Move DefaultPermissionGrantPolicy (82b08420) · Commits · e / os / android_frameworks_base

core/java/android/content/pm/PackageManagerInternal.java

+67 −2

Original line number	Diff line number	Diff line
		@@ -16,6 +16,9 @@

		package android.content.pm;

		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.content.ComponentName;
		import android.content.Intent;
		import android.content.pm.PackageManager.ApplicationInfoFlags;
		@@ -25,6 +28,8 @@ import android.content.pm.PackageManager.ResolveInfoFlags;
		import android.os.Bundle;
		import android.util.SparseArray;

		import java.lang.annotation.Retention;
		import java.lang.annotation.RetentionPolicy;
		import java.util.List;

		/**
		@@ -33,6 +38,20 @@ import java.util.List;
		* @hide Only for use within the system server.
		*/
		public abstract class PackageManagerInternal {
		public static final int PACKAGE_SYSTEM = 0;
		public static final int PACKAGE_SETUP_WIZARD = 1;
		public static final int PACKAGE_INSTALLER = 2;
		public static final int PACKAGE_VERIFIER = 3;
		public static final int PACKAGE_BROWSER = 4;
		@IntDef(value = {
		PACKAGE_SYSTEM,
		PACKAGE_SETUP_WIZARD,
		PACKAGE_INSTALLER,
		PACKAGE_VERIFIER,
		PACKAGE_BROWSER,
		})
		@Retention(RetentionPolicy.SOURCE)
		public @interface KnownPackage {}

		/**
		* Provider for package names.
		@@ -171,6 +190,13 @@ public abstract class PackageManagerInternal {
		public abstract List<ResolveInfo> queryIntentActivities(Intent intent,
		@ResolveInfoFlags int flags, int filterCallingUid, int userId);

		/**
		* Retrieve all services that can be performed for the given intent.
		* @see PackageManager#queryIntentServices(Intent, int)
		*/
		public abstract List<ResolveInfo> queryIntentServices(
		Intent intent, int flags, int callingUid, int userId);

		/**
		* Interface to {@link com.android.server.pm.PackageManagerService#getHomeActivitiesAsUser}.
		*/
		@@ -343,7 +369,7 @@ public abstract class PackageManagerInternal {
		* Resolves an activity intent, allowing instant apps to be resolved.
		*/
		public abstract ResolveInfo resolveIntent(Intent intent, String resolvedType,
		int flags, int userId);
		int flags, int userId, boolean resolveForStart);

		/**
		* Resolves a service intent, allowing instant apps to be resolved.
		@@ -351,6 +377,11 @@ public abstract class PackageManagerInternal {
		public abstract ResolveInfo resolveService(Intent intent, String resolvedType,
		int flags, int userId, int callingUid);

		/**
		* Resolves a content provider intent.
		*/
		public abstract ProviderInfo resolveContentProvider(String name, int flags, int userId);

		/**
		* Track the creator of a new isolated uid.
		* @param isolatedUid The newly created isolated uid.
		@@ -383,4 +414,38 @@ public abstract class PackageManagerInternal {
		* Updates a package last used time.
		*/
		public abstract void notifyPackageUse(String packageName, int reason);

		/**
		* Returns a package object for the given package name.
		*/
		public abstract @Nullable PackageParser.Package getPackage(@NonNull String packageName);

		/**
		* Returns a package object for the disabled system package name.
		*/
		public abstract @Nullable PackageParser.Package getDisabledPackage(@NonNull String packageName);

		/**
		* Returns whether or not the component is the resolver activity.
		*/
		public abstract boolean isResolveActivityComponent(@NonNull ComponentInfo component);

		/**
		* Returns the package name for a known package.
		*/
		public abstract @Nullable String getKnownPackageName(
		@KnownPackage int knownPackage, int userId);

