Merge changes Iac14af78,Id68428b3 (73a541e1) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageManagerService.java

+34 −30

Original line number	Diff line number	Diff line
		@@ -2211,22 +2211,27 @@ public class PackageManagerService extends IPackageManager.Stub
		res.removedInfo.sendPackageRemovedBroadcasts(killApp, false /removedBySystem/);
		}

		final PermissionManagerServiceInternal.PackageInstalledParams.Builder
		permissionParamsBuilder =
		new PermissionManagerServiceInternal.PackageInstalledParams.Builder();
		final List<String> grantedPermissionsList;
		if (grantPermissions) {
		if (grantedPermissions != null) {
		grantedPermissionsList = Arrays.asList(grantedPermissions);
		permissionParamsBuilder.setGrantedPermissions(Arrays.asList(
		grantedPermissions));
		} else {
		grantedPermissionsList = res.pkg.getRequestedPermissions();
		permissionParamsBuilder.setGrantedPermissions(
		res.pkg.getRequestedPermissions());
		}
		} else {
		grantedPermissionsList = Collections.emptyList();
		}
		if (allowlistedRestrictedPermissions == null) {
		allowlistedRestrictedPermissions = Collections.emptyList();
		if (allowlistedRestrictedPermissions != null) {
		permissionParamsBuilder.setAllowlistedRestrictedPermissions(
		allowlistedRestrictedPermissions);
		}
		permissionParamsBuilder.setAutoRevokePermissionsMode(autoRevokePermissionsMode);
		for (final int userId : res.newUsers) {
		mPermissionManager.onPackageInstalled(res.pkg, grantedPermissionsList,
		allowlistedRestrictedPermissions, autoRevokePermissionsMode, userId);
		mPermissionManager.onPackageInstalled(res.pkg, permissionParamsBuilder.build(),
		userId);
		}

		final String installerPackageName =
		@@ -3313,6 +3318,7 @@ public class PackageManagerService extends IPackageManager.Stub
		// Stub packages must either be replaced with full versions in the /data
		// partition or be disabled.
		final List<String> stubSystemApps = new ArrayList<>();
		final int[] userIds = mUserManager.getUserIds();
		if (!mOnlyCore) {
		// do this first before mucking with mPackages for the "expecting better" case
		final int numPackages = mPackages.size();
		@@ -3363,15 +3369,9 @@ public class PackageManagerService extends IPackageManager.Stub
		}

		if (!mSettings.isDisabledSystemPackageLPr(ps.name)) {
		mSettings.mPackages.removeAt(index);
		logCriticalInfo(Log.WARN, "System package " + ps.name
		+ " no longer exists; it's data will be wiped");

		// Assume package is truly gone and wipe residual permissions.
		mPermissionManager.updatePermissions(ps.name, null);

		// Actual deletion of code and data will be handled by later
		// reconciliation step
		removePackageDataLIF(ps, userIds, null, 0, false);
		} else {
		// we still have a disabled system package, but, it still might have
		// been removed. check the code path still exists and check there's
		@@ -3430,7 +3430,6 @@ public class PackageManagerService extends IPackageManager.Stub
		// Remove disable package settings for updated system apps that were
		// removed via an OTA. If the update is no longer present, remove the
		// app completely. Otherwise, revoke their system privileges.
		final int[] userIds = mUserManager.getUserIds();
		for (int i = possiblyDeletedUpdatedSystemApps.size() - 1; i >= 0; --i) {
		final String packageName = possiblyDeletedUpdatedSystemApps.get(i);
		final AndroidPackage pkg = mPackages.get(packageName);
		@@ -3765,7 +3764,6 @@ public class PackageManagerService extends IPackageManager.Stub
		UserHandle.USER_SYSTEM).getLongVersionCode());

