)); serializer.attribute(null, "fingerprint", mFingerprint); serializer.attribute(null, ATTR_RUNTIME_PERMSISSIONS_ENABLED, String.valueOf(PackageManagerService.RUNTIME_PERMISSIONS_ENABLED)); serializer.endTag(null, "last-platform-version"); serializer.startTag(null, "database-version"); Loading Loading @@ -2141,6 +2148,8 @@ final class Settings { } catch (NumberFormatException e) { } mFingerprint = parser.getAttributeValue(null, "fingerprint"); mRuntimePermissionEnabled = XmlUtils.readBooleanAttribute(parser, ATTR_RUNTIME_PERMSISSIONS_ENABLED); } else if (tagName.equals("database-version")) { mInternalDatabaseVersion = mExternalDatabaseVersion = 0; try { Loading Loading @@ -2253,17 +2262,6 @@ final class Settings { mReadMessages.append("Read completed successfully: " + mPackages.size() + " packages, " + mSharedUsers.size() + " shared uids\n"); // The persisted state we just read was generated after a permissions // update for all users, update each package and shared user setting // with the device users ids to start from were we left off. final int[] userIds = UserManagerService.getInstance().getUserIds(); for (PackageSetting ps : mPackages.values()) { ps.setPermissionsUpdatedForUserIds(userIds); } for (SharedUserSetting sus : mSharedUsers.values()) { sus.setPermissionsUpdatedForUserIds(userIds); } return true; } Loading Loading @@ -3001,7 +2999,7 @@ final class Settings { } else if (tagName.equals(TAG_PERMISSIONS)) { readInstallPermissionsLPr(parser, packageSetting.getPermissionsState()); packageSetting.permissionsFixed = true; packageSetting.installPermissionsFixed = true; } else if (tagName.equals("proper-signing-keyset")) { long id = Long.parseLong(parser.getAttributeValue(null, "identifier")); packageSetting.keySetData.setProperSigningKeySet(id); Loading Loading @@ -3574,7 +3572,8 @@ final class Settings { pw.println(ps.installerPackageName); } pw.print(prefix); pw.print(" signatures="); pw.println(ps.signatures); pw.print(prefix); pw.print(" permissionsFixed="); pw.print(ps.permissionsFixed); pw.print(prefix); pw.print(" installPermissionsFixed="); pw.print(ps.installPermissionsFixed); pw.print(" installStatus="); pw.println(ps.installStatus); pw.print(prefix); pw.print(" pkgFlags="); printFlags(pw, ps.pkgFlags, FLAG_DUMP_SPEC); pw.println(); Loading