		/*
		* NOTE: The following methods are temporary until permissions are extracted from
		* the package manager into a component specifically for handling permissions.
		*/
		/** Returns a permission object for the given permission name. */
		public abstract @Nullable Object getPermissionTEMP(@NonNull String permName);
		/** Returns the flags for the given permission. */
		public abstract @Nullable int getPermissionFlagsTEMP(@NonNull String permName,
		@NonNull String packageName, int userId);
		/** Updates the flags for the given permission. */
		public abstract void updatePermissionFlagsTEMP(@NonNull String permName,
		@NonNull String packageName, int flagMask, int flagValues, int userId);
		}

services/core/java/com/android/server/am/ActivityStackSupervisor.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -1246,7 +1246,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D
		synchronized (mService) {
		return mService.getPackageManagerInternalLocked().resolveIntent(intent, resolvedType,
		PackageManager.MATCH_INSTANT \| PackageManager.MATCH_DEFAULT_ONLY \| flags
		\| ActivityManagerService.STOCK_PM_FLAGS, userId);
		\| ActivityManagerService.STOCK_PM_FLAGS, userId, true);
		}
		}

services/core/java/com/android/server/pm/PackageManagerService.java

+126 −47

Original line number	Diff line number	Diff line
		@@ -103,10 +103,9 @@ import static com.android.server.pm.InstructionSets.getPreferredInstructionSet;
		import static com.android.server.pm.InstructionSets.getPrimaryInstructionSet;
		import static com.android.server.pm.PackageManagerServiceCompilerMapping.getCompilerFilterForReason;
		import static com.android.server.pm.PackageManagerServiceCompilerMapping.getDefaultCompilerFilter;
		import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_FAILURE;
		import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCESS;
		import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED;

		import static com.android.server.pm.permission.PermissionsState.PERMISSION_OPERATION_FAILURE;
		import static com.android.server.pm.permission.PermissionsState.PERMISSION_OPERATION_SUCCESS;
		import static com.android.server.pm.permission.PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED;
		import static dalvik.system.DexFile.getNonProfileGuidedCompilerFilter;

		import android.Manifest;
		@@ -164,6 +163,7 @@ import android.content.pm.PackageManager.LegacyPackageDeleteObserver;
		import android.content.pm.PackageManagerInternal;
		import android.content.pm.PackageParser;
		import android.content.pm.PackageParser.ActivityIntentInfo;
		import android.content.pm.PackageParser.Package;
		import android.content.pm.PackageParser.PackageLite;
		import android.content.pm.PackageParser.PackageParserException;
		import android.content.pm.PackageStats;
		@@ -283,13 +283,16 @@ import com.android.server.SystemServerInitThreadPool;
		import com.android.server.Watchdog;
		import com.android.server.net.NetworkPolicyManagerInternal;
		import com.android.server.pm.Installer.InstallerException;
		import com.android.server.pm.PermissionsState.PermissionState;
		import com.android.server.pm.Settings.DatabaseVersion;
		import com.android.server.pm.Settings.VersionInfo;
		import com.android.server.pm.dex.DexManager;
		import com.android.server.pm.dex.DexoptOptions;
		import com.android.server.pm.dex.PackageDexUsage;
		import com.android.server.pm.permission.BasePermission;
		import com.android.server.pm.permission.DefaultPermissionGrantPolicy;
		import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback;
		import com.android.server.pm.permission.PermissionsState;
		import com.android.server.pm.permission.PermissionsState.PermissionState;
		import com.android.server.storage.DeviceStorageMonitorInternal;

		import dalvik.system.CloseGuard;
		@@ -864,7 +867,7 @@ public class PackageManagerService extends IPackageManager.Stub
		String targetPath) {
		return getStaticOverlayPaths(targetPackageName, targetPath);
		}
		};
		}

		class ParallelPackageParserCallback extends PackageParserCallback {
		List<PackageParser.Package> mOverlayPackages = null;
		@@ -2478,14 +2481,25 @@ public class PackageManagerService extends IPackageManager.Stub
		synchronized (mInstallLock) {
		// writer
		synchronized (mPackages) {
		// Expose private service for system components to use.
		LocalServices.addService(
		PackageManagerInternal.class, new PackageManagerInternalImpl());

