Loading services/core/java/com/android/server/pm/permission/PermissionManagerService.java +28 −2 Original line number Diff line number Diff line Loading @@ -66,9 +66,11 @@ import android.util.Slog; import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.Preconditions; import com.android.internal.util.function.TriFunction; import com.android.server.LocalServices; import com.android.server.pm.UserManagerInternal; import com.android.server.pm.UserManagerService; import com.android.server.pm.parsing.pkg.AndroidPackage; import com.android.server.pm.permission.PermissionManagerServiceInternal.HotwordDetectionServiceProvider; Loading Loading @@ -678,8 +680,23 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public void onPackageInstalled(@NonNull AndroidPackage pkg, int previousAppId, @NonNull PackageInstalledParams params, @UserIdInt int userId) { mPermissionManagerServiceImpl.onPackageInstalled(pkg, previousAppId, params, userId); @NonNull PackageInstalledParams params, @UserIdInt int rawUserId) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(params, "params"); Preconditions.checkArgument(rawUserId >= UserHandle.USER_SYSTEM || rawUserId == UserHandle.USER_ALL, "userId"); mPermissionManagerServiceImpl.onPackageInstalled(pkg, previousAppId, params, rawUserId); final int[] userIds = rawUserId == UserHandle.USER_ALL ? getAllUserIds() : new int[] { rawUserId }; for (final int userId : userIds) { final int autoRevokePermissionsMode = params.getAutoRevokePermissionsMode(); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId); } } } @Override Loading Loading @@ -779,6 +796,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { /* End of delegate methods to PermissionManagerServiceInterface */ } /** * Returns all relevant user ids. This list include the current set of created user ids as well * as pre-created user ids. * @return user ids for created users and pre-created users */ private int[] getAllUserIds() { return UserManagerService.getInstance().getUserIdsIncludingPreCreated(); } /** * Interface to intercept permission checks and optionally pass through to the original * implementation. Loading services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +0 −35 Original line number Diff line number Diff line Loading @@ -19,8 +19,6 @@ package com.android.server.pm.permission; import static android.Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_IGNORED; import static android.content.pm.PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT; import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION; import static android.content.pm.PackageManager.FLAG_PERMISSION_AUTO_REVOKED; Loading Loading @@ -63,7 +61,6 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.ActivityManager; import android.app.AppOpsManager; import android.app.IActivityManager; import android.app.admin.DevicePolicyManagerInternal; import android.compat.annotation.ChangeId; Loading Loading @@ -249,9 +246,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt /** Permission controller: User space permission management */ private PermissionControllerManager mPermissionControllerManager; /** App ops manager */ private final AppOpsManager mAppOpsManager; /** * Built-in permissions. Read from system configuration files. Mapping is from * UID to permission name. Loading Loading @@ -379,7 +373,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt mContext = context; mPackageManagerInt = LocalServices.getService(PackageManagerInternal.class); mUserManagerInt = LocalServices.getService(UserManagerInternal.class); mAppOpsManager = context.getSystemService(AppOpsManager.class); mPrivilegedPermissionAllowlistSourcePackageNames.add(PLATFORM_PACKAGE_NAME); // PackageManager.hasSystemFeature() is not used here because PackageManagerService Loading Loading @@ -4924,15 +4917,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt addAllowlistedRestrictedPermissionsInternal(pkg, params.getAllowlistedRestrictedPermissions(), FLAG_PERMISSION_WHITELIST_INSTALLER, userId); final int autoRevokePermissionsMode = params.getAutoRevokePermissionsMode(); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { // TODO: theianchen Bug: 182523293 // We should move this portion of code that's calling // setAutoRevokeExemptedInternal() into the old PMS setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId); } grantRequestedRuntimePermissionsInternal(pkg, params.getGrantedPermissions(), userId); } } Loading Loading @@ -5201,25 +5185,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt onPackageUninstalledInternal(packageName, appId, pkg, sharedUserPkgs, userIds); } private boolean setAutoRevokeExemptedInternal(@NonNull AndroidPackage pkg, boolean exempted, @UserIdInt int userId) { final int packageUid = UserHandle.getUid(userId, pkg.getUid()); if (mAppOpsManager.checkOpNoThrow(AppOpsManager.OP_AUTO_REVOKE_MANAGED_BY_INSTALLER, packageUid, pkg.getPackageName()) != MODE_ALLOWED) { // Allowlist user set - don't override return false; } final long identity = Binder.clearCallingIdentity(); try { mAppOpsManager.setMode(AppOpsManager.OP_AUTO_REVOKE_PERMISSIONS_IF_UNUSED, packageUid, pkg.getPackageName(), exempted ? MODE_IGNORED : MODE_ALLOWED); } finally { Binder.restoreCallingIdentity(identity); } return true; } /** * Callbacks invoked when interesting actions have been taken on a permission. * <p> Loading Loading
