Loading core/java/com/android/server/SystemConfig.java +2 −2 Original line number Diff line number Diff line Loading @@ -46,6 +46,7 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.XmlUtils; import libcore.io.IoUtils; import libcore.util.EmptyArray; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParserException; Loading @@ -55,7 +56,6 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.util.Arrays; import java.util.ArrayList; import java.util.Collections; import java.util.List; Loading Loading @@ -95,7 +95,7 @@ public class SystemConfig { private static final String VENDOR_SKU_PROPERTY = "ro.boot.product.vendor.sku"; // Group-ids that are given to all packages as read from etc/permissions/*.xml. int[] mGlobalGids; int[] mGlobalGids = EmptyArray.INT; // These are the built-in uid -> permission mappings that were read from the // system configuration files. Loading services/core/java/com/android/server/pm/permission/BasePermission.java +12 −7 Original line number Diff line number Diff line Loading @@ -36,13 +36,14 @@ import android.os.UserHandle; import android.util.Log; import android.util.Slog; import com.android.internal.util.ArrayUtils; import com.android.server.pm.DumpState; import com.android.server.pm.PackageManagerService; import com.android.server.pm.PackageSettingBase; import com.android.server.pm.parsing.PackageInfoUtils; import com.android.server.pm.parsing.pkg.AndroidPackage; import libcore.util.EmptyArray; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlSerializer; Loading Loading @@ -95,7 +96,8 @@ public final class BasePermission { int uid; /** Additional GIDs given to apps granted this permission */ private int[] gids; @NonNull private int[] gids = EmptyArray.INT; /** * Flag indicating that {@link #gids} should be adjusted based on the Loading Loading @@ -132,7 +134,7 @@ public final class BasePermission { public int getUid() { return uid; } public void setGids(int[] gids, boolean perUser) { public void setGids(@NonNull int[] gids, boolean perUser) { this.gids = gids; this.perUser = perUser; } Loading @@ -141,18 +143,20 @@ public final class BasePermission { } public boolean hasGids() { return !ArrayUtils.isEmpty(gids); return gids.length != 0; } @NonNull public int[] computeGids(int userId) { if (perUser) { final int[] userGids = new int[gids.length]; for (int i = 0; i < gids.length; i++) { userGids[i] = UserHandle.getUid(userId, gids[i]); final int gid = gids[i]; userGids[i] = UserHandle.getUid(userId, gid); } return userGids; } else { return gids; return gids.length != 0 ? gids.clone() : gids; } } Loading Loading @@ -291,7 +295,8 @@ public final class BasePermission { pendingPermissionInfo.packageName = newPackageName; } uid = 0; setGids(null, false); gids = EmptyArray.INT; perUser = false; } public boolean addToTree(@ProtectionLevel int protectionLevel, Loading services/core/java/com/android/server/pm/permission/PermissionManagerService.java +35 −73 Original line number Diff line number Diff line Loading @@ -55,7 +55,6 @@ import static com.android.server.pm.PackageManagerService.DEBUG_PACKAGE_SCANNING import static com.android.server.pm.PackageManagerService.DEBUG_PERMISSIONS; import static com.android.server.pm.PackageManagerService.DEBUG_REMOVE; import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME; import static com.android.server.pm.permission.UidPermissionState.PERMISSION_OPERATION_FAILURE; import static java.util.concurrent.TimeUnit.SECONDS; Loading Loading @@ -154,6 +153,8 @@ import com.android.server.pm.permission.PermissionManagerServiceInternal.Permiss import com.android.server.policy.PermissionPolicyInternal; import com.android.server.policy.SoftRestrictedPermissionPolicy; import libcore.util.EmptyArray; import java.io.FileDescriptor; import java.io.PrintWriter; import java.lang.annotation.Retention; Loading Loading @@ -247,6 +248,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { private final SparseArray<ArraySet<String>> mSystemPermissions; /** Built-in group IDs given to all packages. Read from system configuration files. */ @NonNull private final int[] mGlobalGids; private final HandlerThread mHandlerThread; Loading Loading @@ -1513,7 +1515,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // normal runtime permissions. For now they apply to all users. // TODO(zhanghai): We are breaking the behavior above by making all permission