		mHandlerThread = new ServiceThread(TAG,
		Process.THREAD_PRIORITY_BACKGROUND, true /allowIo/);
		mHandlerThread.start();
		mHandler = new PackageHandler(mHandlerThread.getLooper());
		mProcessLoggingHandler = new ProcessLoggingHandler();
		Watchdog.getInstance().addThread(mHandler, WATCHDOG_TIMEOUT);

		mDefaultPermissionPolicy = new DefaultPermissionGrantPolicy(this);
		mDefaultPermissionPolicy = new DefaultPermissionGrantPolicy(
		mContext, mHandlerThread.getLooper(), new DefaultPermissionGrantedCallback() {
		@Override
		public void onDefaultRuntimePermissionsGranted(int userId) {
		synchronized(mPackages) {
		mSettings.onDefaultRuntimePermissionsGrantedLPr(userId);
		}
		}
		});
		mInstantAppRegistry = new InstantAppRegistry(this);

		File dataDir = Environment.getDataDirectory();
		@@ -3112,8 +3126,6 @@ public class PackageManagerService extends IPackageManager.Stub
		// once we have a booted system.
		mInstaller.setWarnIfHeld(mPackages);

		// Expose private service for system components to use.
		LocalServices.addService(PackageManagerInternal.class, new PackageManagerInternalImpl());
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
		}

		@@ -5518,7 +5530,7 @@ public class PackageManagerService extends IPackageManager.Stub

		@Override
		public void grantRuntimePermission(String packageName, String name, final int userId) {
		grantRuntimePermission(packageName, name, userId, false /* Only if not fixed by policy */);
		grantRuntimePermission(packageName, name, userId, false /overridePolicy/);
		}

		private void grantRuntimePermission(String packageName, String name, final int userId,
		@@ -6158,7 +6170,7 @@ public class PackageManagerService extends IPackageManager.Stub
		* <br />
		* {@link PackageManager#SIGNATURE_NO_MATCH}: if the two signature sets differ.
		*/
		static int compareSignatures(Signature[] s1, Signature[] s2) {
		public static int compareSignatures(Signature[] s1, Signature[] s2) {
		if (s1 == null) {
		return s2 == null
		? PackageManager.SIGNATURE_NEITHER_SIGNED
		@@ -6512,9 +6524,14 @@ public class PackageManagerService extends IPackageManager.Stub
		public ResolveInfo resolveIntent(Intent intent, String resolvedType,
		int flags, int userId) {
		return resolveIntentInternal(
		intent, resolvedType, flags, userId, false /includeInstantApps/);
		intent, resolvedType, flags, userId, false /resolveForStart/);
		}

		/**
		* Normally instant apps can only be resolved when they're visible to the caller.
		* However, if {@code resolveForStart} is {@code true}, all instant apps are visible
		* since we need to allow the system to start any installed application.
		*/
		private ResolveInfo resolveIntentInternal(Intent intent, String resolvedType,
		int flags, int userId, boolean resolveForStart) {
		try {
		@@ -8732,6 +8749,10 @@ public class PackageManagerService extends IPackageManager.Stub

		@Override
		public ProviderInfo resolveContentProvider(String name, int flags, int userId) {
		return resolveContentProviderInternal(name, flags, userId);
		}

		private ProviderInfo resolveContentProviderInternal(String name, int flags, int userId) {
		if (!sUserManager.exists(userId)) return null;
		flags = updateFlagsForComponent(flags, userId, name);
		final String instantAppPkgName = getInstantAppPackageName(Binder.getCallingUid());
		@@ -15501,7 +15522,7 @@ public class PackageManagerService extends IPackageManager.Stub
		synchronized (mPackages) {
		boolean result = mSettings.setDefaultBrowserPackageNameLPw(packageName, userId);
		if (packageName != null) {
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultBrowserLPr(
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultBrowser(
		packageName, userId);
		}
		return result;
		@@ -22150,9 +22171,11 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		}
		sUserManager.systemReady();

		synchronized(mPackages) {
		// If we upgraded grant all default permissions before kicking off.
		for (int userId : grantPermissionsUserIds) {
		mDefaultPermissionPolicy.grantDefaultPermissions(userId);
		mDefaultPermissionPolicy.grantDefaultPermissions(mPackages.values(), userId);
		}
		}

