Loading core/java/android/permission/flags.aconfig +11 −0 Original line number Diff line number Diff line Loading @@ -119,3 +119,14 @@ flag { description: "Enables the getEmergencyRoleHolder API." bug: "323157319" } flag { name: "new_permission_gid_enabled" is_fixed_read_only: true namespace: "permissions" description: "Enable new permission GID implementation" bug: "325137277" metadata { purpose: PURPOSE_BUGFIX } } services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt +53 −32 Original line number Diff line number Diff line Loading @@ -46,6 +46,7 @@ import com.android.server.pm.KnownPackages import com.android.server.pm.parsing.PackageInfoUtils import com.android.server.pm.pkg.AndroidPackage import com.android.server.pm.pkg.PackageState import libcore.util.EmptyArray class AppIdPermissionPolicy : SchemePolicy() { private val persistence = AppIdPermissionPersistence() Loading Loading @@ -73,6 +74,7 @@ class AppIdPermissionPolicy : SchemePolicy() { } override fun MutateStateScope.onInitialized() { if (!Flags.newPermissionGidEnabled()) { newState.externalState.configPermissions.forEach { (permissionName, permissionEntry) -> val oldPermission = newState.systemState.permissions[permissionName] val newPermission = Loading Loading @@ -109,6 +111,7 @@ class AppIdPermissionPolicy : SchemePolicy() { newState.mutateSystemState().mutatePermissions()[permissionName] = newPermission } } } override fun MutateStateScope.onUserAdded(userId: Int) { newState.externalState.packageStates.forEach { (_, packageState) -> Loading Loading @@ -459,7 +462,7 @@ class AppIdPermissionPolicy : SchemePolicy() { ) return@forEachIndexed } val newPermission = var newPermission = if (oldPermission != null && newPackageName != oldPermission.packageName) { val oldPackageName = oldPermission.packageName // Only allow system apps to redefine non-system permissions. Loading Loading @@ -582,6 +585,24 @@ class AppIdPermissionPolicy : SchemePolicy() { ) } } if (Flags.newPermissionGidEnabled()) { var gids = EmptyArray.INT var areGidsPerUser = false if (!parsedPermission.isTree && packageState.isSystem) { newState.externalState.configPermissions[permissionName]?.let { gids = it.gids areGidsPerUser = it.perUser } } newPermission = Permission( newPermissionInfo, true, Permission.TYPE_MANIFEST, packageState.appId, gids, areGidsPerUser ) } if (parsedPermission.isTree) { newState.mutateSystemState().mutatePermissionTrees()[permissionName] = newPermission Loading Loading
core/java/android/permission/flags.aconfig +11 −0 Original line number Diff line number Diff line Loading @@ -119,3 +119,14 @@ flag { description: "Enables the getEmergencyRoleHolder API." bug: "323157319" } flag { name: "new_permission_gid_enabled" is_fixed_read_only: true namespace: "permissions" description: "Enable new permission GID implementation" bug: "325137277" metadata { purpose: PURPOSE_BUGFIX } }
services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt +53 −32 Original line number Diff line number Diff line Loading @@ -46,6 +46,7 @@ import com.android.server.pm.KnownPackages import com.android.server.pm.parsing.PackageInfoUtils import com.android.server.pm.pkg.AndroidPackage import com.android.server.pm.pkg.PackageState import libcore.util.EmptyArray class AppIdPermissionPolicy : SchemePolicy() { private val persistence = AppIdPermissionPersistence() Loading Loading @@ -73,6 +74,7 @@ class AppIdPermissionPolicy : SchemePolicy() { } override fun MutateStateScope.onInitialized() { if (!Flags.newPermissionGidEnabled()) { newState.externalState.configPermissions.forEach { (permissionName, permissionEntry) -> val oldPermission = newState.systemState.permissions[permissionName] val newPermission = Loading Loading @@ -109,6 +111,7 @@ class AppIdPermissionPolicy : SchemePolicy() { newState.mutateSystemState().mutatePermissions()[permissionName] = newPermission } } } override fun MutateStateScope.onUserAdded(userId: Int) { newState.externalState.packageStates.forEach { (_, packageState) -> Loading Loading @@ -459,7 +462,7 @@ class AppIdPermissionPolicy : SchemePolicy() { ) return@forEachIndexed } val newPermission = var newPermission = if (oldPermission != null && newPackageName != oldPermission.packageName) { val oldPackageName = oldPermission.packageName // Only allow system apps to redefine non-system permissions. Loading Loading @@ -582,6 +585,24 @@ class AppIdPermissionPolicy : SchemePolicy() { ) } } if (Flags.newPermissionGidEnabled()) { var gids = EmptyArray.INT var areGidsPerUser = false if (!parsedPermission.isTree && packageState.isSystem) { newState.externalState.configPermissions[permissionName]?.let { gids = it.gids areGidsPerUser = it.perUser } } newPermission = Permission( newPermissionInfo, true, Permission.TYPE_MANIFEST, packageState.appId, gids, areGidsPerUser ) } if (parsedPermission.isTree) { newState.mutateSystemState().mutatePermissionTrees()[permissionName] = newPermission Loading
