Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b2c4bdb authored by Hai Zhang's avatar Hai Zhang
Browse files

Replace permissions API with onPackageInstalled(). 

This change replaces setAllowlistedRestrictedPermissions(),
setAutoRevokeExempted() and grantRequestedRuntimePermissions() with a
single onPackageInstalled() callback.

Bug: 158736025
Test: presubmit
Change-Id: Iec0973f8a4855c80e71ffc2c1466aababe93f66a
parent aedc4ae8

services/core/java/com/android/server/pm/PackageManagerService.java

+16 −30
Original line number Diff line number Diff line
@@ -21,7 +21,6 @@ import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; 
import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;

import static android.Manifest.permission.REQUEST_DELETE_PACKAGES;

import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS;

import static android.app.AppOpsManager.MODE_ALLOWED;

import static android.app.AppOpsManager.MODE_DEFAULT;

import static android.app.AppOpsManager.MODE_IGNORED;

import static android.content.Intent.ACTION_MAIN;
@@ -44,7 +43,6 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKED_COMPAT; 
import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER;

import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS;

import static android.content.pm.PackageManager.INSTALL_FAILED_BAD_PERMISSION_GROUP;

import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE;
@@ -2172,7 +2170,7 @@ public class PackageManagerService extends IPackageManager.Stub 














    private void handlePackagePostInstall(PackageInstalledInfo res, boolean grantPermissions,















            boolean killApp, boolean virtualPreload,













            String[] grantedPermissions, List<String> whitelistedRestrictedPermissions,













            String[] grantedPermissions, List<String> allowlistedRestrictedPermissions,















            int autoRevokePermissionsMode,















            boolean launchedForRestore, String installerPackage,















            IPackageInstallObserver2 installObserver, int dataLoaderType) {










@@ -2205,32 +2203,21 @@ public class PackageManagerService extends IPackageManager.Stub













                res.removedInfo.sendPackageRemovedBroadcasts(killApp, false /*removedBySystem*/);















            }



























            // Allowlist any restricted permissions first as some may be runtime













            // that the installer requested to be granted at install time.













            if (whitelistedRestrictedPermissions != null













                    && !whitelistedRestrictedPermissions.isEmpty()) {













                mPermissionManager.setAllowlistedRestrictedPermissions(res.pkg,













                        whitelistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER,













                        res.newUsers);













            final List<String> grantedPermissionsList;













            if (grantPermissions) {













                if (grantedPermissions != null) {













                    grantedPermissionsList = Arrays.asList(grantedPermissions);













                } else {













                    grantedPermissionsList = res.pkg.getRequestedPermissions();















                }

























            if (autoRevokePermissionsMode == MODE_ALLOWED













                    || autoRevokePermissionsMode == MODE_IGNORED) {













                mPermissionManager.setAutoRevokeExempted(res.pkg,













                        autoRevokePermissionsMode == MODE_IGNORED, res.newUsers);













            } else {













                grantedPermissionsList = Collections.emptyList();















            }

























            // Now that we successfully installed the package, grant runtime













            // permissions if requested before broadcasting the install. Also













            // for legacy apps in permission review mode we clear the permission













            // review flag which is used to emulate runtime permissions for













            // legacy apps.













            if (grantPermissions) {













                final int callingUid = Binder.getCallingUid();













                mPermissionManager.grantRequestedRuntimePermissions(res.pkg,













                        grantedPermissions != null ? Arrays.asList(grantedPermissions) : null,













                        res.newUsers);













            if (allowlistedRestrictedPermissions == null) {













                allowlistedRestrictedPermissions = Collections.emptyList();















            }













            mPermissionManager.onPackageInstalled(res.pkg, grantedPermissionsList,













                    allowlistedRestrictedPermissions, autoRevokePermissionsMode, res.newUsers);





























            final String installerPackageName =















                    res.installerPackageName != null










@@ -13681,9 +13668,8 @@ public class PackageManagerService extends IPackageManager.Stub













                            != 0) {















                        whiteListedPermissions = pkgSetting.pkg.getRequestedPermissions();















                    }













                    mPermissionManager.setAllowlistedRestrictedPermissions(pkgSetting.pkg,













                            whiteListedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER,













                            new int[] { userId });













                    mPermissionManager.onPackageInstalled(pkgSetting.pkg, Collections.emptyList(),













                            whiteListedPermissions, MODE_DEFAULT, new int[] { userId });















                }





























                if (pkgSetting.pkg != null) {

























services/core/java/com/android/server/pm/permission/PermissionManagerService.java



+28
−22




























Original line number
Diff line number
Diff line








@@ -4914,6 +4914,20 @@ public class PermissionManagerService extends IPermissionManager.Stub {













        return true;















    }





























    private void onPackageInstalledInternal(@NonNull AndroidPackage pkg,













            @NonNull List<String> grantedPermissions,













            @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode,













            @NonNull int[] userIds) {













        setAllowlistedRestrictedPermissionsInternal(pkg, allowlistedRestrictedPermissions,













                FLAG_PERMISSION_WHITELIST_INSTALLER, userIds);













        if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED













                || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) {













            setAutoRevokeExemptedInternal(pkg,













                    autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userIds);













