Loading services/core/java/com/android/server/pm/PackageManagerService.java +23 −32 Original line number Diff line number Diff line Loading @@ -21,7 +21,6 @@ import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_DEFAULT; import static android.app.AppOpsManager.MODE_IGNORED; import static android.content.Intent.ACTION_MAIN; Loading @@ -44,7 +43,6 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKED_COMPAT; import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER; import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS; import static android.content.pm.PackageManager.INSTALL_FAILED_BAD_PERMISSION_GROUP; import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE; Loading Loading @@ -2171,7 +2169,7 @@ public class PackageManagerService extends IPackageManager.Stub private void handlePackagePostInstall(PackageInstalledInfo res, boolean grantPermissions, boolean killApp, boolean virtualPreload, String[] grantedPermissions, List<String> whitelistedRestrictedPermissions, String[] grantedPermissions, List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, boolean launchedForRestore, String installerPackage, IPackageInstallObserver2 installObserver, int dataLoaderType) { Loading Loading @@ -2204,31 +2202,22 @@ public class PackageManagerService extends IPackageManager.Stub res.removedInfo.sendPackageRemovedBroadcasts(killApp, false /*removedBySystem*/); } // Allowlist any restricted permissions first as some may be runtime // that the installer requested to be granted at install time. if (whitelistedRestrictedPermissions != null && !whitelistedRestrictedPermissions.isEmpty()) { mPermissionManager.setAllowlistedRestrictedPermissions(res.pkg, whitelistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, res.newUsers); final List<String> grantedPermissionsList; if (grantPermissions) { if (grantedPermissions != null) { grantedPermissionsList = Arrays.asList(grantedPermissions); } else { grantedPermissionsList = res.pkg.getRequestedPermissions(); } if (autoRevokePermissionsMode == MODE_ALLOWED || autoRevokePermissionsMode == MODE_IGNORED) { mPermissionManager.setAutoRevokeExempted(res.pkg, autoRevokePermissionsMode == MODE_IGNORED, res.newUsers); } else { grantedPermissionsList = Collections.emptyList(); } // Now that we successfully installed the package, grant runtime // permissions if requested before broadcasting the install. Also // for legacy apps in permission review mode we clear the permission // review flag which is used to emulate runtime permissions for // legacy apps. if (grantPermissions) { final int callingUid = Binder.getCallingUid(); mPermissionManager.grantRequestedRuntimePermissions(res.pkg, grantedPermissions != null ? Arrays.asList(grantedPermissions) : null, res.newUsers); if (allowlistedRestrictedPermissions == null) { allowlistedRestrictedPermissions = Collections.emptyList(); } for (final int userId : res.newUsers) { mPermissionManager.onPackageInstalled(res.pkg, grantedPermissionsList, allowlistedRestrictedPermissions, autoRevokePermissionsMode, userId); } final String installerPackageName = Loading Loading @@ -13607,11 +13596,12 @@ public class PackageManagerService extends IPackageManager.Stub int installExistingPackageAsUser(@Nullable String packageName, @UserIdInt int userId, @PackageManager.InstallFlags int installFlags, @PackageManager.InstallReason int installReason, @Nullable List<String> whiteListedPermissions, @Nullable IntentSender intentSender) { @Nullable List<String> allowlistedRestrictedPermissions, @Nullable IntentSender intentSender) { if (DEBUG_INSTALL) { Log.v(TAG, "installExistingPackageAsUser package=" + packageName + " userId=" + userId + " installFlags=" + installFlags + " installReason=" + installReason + " whiteListedPermissions=" + whiteListedPermissions); + " allowlistedRestrictedPermissions=" + allowlistedRestrictedPermissions); } final int callingUid = Binder.getCallingUid(); Loading Loading @@ -13677,11 +13667,12 @@ public class PackageManagerService extends IPackageManager.Stub if (pkgSetting.pkg != null) { if ((installFlags & PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS) != 0) { whiteListedPermissions = pkgSetting.pkg.getRequestedPermissions(); allowlistedRestrictedPermissions = pkgSetting.pkg.getRequestedPermissions(); } else if (allowlistedRestrictedPermissions == null) { allowlistedRestrictedPermissions = Collections.emptyList(); } mPermissionManager.setAllowlistedRestrictedPermissions(pkgSetting.pkg, whiteListedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, new