state // per-user. It isn't documented behavior and relatively rarely used anyway. if (uidState.grantPermission(bp) != PERMISSION_OPERATION_FAILURE) { if (uidState.grantPermission(bp)) { if (callback != null) { callback.onInstallPermissionGranted(); } Loading @@ -1531,19 +1533,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { return; } final int result = uidState.grantPermission(bp); switch (result) { case PERMISSION_OPERATION_FAILURE: { if (!uidState.grantPermission(bp)) { return; } case UidPermissionState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: { if (bp.hasGids()) { if (callback != null) { callback.onGidsChanged(UserHandle.getAppId(pkg.getUid()), userId); } } break; } if (bp.isRuntime()) { logPermission(MetricsEvent.ACTION_PERMISSION_GRANTED, permName, packageName); Loading Loading @@ -1662,7 +1660,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // normal runtime permissions. For now they apply to all users. // TODO(zhanghai): We are breaking the behavior above by making all permission state // per-user. It isn't documented behavior and relatively rarely used anyway. if (uidState.revokePermission(bp) != PERMISSION_OPERATION_FAILURE) { if (uidState.revokePermission(bp)) { if (callback != null) { mDefaultPermissionCallback.onInstallPermissionRevoked(); } Loading @@ -1670,12 +1668,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { return; } // Permission is already revoked, no need to do anything. if (!uidState.isPermissionGranted(permName)) { return; } if (uidState.revokePermission(bp) == PERMISSION_OPERATION_FAILURE) { if (!uidState.revokePermission(bp)) { return; } Loading Loading @@ -2525,11 +2518,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } @Nullable @NonNull private int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId) { BasePermission permission = mSettings.getPermission(permissionName); if (permission == null) { return null; return EmptyArray.INT; } return permission.computeGids(userId); } Loading Loading @@ -2650,8 +2643,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } uidState.setGlobalGids(mGlobalGids); ArraySet<String> newImplicitPermissions = new ArraySet<>(); final String friendlyName = pkg.getPackageName() + "(" + pkg.getUid() + ")"; Loading Loading @@ -2786,7 +2777,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { switch (grant) { case GRANT_INSTALL: { // Grant an install permission. if (uidState.grantPermission(bp) != PERMISSION_OPERATION_FAILURE) { if (uidState.grantPermission(bp)) { changedInstallPermission = true; } } break; Loading Loading @@ -2818,8 +2809,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { if (permissionPolicyInitialized && hardRestricted) { if (!restrictionExempt) { if (origPermState != null && origPermState.isGranted() && uidState.revokePermission( bp) != PERMISSION_OPERATION_FAILURE) { && uidState.revokePermission(bp)) { wasChanged = true; } if (!restrictionApplied) { Loading Loading @@ -2851,8 +2841,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { || (!hardRestricted || restrictionExempt)) { if ((origPermState != null && origPermState.isGranted()) || upgradedActivityRecognitionPermission != null) { if (uidState.grantPermission(bp) == PERMISSION_OPERATION_FAILURE) { if (!uidState.grantPermission(bp)) { wasChanged = true; } } Loading @@ -2871,8 +2860,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (!uidState.isPermissionGranted(bp.name) && uidState.grantPermission(bp) != PERMISSION_OPERATION_FAILURE) { && uidState.grantPermission(bp)) { wasChanged = true; } Loading Loading @@ -2920,13 +2908,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } break; } } else { if (uidState.revokePermission(bp) != PERMISSION_OPERATION_FAILURE) { // Also drop the permission flags. uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0); changedInstallPermission = true; if (DEBUG_PERMISSIONS) { Slog.i(TAG, "Un-granting permission " + perm boolean wasGranted = uidState.isPermissionGranted(bp.name); if (wasGranted || bp.isAppOp()) { Slog.i(TAG, (wasGranted ? "Un-granting" : "Not granting") + " permission " + perm + " from package " + friendlyName + " (protectionLevel=" + bp.getProtectionLevel() + " flags=0x" Loading @@ -2934,20 +2920,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { ps)) + ")"); } } else if (bp.isAppOp()) { // Don't print warning for app op permissions, since it is fine for