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +28 −2 Original line number Diff line number Diff line Loading @@ -66,9 +66,11 @@ import android.util.Slog; import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.Preconditions; import com.android.internal.util.function.TriFunction; import com.android.server.LocalServices; import com.android.server.pm.UserManagerInternal; import com.android.server.pm.UserManagerService; import com.android.server.pm.parsing.pkg.AndroidPackage; import com.android.server.pm.permission.PermissionManagerServiceInternal.HotwordDetectionServiceProvider; Loading Loading @@ -678,8 +680,23 @@ public class PermissionManagerService extends IPermissionManager.Stub { @Override public void onPackageInstalled(@NonNull AndroidPackage pkg, int previousAppId, @NonNull PackageInstalledParams params, @UserIdInt int userId) { mPermissionManagerServiceImpl.onPackageInstalled(pkg, previousAppId, params, userId); @NonNull PackageInstalledParams params, @UserIdInt int rawUserId) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(params, "params"); Preconditions.checkArgument(rawUserId >= UserHandle.USER_SYSTEM || rawUserId == UserHandle.USER_ALL, "userId"); mPermissionManagerServiceImpl.onPackageInstalled(pkg, previousAppId, params, rawUserId); final int[] userIds = rawUserId == UserHandle.USER_ALL ? getAllUserIds() : new int[] { rawUserId }; for (final int userId : userIds) { final int autoRevokePermissionsMode = params.getAutoRevokePermissionsMode(); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId); } } } @Override Loading Loading @@ -779,6 +796,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { /* End of delegate methods to PermissionManagerServiceInterface */ } /** * Returns all relevant user ids. This list include the current set of created user ids as well * as pre-created user ids. * @return user ids for created users and pre-created users */ private int[] getAllUserIds() { return UserManagerService.getInstance().getUserIdsIncludingPreCreated(); } /** * Interface to intercept permission checks and optionally pass through to the original * implementation. Loading
services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +0 −35 Original line number Diff line number Diff line Loading @@ -19,8 +19,6 @@ package com.android.server.pm.permission; import static android.Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_IGNORED; import static android.content.pm.PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT; import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION; import static android.content.pm.PackageManager.FLAG_PERMISSION_AUTO_REVOKED; Loading Loading @@ -63,7 +61,6 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.ActivityManager; import android.app.AppOpsManager; import android.app.IActivityManager; import android.app.admin.DevicePolicyManagerInternal; import android.compat.annotation.ChangeId; Loading Loading @@ -249,9 +246,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt /** Permission controller: User space permission management */ private PermissionControllerManager mPermissionControllerManager; /** App ops manager */ private final AppOpsManager mAppOpsManager; /** * Built-in permissions. Read from system configuration files. Mapping is from * UID to permission name. Loading Loading @@ -379,7 +373,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt mContext = context; mPackageManagerInt = LocalServices.getService(PackageManagerInternal.class); mUserManagerInt = LocalServices.getService(UserManagerInternal.class); mAppOpsManager = context.getSystemService(AppOpsManager.class); mPrivilegedPermissionAllowlistSourcePackageNames.add(PLATFORM_PACKAGE_NAME); // PackageManager.hasSystemFeature() is not used here because PackageManagerService Loading Loading @@ -4924,15 +4917,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt addAllowlistedRestrictedPermissionsInternal(pkg, params.getAllowlistedRestrictedPermissions(), FLAG_PERMISSION_WHITELIST_INSTALLER, userId); final int autoRevokePermissionsMode = params.getAutoRevokePermissionsMode(); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { // TODO: theianchen Bug: 182523293 // We should move this portion of code that's calling // setAutoRevokeExemptedInternal() into the old PMS setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId); } grantRequestedRuntimePermissionsInternal(pkg, params.getGrantedPermissions(), userId); } } Loading Loading @@ -5201,25 +5185,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt onPackageUninstalledInternal(packageName, appId, pkg, sharedUserPkgs, userIds); } private boolean setAutoRevokeExemptedInternal(@NonNull AndroidPackage pkg, boolean exempted, @UserIdInt int userId) { final int packageUid = UserHandle.getUid(userId, pkg.getUid()); if (mAppOpsManager.checkOpNoThrow(AppOpsManager.OP_AUTO_REVOKE_MANAGED_BY_INSTALLER, packageUid, pkg.getPackageName()) != MODE_ALLOWED) { // Allowlist user set - don't override return false; } final long identity = Binder.clearCallingIdentity(); try { mAppOpsManager.setMode(AppOpsManager.OP_AUTO_REVOKE_PERMISSIONS_IF_UNUSED, packageUid, pkg.getPackageName(), exempted ? MODE_IGNORED : MODE_ALLOWED); } finally { Binder.restoreCallingIdentity(identity); } return true; } /** * Callbacks invoked when interesting actions have been taken on a permission. * <p> Loading