int[] { userId }); mPermissionManager.onPackageInstalled(pkgSetting.pkg, Collections.emptyList(), allowlistedRestrictedPermissions, MODE_DEFAULT, userId); } if (pkgSetting.pkg != null) { services/core/java/com/android/server/pm/permission/PermissionManagerService.java +195 −192 Original line number Diff line number Diff line Loading @@ -1249,10 +1249,19 @@ public class PermissionManagerService extends IPermissionManager.Stub { final long identity = Binder.clearCallingIdentity(); try { return getAllowlistedRestrictedPermissionsInternal(pkg, flags, userId); } finally { Binder.restoreCallingIdentity(identity); } } @Nullable private List<String> getAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg, @PermissionWhitelistFlags int flags, @UserIdInt int userId) { synchronized (mLock) { final UidPermissionState uidState = getUidStateLocked(pkg, userId); if (uidState == null) { Slog.e(TAG, "Missing permissions state for " + packageName + " and user " Slog.e(TAG, "Missing permissions state for " + pkg.getPackageName() + " and user " + userId); return null; } Loading @@ -1271,7 +1280,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { queryFlags |= FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT; } ArrayList<String> whitelistedPermissions = null; ArrayList<String> allowlistedPermissions = null; final int permissionCount = ArrayUtils.size(pkg.getRequestedPermissions()); for (int i = 0; i < permissionCount; i++) { Loading @@ -1279,17 +1288,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { final int currentFlags = uidState.getPermissionFlags(permissionName); if ((currentFlags & queryFlags) != 0) { if (whitelistedPermissions == null) { whitelistedPermissions = new ArrayList<>(); if (allowlistedPermissions == null) { allowlistedPermissions = new ArrayList<>(); } whitelistedPermissions.add(permissionName); allowlistedPermissions.add(permissionName); } } return whitelistedPermissions; } } finally { Binder.restoreCallingIdentity(identity); return allowlistedPermissions; } } Loading Loading @@ -1435,8 +1441,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { final long identity = Binder.clearCallingIdentity(); try { setAllowlistedRestrictedPermissionsInternal(pkg, permissions, flags, new int[] { userId }); setAllowlistedRestrictedPermissionsInternal(pkg, permissions, flags, userId); } finally { Binder.restoreCallingIdentity(identity); } Loading @@ -1459,13 +1464,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { return setAutoRevokeExemptedInternal(pkg, whitelisted, userId); } private void setAutoRevokeExemptedInternal(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds) { for (final int userId : userIds) { setAutoRevokeExemptedInternal(pkg, exempted, userId); } } private boolean setAutoRevokeExemptedInternal(@NonNull AndroidPackage pkg, boolean exempted, @UserIdInt int userId) { final int packageUid = UserHandle.getUid(userId, pkg.getUid()); Loading Loading @@ -3823,13 +3821,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } private void grantRequestedRuntimePermissionsInternal(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds) { for (int userId : userIds) { grantRequestedRuntimePermissionsForUser(pkg, permissions, userId); } } private void grantRequestedRuntimePermissionsForUser(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, int userId) { final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED | PackageManager.FLAG_PERMISSION_POLICY_FIXED; Loading Loading @@ -3876,15 +3867,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { private void setAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags, @UserIdInt int[] userIds) { SparseArray<ArraySet<String>> oldGrantedRestrictedPermissions = new SparseArray<>(); @UserIdInt int userId) { ArraySet<String> oldGrantedRestrictedPermissions = null; boolean updatePermissions = false; final int permissionCount = pkg.getRequestedPermissions().size(); final int myUid = Process.myUid(); for (int i = 0; i < userIds.length; i++) { int userId = userIds[i]; for (int j = 0; j < permissionCount; j++) { final String permissionName = pkg.getRequestedPermissions().get(j); Loading @@ -3905,10 +3893,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (isGranted) { if (oldGrantedRestrictedPermissions.get(userId) == null) { oldGrantedRestrictedPermissions.put(userId, new ArraySet<>()); if (oldGrantedRestrictedPermissions == null) { oldGrantedRestrictedPermissions = new ArraySet<>(); } oldGrantedRestrictedPermissions.get(userId).add(permissionName); oldGrantedRestrictedPermissions.add(permissionName); } final int oldFlags = getPermissionFlagsInternal(permissionName, Loading Loading @@ -3993,23 +3981,19 @@ public class PermissionManagerService extends IPermissionManager.Stub { updatePermissionFlagsInternal(permissionName, pkg.getPackageName(), mask, newFlags, myUid, userId, false, null /*callback*/); } } if (updatePermissions) { // Update permission of this app to take into account the new whitelist state. restorePermissionState(pkg, false, pkg.getPackageName(), mDefaultPermissionCallback); // If this resulted in losing a permission we need to kill the app. for (int i = 0; i < userIds.length; i++) { int userId = userIds[i]; ArraySet<String> oldPermsForUser = oldGrantedRestrictedPermissions.get(userId); if (oldPermsForUser == null) { continue; if (oldGrantedRestrictedPermissions == null) { return; } final int oldGrantedCount = oldPermsForUser.size(); final int oldGrantedCount = oldGrantedRestrictedPermissions.size(); for (int j = 0; j < oldGrantedCount; j++) { final String permissionName = oldPermsForUser.valueAt(j); final String permissionName = oldGrantedRestrictedPermissions.valueAt(j); // Sometimes we create a new permission state instance during update. final boolean isGranted; synchronized (mLock) { Loading @@ -4028,7 +4012,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } } } @UserIdInt private int revokeSharedUserPermissionsForDeletedPackageInternal( Loading Loading @@ -4963,6 +4946,34 @@ public class PermissionManagerService extends IPermissionManager.Stub { return true; } private void onPackageInstalledInternal(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @UserIdInt int userId) { addAllowlistedRestrictedPermissionsInternal(pkg, allowlistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, userId); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId); } grantRequestedRuntimePermissionsInternal(pkg, grantedPermissions, userId); } private void addAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg, @NonNull List<String> allowlistedRestrictedPermissions, @PermissionWhitelistFlags int flags, @UserIdInt int userId) { List<String> permissions = getAllowlistedRestrictedPermissionsInternal(pkg, flags, userId); if (permissions != null) { ArraySet<String> permissionSet = new ArraySet<>(permissions); permissionSet.addAll(allowlistedRestrictedPermissions); permissions = new ArrayList<>(permissionSet); } else { permissions = allowlistedRestrictedPermissions; } setAllowlistedRestrictedPermissionsInternal(pkg, permissions, flags, userId); } private void onPackageRemovedInternal(@NonNull AndroidPackage pkg) { removeAllPermissionsInternal(pkg); } Loading Loading @@ -5129,28 +5140,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName); } @Override public void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); grantRequestedRuntimePermissionsInternal(pkg, permissions, userIds); } @Override public void setAllowlistedRestrictedPermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAllowlistedRestrictedPermissionsInternal(pkg, permissions, allowlistFlags, userIds); } @Override public void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAutoRevokeExemptedInternal(pkg, exempted, userIds); } @Override public void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) { PermissionManagerService.this .updatePermissions(packageName, pkg, mDefaultPermissionCallback); Loading Loading @@ -5420,6 +5409,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { onPackageAddedInternal(pkg, isInstantApp, oldPkg); } @Override public void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @UserIdInt int userId) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(grantedPermissions, "grantedPermissions"); Objects.requireNonNull(allowlistedRestrictedPermissions, "allowlistedRestrictedPermissions"); Preconditions.checkArgumentNonNegative(userId, "userId"); onPackageInstalledInternal(pkg, grantedPermissions, allowlistedRestrictedPermissions, autoRevokePermissionsMode, userId); } @Override public void onPackageRemoved(@NonNull AndroidPackage pkg) { Objects.requireNonNull(pkg); Loading services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +15 −37 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ import android.annotation.AppIdInt; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.content.pm.PackageManager; import