them // not to be granted, there is a UI for the user to decide. if (DEBUG_PERMISSIONS && (packageOfInterest == null || packageOfInterest.equals(pkg.getPackageName()))) { Slog.i(TAG, "Not granting permission " + perm + " to package " + friendlyName + " (protectionLevel=" + bp.getProtectionLevel() + " flags=0x" + Integer.toHexString(PackageInfoUtils.appInfoFlags(pkg, ps)) + ")"); } if (uidState.removePermissionState(bp.name)) { changedInstallPermission = true; } } } Loading Loading @@ -3026,8 +3001,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { if ((flags & BLOCKING_PERMISSION_FLAGS) == 0 && supportsRuntimePermissions) { int revokeResult = ps.revokePermission(bp); if (revokeResult != PERMISSION_OPERATION_FAILURE) { if (ps.revokePermission(bp)) { if (DEBUG_PERMISSIONS) { Slog.i(TAG, "Revoking runtime permission " + permission + " for " + pkgName Loading Loading @@ -3895,14 +3869,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } // The package is gone - no need to keep flags for applying policy. uidState.updatePermissionFlags(bp, PackageManager.MASK_PERMISSION_FLAGS_ALL, 0); // Try to revoke as a runtime permission which is per user. // TODO(zhanghai): This doesn't make sense. revokePermission() doesn't fail, and why are // we only killing the uid when gids changed, instead of any permission change? if (uidState.revokePermission(bp) == UidPermissionState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED) { // TODO(zhanghai): Why are we only killing the UID when GIDs changed, instead of any // permission change? if (uidState.removePermissionState(bp.name) && bp.hasGids()) { affectedUserId = userId; } } Loading Loading @@ -3935,17 +3904,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { boolean runtimePermissionChanged = false; // Prune permissions final List<com.android.server.pm.permission.PermissionState> permissionStates = uidState.getPermissionStates(); final List<PermissionState> permissionStates = uidState.getPermissionStates(); final int permissionStatesSize = permissionStates.size(); for (int i = permissionStatesSize - 1; i >= 0; i--) { PermissionState permissionState = permissionStates.get(i); if (!usedPermissions.contains(permissionState.getName())) { BasePermission bp = mSettings.getPermissionLocked(permissionState.getName()); if (bp != null) { uidState.revokePermission(bp); uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0); if (permissionState.isRuntime()) { if (uidState.removePermissionState(bp.name) && permissionState.isRuntime()) { runtimePermissionChanged = true; } } Loading Loading @@ -4208,11 +4174,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { + p.getPackageName() + " and user " + userId); return; } if (uidState.getPermissionState(bp.getName()) != null) { uidState.revokePermission(bp); uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0); } uidState.removePermissionState(bp.name); } }); } Loading Loading @@ -4771,7 +4733,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { Slog.e(TAG, "Missing permissions state for app ID " + appId + " and user ID " + userId); return EMPTY_INT_ARRAY; } return uidState.computeGids(userId); return uidState.computeGids(mGlobalGids, userId); } private class PermissionManagerServiceInternalImpl extends PermissionManagerServiceInternal { Loading Loading @@ -4834,7 +4796,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { @UserIdInt int userId) { return PermissionManagerService.this.getGrantedPermissions(packageName, userId); } @Nullable @NonNull @Override public int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId) { return PermissionManagerService.this.getPermissionGids(permissionName, userId); Loading services/core/java/com/android/server/pm/permission/PermissionState.java +1 −2 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.server.pm.permission; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import com.android.internal.annotations.GuardedBy; Loading Loading @@ -62,7 +61,7 @@ public final class PermissionState { return mPermission.getName(); } @Nullable @NonNull public int[] computeGids(@UserIdInt int userId) { return mPermission.computeGids(userId); } Loading services/core/java/com/android/server/pm/permission/UidPermissionState.java +98 −205 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
