Grant split permissions if root permission is granted (8b560032) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageManagerService.java

+54 −0

Original line number	Diff line number	Diff line
		@@ -2568,6 +2568,8 @@ public class PackageManagerService extends IPackageManager.Stub

		mIsPreNMR1Upgrade = mIsUpgrade && ver.sdkVersion < Build.VERSION_CODES.N_MR1;

		int preUpgradeSdkVersion = ver.sdkVersion;

		// save off the names of pre-existing system packages prior to scanning; we don't
		// want to automatically grant runtime permissions for new system apps
		if (mPromoteSystemApps) {
		@@ -3161,6 +3163,58 @@ public class PackageManagerService extends IPackageManager.Stub

		checkDefaultBrowser();

		// If a granted permission is split, all new permissions should be granted too
		if (mIsUpgrade) {
		final int callingUid = getCallingUid();

		final int numSplitPerms = PackageParser.SPLIT_PERMISSIONS.length;
		for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
		final PackageParser.SplitPermissionInfo splitPerm =
		PackageParser.SPLIT_PERMISSIONS[splitPermNum];
		final String rootPerm = splitPerm.rootPerm;

		if (preUpgradeSdkVersion >= splitPerm.targetSdk) {
		continue;
		}

		final int numPackages = mPackages.size();
		for (int packageNum = 0; packageNum < numPackages; packageNum++) {
		final PackageParser.Package pkg = mPackages.valueAt(packageNum);

		if (pkg.applicationInfo.targetSdkVersion >= splitPerm.targetSdk
		\|\| !pkg.requestedPermissions.contains(rootPerm)) {
		continue;
		}

		final int userId = UserHandle.getUserId(pkg.applicationInfo.uid);
		final String pkgName = pkg.packageName;

		if (checkPermission(rootPerm, pkgName, userId) == PERMISSION_DENIED) {
		continue;
		}

		final String[] newPerms = splitPerm.newPerms;

		final int numNewPerms = newPerms.length;
		for (int newPermNum = 0; newPermNum < numNewPerms; newPermNum++) {
		final String newPerm = newPerms[newPermNum];
		if (checkPermission(newPerm, pkgName, userId) == PERMISSION_GRANTED) {
		continue;
		}

		if (DEBUG_PERMISSIONS) {
		Slog.v(TAG, "Granting " + newPerm + " to " + pkgName
		+ " as the root permission " + rootPerm
		+ " is already granted");
		}

		mPermissionManager.grantRuntimePermission(newPerm, pkgName, true,
		callingUid, userId, null);
		}
		}
		}
		}

		// clear only after permissions and other defaults have been updated
		mExistingSystemPackages.clear();
		mPromoteSystemApps = false;

services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

+17 −2

Original line number	Diff line number	Diff line
		@@ -1193,12 +1193,27 @@ public final class DefaultPermissionGrantPolicy {
		}
		}

		private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
		boolean systemFixed, boolean ignoreSystemPackage, int userId) {
		private void grantRuntimePermissions(PackageParser.Package pkg,
		Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
		int userId) {
		if (pkg.requestedPermissions.isEmpty()) {
		return;
		}

		final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);

		// Automatically attempt to grant split permissions to older APKs
		final int numSplitPerms = PackageParser.SPLIT_PERMISSIONS.length;
		for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
		final PackageParser.SplitPermissionInfo splitPerm =
		PackageParser.SPLIT_PERMISSIONS[splitPermNum];

		if (pkg.applicationInfo.targetSdkVersion < splitPerm.targetSdk
		&& permissionsWithoutSplits.contains(splitPerm.rootPerm)) {
		Collections.addAll(permissions, splitPerm.newPerms);
		}
		}

		List<String> requestedPermissions = pkg.requestedPermissions;
		Set<String> grantablePermissions = null;