android.content.pm.PermissionInfo; import android.permission.PermissionManagerInternal; Loading Loading @@ -189,42 +188,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract boolean isPermissionsReviewRequired(@NonNull String packageName, @UserIdInt int userId); /** * Grant the requested runtime permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be granted, or {@code null} for * granting all the requested permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds); /** * Set the allowlisted restricted permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be allowlisted, or {@code null} * for allowlisting all the requested restricted permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAllowlistedRestrictedPermissions( @NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PackageManager.PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds); /** * Set whether a package is exempted from auto revoke. * * @param pkg the package * @param exempted whether the package is exempted from auto revoke * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds); /** * Update permissions when a package changed. * Loading Loading @@ -525,6 +488,21 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract void onPackageAdded(@NonNull AndroidPackage pkg, boolean isInstantApp, @Nullable AndroidPackage oldPkg); /** * Callback when a package has been installed for certain users. * * @param pkg the installed package * @param grantedPermissions the permissions to be granted * @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted * @param autoRevokePermissionsMode the auto revoke permissions mode for this package * @param userId the user ID this package is installed for */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @UserIdInt int userId); /** * Callback when a package has been removed. * Loading Loading
services/core/java/com/android/server/pm/PackageManagerService.java +23 −32 Original line number Diff line number Diff line Loading @@ -21,7 +21,6 @@ import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_DEFAULT; import static android.app.AppOpsManager.MODE_IGNORED; import static android.content.Intent.ACTION_MAIN; Loading @@ -44,7 +43,6 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKED_COMPAT; import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER; import static android.content.pm.PackageManager.INSTALL_FAILED_ALREADY_EXISTS; import static android.content.pm.PackageManager.INSTALL_FAILED_BAD_PERMISSION_GROUP; import static android.content.pm.PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE; Loading Loading @@ -2171,7 +2169,7 @@ public class PackageManagerService extends IPackageManager.Stub private void handlePackagePostInstall(PackageInstalledInfo res, boolean grantPermissions, boolean killApp, boolean virtualPreload, String[] grantedPermissions, List<String> whitelistedRestrictedPermissions, String[] grantedPermissions, List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, boolean launchedForRestore, String installerPackage, IPackageInstallObserver2 installObserver, int dataLoaderType) { Loading Loading @@ -2204,31 +2202,22 @@ public class PackageManagerService extends IPackageManager.Stub res.removedInfo.sendPackageRemovedBroadcasts(killApp, false /*removedBySystem*/); } // Allowlist any restricted permissions first as some may be runtime // that the installer requested to be granted at install time. if (whitelistedRestrictedPermissions != null && !whitelistedRestrictedPermissions.isEmpty()) { mPermissionManager.setAllowlistedRestrictedPermissions(res.pkg, whitelistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, res.newUsers); final List<String> grantedPermissionsList; if (grantPermissions) { if (grantedPermissions != null) { grantedPermissionsList = Arrays.asList(grantedPermissions); } else { grantedPermissionsList = res.pkg.getRequestedPermissions(); } if (autoRevokePermissionsMode == MODE_ALLOWED || autoRevokePermissionsMode == MODE_IGNORED) { mPermissionManager.setAutoRevokeExempted(res.pkg, autoRevokePermissionsMode == MODE_IGNORED, res.newUsers); } else { grantedPermissionsList = Collections.emptyList(); } // Now that we successfully installed the package, grant runtime // permissions if requested before broadcasting the install. Also // for legacy apps in permission review mode we clear the permission // review flag which is used to emulate runtime permissions for // legacy apps. if (grantPermissions) { final int callingUid = Binder.getCallingUid(); mPermissionManager.grantRequestedRuntimePermissions(res.pkg, grantedPermissions != null ? Arrays.asList(grantedPermissions) : null, res.newUsers); if (allowlistedRestrictedPermissions == null) { allowlistedRestrictedPermissions = Collections.emptyList(); } for (final int userId : res.newUsers) { mPermissionManager.onPackageInstalled(res.pkg, grantedPermissionsList, allowlistedRestrictedPermissions, autoRevokePermissionsMode, userId); } final String installerPackageName = Loading Loading @@ -13607,11 +13596,12 @@ public class PackageManagerService extends IPackageManager.Stub int installExistingPackageAsUser(@Nullable String packageName, @UserIdInt int userId, @PackageManager.InstallFlags int installFlags, @PackageManager.InstallReason int installReason, @Nullable List<String> whiteListedPermissions, @Nullable IntentSender intentSender) { @Nullable List<String> allowlistedRestrictedPermissions, @Nullable IntentSender intentSender) { if (DEBUG_INSTALL) { Log.v(TAG, "installExistingPackageAsUser package=" + packageName + " userId=" + userId + " installFlags=" + installFlags + " installReason=" + installReason + " whiteListedPermissions=" + whiteListedPermissions); + " allowlistedRestrictedPermissions=" + allowlistedRestrictedPermissions); } final int callingUid = Binder.getCallingUid(); Loading Loading @@ -13677,11 +13667,12 @@ public class PackageManagerService extends IPackageManager.Stub if (pkgSetting.pkg != null) { if ((installFlags & PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS) != 0) { whiteListedPermissions = pkgSetting.pkg.getRequestedPermissions(); allowlistedRestrictedPermissions = pkgSetting.pkg.getRequestedPermissions(); } else if (allowlistedRestrictedPermissions == null) { allowlistedRestrictedPermissions = Collections.emptyList(); } mPermissionManager.setAllowlistedRestrictedPermissions(pkgSetting.pkg, whiteListedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, new int[] { userId }); mPermissionManager.onPackageInstalled(pkgSetting.pkg, Collections.emptyList(), allowlistedRestrictedPermissions, MODE_DEFAULT, userId); } if (pkgSetting.pkg != null) {
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +195 −192 Original line number Diff line number Diff line Loading @@ -1249,10 +1249,19 @@ public class PermissionManagerService extends IPermissionManager.Stub { final long identity = Binder.clearCallingIdentity(); try { return getAllowlistedRestrictedPermissionsInternal(pkg, flags, userId); } finally { Binder.restoreCallingIdentity(identity); } } @Nullable private List<String> getAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg, @PermissionWhitelistFlags int flags, @UserIdInt int userId) { synchronized (mLock) { final UidPermissionState uidState = getUidStateLocked(pkg, userId); if (uidState == null) { Slog.e(TAG, "Missing permissions state for " + packageName + " and user " Slog.e(TAG, "Missing permissions state for " + pkg.getPackageName() + " and user " + userId); return null; } Loading @@ -1271,7 +1280,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { queryFlags |= FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT; } ArrayList<String> whitelistedPermissions = null; ArrayList<String> allowlistedPermissions = null; final int permissionCount = ArrayUtils.size(pkg.getRequestedPermissions()); for (int i = 0; i < permissionCount; i++) { Loading @@ -1279,17 +1288,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { final int currentFlags = uidState.getPermissionFlags(permissionName); if ((currentFlags & queryFlags) != 0) { if (whitelistedPermissions == null) { whitelistedPermissions = new ArrayList<>(); if (allowlistedPermissions == null) { allowlistedPermissions = new ArrayList<>(); } whitelistedPermissions.add(permissionName); allowlistedPermissions.add(permissionName); } } return whitelistedPermissions; } } finally { Binder.restoreCallingIdentity(identity); return allowlistedPermissions; } } Loading Loading @@ -1435,8 +1441,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { final long identity = Binder.clearCallingIdentity(); try { setAllowlistedRestrictedPermissionsInternal(pkg, permissions, flags, new int[] { userId }); setAllowlistedRestrictedPermissionsInternal(pkg, permissions, flags, userId); } finally { Binder.restoreCallingIdentity(identity); } Loading @@ -1459,13 +1464,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { return setAutoRevokeExemptedInternal(pkg, whitelisted, userId); } private void