Revoke granted permission when the permission defining app is removed. (a32cd8d7) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+42 −2

Original line number	Diff line number	Diff line
		@@ -48,6 +48,7 @@ import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.content.Context;
		import android.content.pm.ApplicationInfo;
		import android.content.pm.PackageManager;
		import android.content.pm.PackageManager.PermissionWhitelistFlags;
		import android.content.pm.PackageManagerInternal;
		@@ -2587,7 +2588,7 @@ public class PermissionManagerService {

		// Make sure all dynamic permissions have been assigned to a package,
		// and make sure there are no dangling permissions.
		flags = updatePermissions(changingPkgName, changingPkg, flags);
		flags = updatePermissions(changingPkgName, changingPkg, flags, callback);

		synchronized (mLock) {
		if (mBackgroundPermissions == null) {
		@@ -2637,7 +2638,8 @@ public class PermissionManagerService {
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
		}

		private int updatePermissions(String packageName, PackageParser.Package pkg, int flags) {
		private int updatePermissions(String packageName, PackageParser.Package pkg, int flags,
		@Nullable PermissionCallback callback) {
		Set<BasePermission> needsUpdate = null;
		synchronized (mLock) {
		final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator();
		@@ -2651,6 +2653,44 @@ public class PermissionManagerService {
		&& (pkg == null \|\| !hasPermission(pkg, bp.getName()))) {
		Slog.i(TAG, "Removing old permission tree: " + bp.getName()
		+ " from package " + bp.getSourcePackageName());
		if (bp.isRuntime()) {
		final int[] userIds = mUserManagerInt.getUserIds();
		final int numUserIds = userIds.length;
		for (int userIdNum = 0; userIdNum < numUserIds; userIdNum++) {
		final int userId = userIds[userIdNum];

		mPackageManagerInt.forEachPackage((Package p) -> {
		final String pName = p.packageName;
		final ApplicationInfo appInfo =
		mPackageManagerInt.getApplicationInfo(pName, 0,
		Process.SYSTEM_UID, UserHandle.USER_SYSTEM);
		if (appInfo != null
		&& appInfo.targetSdkVersion < Build.VERSION_CODES.M) {
		return;
		}

		final String permissionName = bp.getName();
		if (checkPermission(permissionName, pName, Process.SYSTEM_UID,
		userId) == PackageManager.PERMISSION_GRANTED) {
		try {
		revokeRuntimePermission(
		permissionName,
		pName,
		false,
		userId,
		callback);
		} catch (IllegalArgumentException e) {
		Slog.e(TAG,
		"Failed to revoke "
		+ permissionName
		+ " from "
		+ pName,
		e);
		}
		}
		});
		}
		}
		flags \|= UPDATE_PERMISSIONS_ALL;
		it.remove();
		}