		if (grantPermissionsUserIds == EMPTY_INT_ARRAY) {
		@@ -24553,7 +24576,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		}

		void onNewUserCreated(final int userId) {
		mDefaultPermissionPolicy.grantDefaultPermissions(userId);
		synchronized(mPackages) {
		mDefaultPermissionPolicy.grantDefaultPermissions(mPackages.values(), userId);
		}
		// If permission review for legacy apps is required, we represent
		// dagerous permissions for such apps as always granted runtime
		// permissions to keep per user flag state whether review is needed.
		@@ -24993,71 +25018,110 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());

		private class PackageManagerInternalImpl extends PackageManagerInternal {
		@Override
		public void setLocationPackagesProvider(PackagesProvider provider) {
		public Object getPermissionTEMP(String permName) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.setLocationPackagesProviderLPw(provider);
		return mSettings.mPermissions.get(permName);
		}
		}

		@Override
		public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.setVoiceInteractionPackagesProviderLPw(provider);
		public void updatePermissionFlagsTEMP(String permName, String packageName, int flagMask,
		int flagValues, int userId) {
		PackageManagerService.this.updatePermissionFlags(
		permName, packageName, flagMask, flagValues, userId);
		}

		@Override
		public int getPermissionFlagsTEMP(String permName, String packageName, int userId) {
		return PackageManagerService.this.getPermissionFlags(permName, packageName, userId);
		}

		@Override
		public void setSmsAppPackagesProvider(PackagesProvider provider) {
		public PackageParser.Package getPackage(String packageName) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.setSmsAppPackagesProviderLPw(provider);
		return mPackages.get(packageName);
		}
		}

		@Override
		public void setDialerAppPackagesProvider(PackagesProvider provider) {
		public PackageParser.Package getDisabledPackage(String packageName) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.setDialerAppPackagesProviderLPw(provider);
		final PackageSetting ps = mSettings.getDisabledSystemPkgLPr(packageName);
		return (ps != null) ? ps.pkg : null;
		}
		}

		@Override
		public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.setSimCallManagerPackagesProviderLPw(provider);
		public String getKnownPackageName(int knownPackage, int userId) {
		switch(knownPackage) {
		case PackageManagerInternal.PACKAGE_BROWSER:
		return getDefaultBrowserPackageName(userId);
		case PackageManagerInternal.PACKAGE_INSTALLER:
		return mRequiredInstallerPackage;
		case PackageManagerInternal.PACKAGE_SETUP_WIZARD:
		return mSetupWizardPackage;
		case PackageManagerInternal.PACKAGE_SYSTEM:
		return "android";
		case PackageManagerInternal.PACKAGE_VERIFIER:
		return mRequiredVerifierPackage;
		}
		return null;
		}

		@Override
		public void setSyncAdapterPackagesprovider(SyncAdapterPackagesProvider provider) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.setSyncAdapterPackagesProviderLPw(provider);
		public boolean isResolveActivityComponent(ComponentInfo component) {
		return mResolveActivity.packageName.equals(component.packageName)
		&& mResolveActivity.name.equals(component.name);
		}

		@Override
		public void setLocationPackagesProvider(PackagesProvider provider) {
		mDefaultPermissionPolicy.setLocationPackagesProvider(provider);
		}

		@Override
		public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
		mDefaultPermissionPolicy.setVoiceInteractionPackagesProvider(provider);
		}

		@Override
		public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultSmsAppLPr(
		packageName, userId);
		public void setSmsAppPackagesProvider(PackagesProvider provider) {
		mDefaultPermissionPolicy.setSmsAppPackagesProvider(provider);
		}

		@Override
		public void setDialerAppPackagesProvider(PackagesProvider provider) {
		mDefaultPermissionPolicy.setDialerAppPackagesProvider(provider);
		}

		@Override
		public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
		mDefaultPermissionPolicy.setSimCallManagerPackagesProvider(provider);
		}

		@Override
		public void setSyncAdapterPackagesprovider(SyncAdapterPackagesProvider provider) {
		mDefaultPermissionPolicy.setSyncAdapterPackagesProvider(provider);
		}