		// Initialize InstantAppRegistry's Instant App list for all users.
		final int[] userIds = UserManagerService.getInstance().getUserIds();
		for (AndroidPackage pkg : mPackages.values()) {
		if (pkg.isSystem()) {
		continue;
		@@ -3931,7 +3929,12 @@ public class PackageManagerService extends IPackageManager.Stub
		} catch (PackageManagerException e) {
		Slog.e(TAG, "updateAllSharedLibrariesLPw failed: ", e);
		}
		mPermissionManager.updatePermissions(pkg.getPackageName(), pkg);
		final int[] userIds = mUserManager.getUserIds();
		for (final int userId : userIds) {
		mPermissionManager.onPackageInstalled(pkg,
		PermissionManagerServiceInternal.PackageInstalledParams.DEFAULT,
		userId);
		}
		writeSettingsLPrTEMP();
		}
		} catch (PackageManagerException e) {
		@@ -13673,14 +13676,16 @@ public class PackageManagerService extends IPackageManager.Stub

		if (installed) {
		if (pkgSetting.pkg != null) {
		final PermissionManagerServiceInternal.PackageInstalledParams.Builder
		permissionParamsBuilder =
		new PermissionManagerServiceInternal.PackageInstalledParams.Builder();
		if ((installFlags & PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS)
		!= 0) {
		allowlistedRestrictedPermissions = pkgSetting.pkg.getRequestedPermissions();
		} else if (allowlistedRestrictedPermissions == null) {
		allowlistedRestrictedPermissions = Collections.emptyList();
		permissionParamsBuilder.setAllowlistedRestrictedPermissions(
		pkgSetting.pkg.getRequestedPermissions());
		}
		mPermissionManager.onPackageInstalled(pkgSetting.pkg, Collections.emptyList(),
		allowlistedRestrictedPermissions, MODE_DEFAULT, userId);
		mPermissionManager.onPackageInstalled(pkgSetting.pkg,
		permissionParamsBuilder.build(), userId);
		}

		if (pkgSetting.pkg != null) {
		@@ -16482,8 +16487,6 @@ public class PackageManagerService extends IPackageManager.Stub

		if (DEBUG_INSTALL) Slog.d(TAG, "New package installed in " + pkg.getPath());
		synchronized (mLock) {
		// NOTE: This changes slightly to include UPDATE_PERMISSIONS_ALL regardless of the size of pkg.permissions
		mPermissionManager.updatePermissions(pkgName, pkg);
		// For system-bundled packages, we assume that installing an upgraded version
		// of the package implies that the user actually wants to run that new code,
		// so we enable the package.
		@@ -19732,11 +19735,12 @@ public class PackageManagerService extends IPackageManager.Stub
		}
		}

		// The update permissions method below will take care of removing obsolete permissions
		// and granting install permissions.
		mPermissionManager.updatePermissions(pkg.getPackageName(), pkg);
		for (final int userId : allUserHandles) {
		// The method below will take care of removing obsolete permissions and granting
		// install permissions.
		mPermissionManager.onPackageInstalled(pkg,
		PermissionManagerServiceInternal.PackageInstalledParams.DEFAULT, userId);
		if (applyUserRestrictions) {
		for (int userId : allUserHandles) {
		mSettings.writeRuntimePermissionsForUserLPr(userId, false);
		}
		}

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+12 −23

Original line number	Diff line number	Diff line
		@@ -4139,17 +4139,14 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		*
		* @param packageName The package that is updated
		* @param pkg The package that is updated, or {@code null} if package is deleted
		* @param allPackages All currently known packages
		* @param callback Callback to call after permission changes
		*/
		private void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg,
		@NonNull PermissionCallback callback) {
		private void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) {
		// If the package is being deleted, update the permissions of all the apps
		final int flags =
		(pkg == null ? UPDATE_PERMISSIONS_ALL \| UPDATE_PERMISSIONS_REPLACE_PKG
		: UPDATE_PERMISSIONS_REPLACE_PKG);
		updatePermissions(
		packageName, pkg, getVolumeUuidForPackage(pkg), flags, callback);
		packageName, pkg, getVolumeUuidForPackage(pkg), flags, mDefaultPermissionCallback);
		}

		/**
		@@ -4947,17 +4944,19 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		}

		private void onPackageInstalledInternal(@NonNull AndroidPackage pkg,
		@NonNull List<String> grantedPermissions,
		@NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode,
		@NonNull PermissionManagerServiceInternal.PackageInstalledParams params,
		@UserIdInt int userId) {
		addAllowlistedRestrictedPermissionsInternal(pkg, allowlistedRestrictedPermissions,
		updatePermissions(pkg.getPackageName(), pkg);
		addAllowlistedRestrictedPermissionsInternal(pkg,
		params.getAllowlistedRestrictedPermissions(),
		FLAG_PERMISSION_WHITELIST_INSTALLER, userId);
		final int autoRevokePermissionsMode = params.getAutoRevokePermissionsMode();
		if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED
		\|\| autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) {
		setAutoRevokeExemptedInternal(pkg,
		autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId);
		}
		grantRequestedRuntimePermissionsInternal(pkg, grantedPermissions, userId);
		grantRequestedRuntimePermissionsInternal(pkg, params.getGrantedPermissions(), userId);
		}

