Merge "Resolve allowlisting "TODO" on package install" (a9d150be) · Commits · e / os / android_frameworks_base

services/permission/java/com/android/server/permission/access/permission/PermissionService.kt

+28 −7

Original line number	Diff line number	Diff line
		@@ -1394,6 +1394,22 @@ class PermissionService(
		return false
		}

		private fun addAllowlistedRestrictedPermissionsUnchecked(
		androidPackage: AndroidPackage,
		appId: Int,
		permissionNames: List<String>,
		userId: Int
		) {
		val newPermissionNames = getAllowlistedRestrictedPermissionsUnchecked(appId,
		PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER, userId
		)?.let {
		IndexedSet(permissionNames).apply { this += it }.toList()
		} ?: permissionNames

		setAllowlistedRestrictedPermissionsUnchecked(androidPackage, appId, newPermissionNames,
		PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER, userId)
		}

		override fun removeAllowlistedRestrictedPermission(
		packageName: String,
		permissionName: String,
		@@ -1445,7 +1461,7 @@ class PermissionService(

		private fun setAllowlistedRestrictedPermissions(
		packageName: String,
		allowlistedPermissions: List<String>,
		permissionNames: List<String>,
		allowlistedFlags: Int,
		userId: Int,
		isAddingPermission: Boolean
		@@ -1480,7 +1496,7 @@ class PermissionService(
		}

		setAllowlistedRestrictedPermissionsUnchecked(
		androidPackage, packageState.appId, allowlistedPermissions, allowlistedFlags, userId
		androidPackage, packageState.appId, permissionNames, allowlistedFlags, userId
		)

		return true
		@@ -1493,7 +1509,7 @@ class PermissionService(
		private fun setAllowlistedRestrictedPermissionsUnchecked(
		androidPackage: AndroidPackage,
		appId: Int,
		allowlistedPermissions: List<String>,
		permissionNames: List<String>,
		allowlistedFlags: Int,
		userId: Int
		) {
		@@ -1522,7 +1538,7 @@ class PermissionService(
		PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM -> {
		mask = mask or PermissionFlags.SYSTEM_EXEMPT
		newFlags =
		if (allowlistedPermissions.contains(requestedPermission)) {
		if (permissionNames.contains(requestedPermission)) {
		newFlags or PermissionFlags.SYSTEM_EXEMPT
		} else {
		newFlags andInv PermissionFlags.SYSTEM_EXEMPT
		@@ -1531,7 +1547,7 @@ class PermissionService(
		PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE -> {
		mask = mask or PermissionFlags.UPGRADE_EXEMPT
		newFlags =
		if (allowlistedPermissions.contains(requestedPermission)) {
		if (permissionNames.contains(requestedPermission)) {
		newFlags or PermissionFlags.UPGRADE_EXEMPT
		} else {
		newFlags andInv PermissionFlags.UPGRADE_EXEMPT
		@@ -1540,7 +1556,7 @@ class PermissionService(
		PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER -> {
		mask = mask or PermissionFlags.INSTALLER_EXEMPT
		newFlags =
		if (allowlistedPermissions.contains(requestedPermission)) {
		if (permissionNames.contains(requestedPermission)) {
		newFlags or PermissionFlags.INSTALLER_EXEMPT
		} else {
		newFlags andInv PermissionFlags.INSTALLER_EXEMPT
		@@ -1856,10 +1872,15 @@ class PermissionService(
		@Suppress("NAME_SHADOWING")
		userIds.forEach { userId ->
		service.onPackageInstalled(androidPackage.packageName, userId)
		}

		@Suppress("NAME_SHADOWING")
		userIds.forEach { userId ->
		// TODO: Remove when this callback receives packageState directly.
		val packageState =
		packageManagerInternal.getPackageStateInternal(androidPackage.packageName)!!
		// TODO: Add allowlisting
		addAllowlistedRestrictedPermissionsUnchecked(androidPackage, packageState.appId,
		params.allowlistedRestrictedPermissions, userId)
		setRequestedPermissionStates(packageState, userId, params.permissionStates)
		}
		}