		@Override
		public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultSmsApp(packageName, userId);
		}

		@Override
		public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
		synchronized (mPackages) {
		mSettings.setDefaultDialerPackageNameLPw(packageName, userId);
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultDialerAppLPr(
		packageName, userId);
		}
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultDialerApp(packageName, userId);
		}

		@Override
		public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
		synchronized (mPackages) {
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultSimCallManagerLPr(
		mDefaultPermissionPolicy.grantDefaultPermissionsToDefaultSimCallManager(
		packageName, userId);
		}
		}

		@Override
		public void setKeepUninstalledPackages(final List<String> packageList) {
		@@ -25142,6 +25206,15 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		userId, false /resolveForStart/, true /allowDynamicSplits/);
		}

		@Override
		public List<ResolveInfo> queryIntentServices(
		Intent intent, int flags, int callingUid, int userId) {
		final String resolvedType = intent.resolveTypeIfNeeded(mContext.getContentResolver());
		return PackageManagerService.this
		.queryIntentServicesInternal(intent, resolvedType, flags, userId, callingUid,
		false);
		}

		@Override
		public ComponentName getHomeActivitiesAsUser(List<ResolveInfo> allHomeCandidates,
		int userId) {
		@@ -25309,9 +25382,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());

		@Override
		public ResolveInfo resolveIntent(Intent intent, String resolvedType,
		int flags, int userId) {
		int flags, int userId, boolean resolveForStart) {
		return resolveIntentInternal(
		intent, resolvedType, flags, userId, true /resolveForStart/);
		intent, resolvedType, flags, userId, resolveForStart);
		}

		@Override
		@@ -25320,6 +25393,12 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		return resolveServiceInternal(intent, resolvedType, flags, userId, callingUid);
		}

		@Override
		public ProviderInfo resolveContentProvider(String name, int flags, int userId) {
		return PackageManagerService.this.resolveContentProviderInternal(
		name, flags, userId);
		}

		@Override
		public void addIsolatedUid(int isolatedUid, int ownerUid) {
		synchronized (mPackages) {
		@@ -25367,7 +25446,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		synchronized (mPackages) {
		final long identity = Binder.clearCallingIdentity();
		try {
		mDefaultPermissionPolicy.grantDefaultPermissionsToEnabledCarrierAppsLPr(
		mDefaultPermissionPolicy.grantDefaultPermissionsToEnabledCarrierApps(
		packageNames, userId);
		} finally {
		Binder.restoreCallingIdentity(identity);
		@@ -25381,7 +25460,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		synchronized (mPackages) {
		final long identity = Binder.clearCallingIdentity();
		try {
		mDefaultPermissionPolicy.grantDefaultPermissionsToEnabledImsServicesLPr(
		mDefaultPermissionPolicy.grantDefaultPermissionsToEnabledImsServices(
		packageNames, userId);
		} finally {
		Binder.restoreCallingIdentity(identity);

services/core/java/com/android/server/pm/PackageSetting.java

+7 −1

Original line number	Diff line number	Diff line
		@@ -23,13 +23,15 @@ import android.content.pm.UserInfo;
		import android.service.pm.PackageProto;
		import android.util.proto.ProtoOutputStream;

		import com.android.server.pm.permission.PermissionsState;

		import java.io.File;
		import java.util.List;

		/**
		* Settings data for a particular package we know about.
		*/
		final class PackageSetting extends PackageSettingBase {
		public final class PackageSetting extends PackageSettingBase {
		int appId;
		PackageParser.Package pkg;
		/**
		@@ -110,6 +112,10 @@ final class PackageSetting extends PackageSettingBase {
		: super.getPermissionsState();
		}

		public PackageParser.Package getPackage() {
		return pkg;
		}

		public boolean isPrivileged() {
		return (pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0;
		}

services/core/java/com/android/server/pm/SettingBase.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,8 @@ package com.android.server.pm;

		import android.content.pm.ApplicationInfo;

		import com.android.server.pm.permission.PermissionsState;

		abstract class SettingBase {
		int pkgFlags;
		int pkgPrivateFlags;