setAutoRevokeExemptedInternal(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds) { for (final int userId : userIds) { setAutoRevokeExemptedInternal(pkg, exempted, userId); } } private boolean setAutoRevokeExemptedInternal(@NonNull AndroidPackage pkg, boolean exempted, @UserIdInt int userId) { final int packageUid = UserHandle.getUid(userId, pkg.getUid()); Loading Loading @@ -3823,13 +3821,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } private void grantRequestedRuntimePermissionsInternal(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds) { for (int userId : userIds) { grantRequestedRuntimePermissionsForUser(pkg, permissions, userId); } } private void grantRequestedRuntimePermissionsForUser(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, int userId) { final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED | PackageManager.FLAG_PERMISSION_POLICY_FIXED; Loading Loading @@ -3876,15 +3867,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { private void setAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags, @UserIdInt int[] userIds) { SparseArray<ArraySet<String>> oldGrantedRestrictedPermissions = new SparseArray<>(); @UserIdInt int userId) { ArraySet<String> oldGrantedRestrictedPermissions = null; boolean updatePermissions = false; final int permissionCount = pkg.getRequestedPermissions().size(); final int myUid = Process.myUid(); for (int i = 0; i < userIds.length; i++) { int userId = userIds[i]; for (int j = 0; j < permissionCount; j++) { final String permissionName = pkg.getRequestedPermissions().get(j); Loading @@ -3905,10 +3893,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (isGranted) { if (oldGrantedRestrictedPermissions.get(userId) == null) { oldGrantedRestrictedPermissions.put(userId, new ArraySet<>()); if (oldGrantedRestrictedPermissions == null) { oldGrantedRestrictedPermissions = new ArraySet<>(); } oldGrantedRestrictedPermissions.get(userId).add(permissionName); oldGrantedRestrictedPermissions.add(permissionName); } final int oldFlags = getPermissionFlagsInternal(permissionName, Loading Loading @@ -3993,23 +3981,19 @@ public class PermissionManagerService extends IPermissionManager.Stub { updatePermissionFlagsInternal(permissionName, pkg.getPackageName(), mask, newFlags, myUid, userId, false, null /*callback*/); } } if (updatePermissions) { // Update permission of this app to take into account the new whitelist state. restorePermissionState(pkg, false, pkg.getPackageName(), mDefaultPermissionCallback); // If this resulted in losing a permission we need to kill the app. for (int i = 0; i < userIds.length; i++) { int userId = userIds[i]; ArraySet<String> oldPermsForUser = oldGrantedRestrictedPermissions.get(userId); if (oldPermsForUser == null) { continue; if (oldGrantedRestrictedPermissions == null) { return; } final int oldGrantedCount = oldPermsForUser.size(); final int oldGrantedCount = oldGrantedRestrictedPermissions.size(); for (int j = 0; j < oldGrantedCount; j++) { final String permissionName = oldPermsForUser.valueAt(j); final String permissionName = oldGrantedRestrictedPermissions.valueAt(j); // Sometimes we create a new permission state instance during update. final boolean isGranted; synchronized (mLock) { Loading @@ -4028,7 +4012,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } } } @UserIdInt private int revokeSharedUserPermissionsForDeletedPackageInternal( Loading Loading @@ -4963,6 +4946,34 @@ public class PermissionManagerService extends IPermissionManager.Stub { return true; } private void onPackageInstalledInternal(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @UserIdInt int userId) { addAllowlistedRestrictedPermissionsInternal(pkg, allowlistedRestrictedPermissions, FLAG_PERMISSION_WHITELIST_INSTALLER, userId); if (autoRevokePermissionsMode == AppOpsManager.MODE_ALLOWED || autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED) { setAutoRevokeExemptedInternal(pkg, autoRevokePermissionsMode == AppOpsManager.MODE_IGNORED, userId); } grantRequestedRuntimePermissionsInternal(pkg, grantedPermissions, userId); } private void addAllowlistedRestrictedPermissionsInternal(@NonNull AndroidPackage pkg, @NonNull List<String> allowlistedRestrictedPermissions, @PermissionWhitelistFlags int flags, @UserIdInt int userId) { List<String> permissions = getAllowlistedRestrictedPermissionsInternal(pkg, flags, userId); if (permissions != null) { ArraySet<String> permissionSet = new ArraySet<>(permissions); permissionSet.addAll(allowlistedRestrictedPermissions); permissions = new ArrayList<>(permissionSet); } else { permissions = allowlistedRestrictedPermissions; } setAllowlistedRestrictedPermissionsInternal(pkg, permissions, flags, userId); } private void onPackageRemovedInternal(@NonNull AndroidPackage pkg) { removeAllPermissionsInternal(pkg); } Loading Loading @@ -5129,28 +5140,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName); } @Override public void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); grantRequestedRuntimePermissionsInternal(pkg, permissions, userIds); } @Override public void setAllowlistedRestrictedPermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAllowlistedRestrictedPermissionsInternal(pkg, permissions, allowlistFlags, userIds); } @Override public void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(userIds, "userIds"); setAutoRevokeExemptedInternal(pkg, exempted, userIds); } @Override public void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) { PermissionManagerService.this .updatePermissions(packageName, pkg, mDefaultPermissionCallback); Loading Loading @@ -5420,6 +5409,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { onPackageAddedInternal(pkg, isInstantApp, oldPkg); } @Override public void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @UserIdInt int userId) { Objects.requireNonNull(pkg, "pkg"); Objects.requireNonNull(grantedPermissions, "grantedPermissions"); Objects.requireNonNull(allowlistedRestrictedPermissions, "allowlistedRestrictedPermissions"); Preconditions.checkArgumentNonNegative(userId, "userId"); onPackageInstalledInternal(pkg, grantedPermissions, allowlistedRestrictedPermissions, autoRevokePermissionsMode, userId); } @Override public void onPackageRemoved(@NonNull AndroidPackage pkg) { Objects.requireNonNull(pkg); Loading
services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +15 −37 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ import android.annotation.AppIdInt; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.content.pm.PackageManager; import android.content.pm.PermissionInfo; import android.permission.PermissionManagerInternal; Loading Loading @@ -189,42 +188,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract boolean isPermissionsReviewRequired(@NonNull String packageName, @UserIdInt int userId); /** * Grant the requested runtime permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be granted, or {@code null} for * granting all the requested permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void grantRequestedRuntimePermissions(@NonNull AndroidPackage pkg, @Nullable List<String> permissions, @NonNull int[] userIds); /** * Set the allowlisted restricted permissions for a package, or an explicit subset of them. * * @param pkg the package * @param permissions the names of the subset of permissions to be allowlisted, or {@code null} * for allowlisting all the requested restricted permissions * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAllowlistedRestrictedPermissions( @NonNull AndroidPackage pkg, @Nullable List<String> permissions, @PackageManager.PermissionWhitelistFlags int allowlistFlags, @NonNull int[] userIds); /** * Set whether a package is exempted from auto revoke. * * @param pkg the package * @param exempted whether the package is exempted from auto revoke * @param userIds the user IDs */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void setAutoRevokeExempted(@NonNull AndroidPackage pkg, boolean exempted, @NonNull int[] userIds); /** * Update permissions when a package changed. * Loading Loading @@ -525,6 +488,21 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract void onPackageAdded(@NonNull AndroidPackage pkg, boolean isInstantApp, @Nullable AndroidPackage oldPkg); /** * Callback when a package has been installed for certain users. * * @param pkg the installed package * @param grantedPermissions the permissions to be granted * @param allowlistedRestrictedPermissions the restricted permissions to be allowlisted * @param autoRevokePermissionsMode the auto revoke permissions mode for this package * @param userId the user ID this package is installed for */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void onPackageInstalled(@NonNull AndroidPackage pkg, @NonNull List<String> grantedPermissions, @NonNull List<String> allowlistedRestrictedPermissions, int autoRevokePermissionsMode, @UserIdInt int userId); /** * Callback when a package has been removed. * Loading