        }













        grantRequestedRuntimePermissionsInternal(pkg, grantedPermissions, userIds);













    }





























    private void onPackageRemovedInternal(@NonNull AndroidPackage pkg) {















        removeAllPermissionsInternal(pkg);















    }










@@ -5080,28 +5094,6 @@ public class PermissionManagerService extends IPermissionManager.Stub {













            return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName);















        }















        @Override













        public void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg,













                @Nullable List<String> permissions, @NonNull int[] userIds) {













            Objects.requireNonNull(pkg, "pkg");













            Objects.requireNonNull(userIds, "userIds");













            grantRequestedRuntimePermissionsInternal(pkg, permissions, userIds);













        }













        @Override













        public void setAllowlistedRestrictedPermissions(@NonNull AndroidPackage pkg,













                @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags,













                @NonNull int[] userIds) {













            Objects.requireNonNull(pkg, "pkg");













            Objects.requireNonNull(userIds, "userIds");













            setAllowlistedRestrictedPermissionsInternal(pkg, permissions, allowlistFlags, userIds);













        }













        @Override













        public void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted,













                @NonNull int[] userIds) {













            Objects.requireNonNull(pkg, "pkg");













            Objects.requireNonNull(userIds, "userIds");













            setAutoRevokeExemptedInternal(pkg, exempted, userIds);













        }













        @Override















        public void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) {















            PermissionManagerService.this















                    .updatePermissions(packageName, pkg, mDefaultPermissionCallback);










@@ -5371,6 +5363,20 @@ public class PermissionManagerService extends IPermissionManager.Stub {













            onPackageAddedInternal(pkg, isInstantApp, oldPkg);















        }





























        @Override













        public void onPackageInstalled(@NonNull AndroidPackage pkg,













                @NonNull List<String> grantedPermissions,













                @NonNull List<String> allowlistedRestrictedPermissions,













                int autoRevokePermissionsMode, @NonNull int[] userIds) {













            Objects.requireNonNull(pkg, "pkg");













            Objects.requireNonNull(grantedPermissions, "grantedPermissions");













            Objects.requireNonNull(allowlistedRestrictedPermissions,













                    "allowlistedRestrictedPermissions");













            Objects.requireNonNull(userIds, "userIds");













            onPackageInstalledInternal(pkg, grantedPermissions, allowlistedRestrictedPermissions,













                    autoRevokePermissionsMode, userIds);













        }





























        @Override















        public void onPackageRemoved(@NonNull AndroidPackage pkg) {















            Objects.requireNonNull(pkg);

































services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java



+15
−37




























Original line number
Diff line number
Diff line








@@ -20,7 +20,6 @@ import android.annotation.AppIdInt;













import android.annotation.NonNull;















import android.annotation.Nullable;















import android.annotation.UserIdInt;













import android.content.pm.PackageManager;















import android.content.pm.PermissionInfo;















import android.permission.PermissionManagerInternal;


























@@ -189,42 +188,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager













    public abstract boolean isPermissionsReviewRequired(@NonNull String packageName,















            @UserIdInt int userId);





























    /**













     * Grant the requested runtime permissions for a package, or an explicit subset of them.













     *













     * @param pkg the package













     * @param permissions the names of the subset of permissions to be granted, or {@code null} for













     *                    granting all the requested permissions













     * @param userIds the user IDs













     */













    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)













    public abstract void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg,













            @Nullable List<String> permissions, @NonNull int[] userIds);



























    /**













     * Set the allowlisted restricted permissions for a package, or an explicit subset of them.













     *













     * @param pkg the package













     * @param permissions the names of the subset of permissions to be allowlisted, or {@code null}













     *                    for allowlisting all the requested restricted permissions













     * @param userIds the user IDs













     */













    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)













    public abstract void setAllowlistedRestrictedPermissions(













            @NonNull AndroidPackage pkg, @Nullable List<String> permissions,













            @PackageManager.PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds);



























    /**













     * Set whether a package is exempted from auto revoke.













     *













     * @param pkg the package













     * @param exempted whether the package is exempted from auto revoke













     * @param userIds the user IDs













     */













    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)













    public abstract void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted,













            @NonNull int[] userIds);





























    /**















     * Update permissions when a package changed.















     *










@@ -525,6 +488,21 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager













    public abstract void onPackageAdded(@NonNull AndroidPackage pkg, boolean isInstantApp,















            @Nullable AndroidPackage oldPkg);





























    /**













     * Callback when a package has been installed for certain users.













     *













     * @param pkg the installed package













     * @param grantedPermissions the permissions to be granted













     * @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted













     * @param autoRevokePermissionsMode the auto revoke permissions mode for this package













     * @param userIds the user IDs this package is installed for













     */













    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)













    public abstract void onPackageInstalled(@NonNull AndroidPackage pkg,













            @NonNull List<String> grantedPermissions,













            @NonNull List<String> allowlistedRestrictedPermissions,













            int autoRevokePermissionsMode, @NonNull int[] userIds);





























    /**















     * Callback when a package has been removed.















     *