		private void addAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg,
		@@ -4994,7 +4993,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		resetRuntimePermissionsInternal(pkg, userId);
		return;
		}
		updatePermissions(packageName, null, mDefaultPermissionCallback);
		updatePermissions(packageName, null);
		if (sharedUserPkgs.isEmpty()) {
		removeUidState(appId, userId);
		} else {
		@@ -5149,11 +5148,6 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName);
		}
		@Override
		public void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) {
		PermissionManagerService.this
		.updatePermissions(packageName, pkg, mDefaultPermissionCallback);
		}
		@Override
		public void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdated) {
		PermissionManagerService.this
		.updateAllPermissions(volumeUuid, sdkUpdated, mDefaultPermissionCallback);
		@@ -5420,16 +5414,11 @@ public class PermissionManagerService extends IPermissionManager.Stub {

		@Override
		public void onPackageInstalled(@NonNull AndroidPackage pkg,
		@NonNull List<String> grantedPermissions,
		@NonNull List<String> allowlistedRestrictedPermissions,
		int autoRevokePermissionsMode, @UserIdInt int userId) {
		@NonNull PackageInstalledParams params, @UserIdInt int userId) {
		Objects.requireNonNull(pkg, "pkg");
		Objects.requireNonNull(grantedPermissions, "grantedPermissions");
		Objects.requireNonNull(allowlistedRestrictedPermissions,
		"allowlistedRestrictedPermissions");
		Objects.requireNonNull(params, "params");
		Preconditions.checkArgumentNonNegative(userId, "userId");
		onPackageInstalledInternal(pkg, grantedPermissions, allowlistedRestrictedPermissions,
		autoRevokePermissionsMode, userId);
		onPackageInstalledInternal(pkg, params, userId);
		}

		@Override

services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java

+134 −23

Original line number	Diff line number	Diff line
		@@ -20,13 +20,16 @@ import android.annotation.AppIdInt;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.AppOpsManager;
		import android.content.pm.PermissionInfo;
		import android.permission.PermissionManagerInternal;

		import com.android.server.pm.parsing.pkg.AndroidPackage;

		import java.util.ArrayList;
		import java.util.Collections;
		import java.util.List;
		import java.util.Objects;
		import java.util.Set;
		import java.util.function.Consumer;

		@@ -188,22 +191,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
		public abstract boolean isPermissionsReviewRequired(@NonNull String packageName,
		@UserIdInt int userId);

		/**
		* Update permissions when a package changed.
		*
		* <p><ol>
		* <li>Reconsider the ownership of permission</li>
		* <li>Update the state (grant, flags) of the permissions</li>
		* </ol>
		*
		* @param packageName The package that is updated
		* @param pkg The package that is updated, or {@code null} if package is deleted
		* @param allPackages All currently known packages
		* @param callback Callback to call after permission changes
		*/
		public abstract void updatePermissions(@NonNull String packageName,
		@Nullable AndroidPackage pkg);

		/**
		* Update all permissions for all apps.
		*
		@@ -489,19 +476,15 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
		@Nullable AndroidPackage oldPkg);

		/**
		* Callback when a package has been installed for certain users.
		* Callback when a package has been installed for a user.
		*
		* @param pkg the installed package
		* @param grantedPermissions the permissions to be granted
		* @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted
		* @param autoRevokePermissionsMode the auto revoke permissions mode for this package
		* @param params the parameters passed in for package installation
		* @param userId the user ID this package is installed for
		*/
		//@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)
		public abstract void onPackageInstalled(@NonNull AndroidPackage pkg,
		@NonNull List<String> grantedPermissions,
		@NonNull List<String> allowlistedRestrictedPermissions,
		int autoRevokePermissionsMode, @UserIdInt int userId);
		@NonNull PackageInstalledParams params, @UserIdInt int userId);

		/**
		* Callback when a package has been removed.
		@@ -537,4 +520,132 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
		* @return whether the permission can be propagated
		*/
		public abstract boolean canPropagatePermissionToInstantApp(@NonNull String permissionName);

		/**
		* The permission-related parameters passed in for package installation.
		*
		* @see android.content.pm.PackageInstaller.SessionParams
		*/
		//@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)
		public static final class PackageInstalledParams {
		/**
		* A static instance whose parameters are all in their default state.
		*/
		public static final PackageInstalledParams DEFAULT = new Builder().build();

		@NonNull
		private final List<String> mGrantedPermissions;
		@NonNull
		private final List<String> mAllowlistedRestrictedPermissions;
		@NonNull
		private final int mAutoRevokePermissionsMode;

		private PackageInstalledParams(@NonNull List<String> grantedPermissions,
		@NonNull List<String> allowlistedRestrictedPermissions,
		int autoRevokePermissionsMode) {
		mGrantedPermissions = grantedPermissions;
		mAllowlistedRestrictedPermissions = allowlistedRestrictedPermissions;
		mAutoRevokePermissionsMode = autoRevokePermissionsMode;
		}

		/**
		* Get the permissions to be granted.
		*
		* @return the permissions to be granted
		*/
		@NonNull
		public List<String> getGrantedPermissions() {
		return mGrantedPermissions;
		}

		/**
		* Get the restricted permissions to be allowlisted.
		*
		* @return the restricted permissions to be allowlisted
		*/
		@NonNull
		public List<String> getAllowlistedRestrictedPermissions() {
		return mAllowlistedRestrictedPermissions;
		}

		/**
		* Get the mode for auto revoking permissions.
		*
		* @return the mode for auto revoking permissions
		*/
		public int getAutoRevokePermissionsMode() {
		return mAutoRevokePermissionsMode;
		}

		/**
		* Builder class for {@link PackageInstalledParams}.
		*/
		public static final class Builder {
		@NonNull
		private List<String> mGrantedPermissions = Collections.emptyList();
		@NonNull
		private List<String> mAllowlistedRestrictedPermissions = Collections.emptyList();
		@NonNull
		private int mAutoRevokePermissionsMode = AppOpsManager.MODE_DEFAULT;

		/**
		* Set the permissions to be granted.
		*
		* @param grantedPermissions the permissions to be granted
		*
		* @see android.content.pm.PackageInstaller.SessionParams#setGrantedRuntimePermissions(
		* java.lang.String[])
		*/
		public void setGrantedPermissions(@NonNull List<String> grantedPermissions) {
		Objects.requireNonNull(grantedPermissions);
		mGrantedPermissions = new ArrayList<>(grantedPermissions);
		}

		/**
		* Set the restricted permissions to be allowlisted.
		* <p>
		* Permissions that are not restricted are ignored, so one can just pass in all
		* requested permissions of a package to get all its restricted permissions allowlisted.
		*
		* @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted
		*
		* @see android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)
		*/
		public void setAllowlistedRestrictedPermissions(
		@NonNull List<String> allowlistedRestrictedPermissions) {
		Objects.requireNonNull(mGrantedPermissions);
		mAllowlistedRestrictedPermissions = new ArrayList<>(
		allowlistedRestrictedPermissions);
		}

		/**
		* Set the mode for auto revoking permissions.
		* <p>
		* {@link AppOpsManager#MODE_ALLOWED} means the system is allowed to auto revoke
		* permissions from this package, and {@link AppOpsManager#MODE_IGNORED} means this
		* package should be ignored when auto revoking permissions.
		* {@link AppOpsManager#MODE_DEFAULT} means no changes will be made to the auto revoke
		* mode of this package.
		*
		* @param autoRevokePermissionsMode the mode for auto revoking permissions
		*
		* @see android.content.pm.PackageInstaller.SessionParams#setAutoRevokePermissionsMode(
		* boolean)
		*/
		public void setAutoRevokePermissionsMode(int autoRevokePermissionsMode) {
		mAutoRevokePermissionsMode = autoRevokePermissionsMode;
		}

		/**
		* Build a new instance of {@link PackageInstalledParams}.
		*
		* @return the {@link PackageInstalledParams} built
		*/
		@NonNull
		public PackageInstalledParams build() {
		return new PackageInstalledParams(mGrantedPermissions,
		mAllowlistedRestrictedPermissions, mAutoRevokePermissionsMode);
		}
		}
		}
		}