core/java/com/android/server/SystemConfig.java +2 −2 Original line number Diff line number Diff line Loading @@ -46,6 +46,7 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.XmlUtils; import libcore.io.IoUtils; import libcore.util.EmptyArray; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParserException; Loading @@ -55,7 +56,6 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.util.Arrays; import java.util.ArrayList; import java.util.Collections; import java.util.List; Loading Loading @@ -95,7 +95,7 @@ public class SystemConfig { private static final String VENDOR_SKU_PROPERTY = "ro.boot.product.vendor.sku"; // Group-ids that are given to all packages as read from etc/permissions/*.xml. int[] mGlobalGids; int[] mGlobalGids = EmptyArray.INT; // These are the built-in uid -> permission mappings that were read from the // system configuration files. Loading
services/core/java/com/android/server/pm/permission/BasePermission.java +12 −7 Original line number Diff line number Diff line Loading @@ -36,13 +36,14 @@ import android.os.UserHandle; import android.util.Log; import android.util.Slog; import com.android.internal.util.ArrayUtils; import com.android.server.pm.DumpState; import com.android.server.pm.PackageManagerService; import com.android.server.pm.PackageSettingBase; import com.android.server.pm.parsing.PackageInfoUtils; import com.android.server.pm.parsing.pkg.AndroidPackage; import libcore.util.EmptyArray; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlSerializer; Loading Loading @@ -95,7 +96,8 @@ public final class BasePermission { int uid; /** Additional GIDs given to apps granted this permission */ private int[] gids; @NonNull private int[] gids = EmptyArray.INT; /** * Flag indicating that {@link #gids} should be adjusted based on the Loading Loading @@ -132,7 +134,7 @@ public final class BasePermission { public int getUid() { return uid; } public void setGids(int[] gids, boolean perUser) { public void setGids(@NonNull int[] gids, boolean perUser) { this.gids = gids; this.perUser = perUser; } Loading @@ -141,18 +143,20 @@ public final class BasePermission { } public boolean hasGids() { return !ArrayUtils.isEmpty(gids); return gids.length != 0; } @NonNull public int[] computeGids(int userId) { if (perUser) { final int[] userGids = new int[gids.length]; for (int i = 0; i < gids.length; i++) { userGids[i] = UserHandle.getUid(userId, gids[i]); final int gid = gids[i]; userGids[i] = UserHandle.getUid(userId, gid); } return userGids; } else { return gids; return gids.length != 0 ? gids.clone() : gids; } } Loading Loading @@ -291,7 +295,8 @@ public final class BasePermission { pendingPermissionInfo.packageName = newPackageName; } uid = 0; setGids(null, false); gids = EmptyArray.INT; perUser = false; } public boolean addToTree(@ProtectionLevel int protectionLevel, Loading
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +35 −73 Original line number Diff line number Diff line Loading @@ -55,7 +55,6 @@ import static com.android.server.pm.PackageManagerService.DEBUG_PACKAGE_SCANNING import static com.android.server.pm.PackageManagerService.DEBUG_PERMISSIONS; import static com.android.server.pm.PackageManagerService.DEBUG_REMOVE; import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME; import static com.android.server.pm.permission.UidPermissionState.PERMISSION_OPERATION_FAILURE; import static java.util.concurrent.TimeUnit.SECONDS; Loading Loading @@ -154,6 +153,8 @@ import com.android.server.pm.permission.PermissionManagerServiceInternal.Permiss import com.android.server.policy.PermissionPolicyInternal; import com.android.server.policy.SoftRestrictedPermissionPolicy; import libcore.util.EmptyArray; import java.io.FileDescriptor; import java.io.PrintWriter; import java.lang.annotation.Retention; Loading Loading @@ -247,6 +248,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { private final SparseArray<ArraySet<String>> mSystemPermissions; /** Built-in group IDs given to all packages. Read from system configuration files. */ @NonNull private final int[] mGlobalGids; private final HandlerThread mHandlerThread; Loading Loading @@ -1513,7 +1515,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // normal runtime permissions. For now they apply to all users. // TODO(zhanghai): We are breaking the behavior above by making all permission state // per-user. It isn't documented behavior and relatively rarely used anyway. if (uidState.grantPermission(bp) != PERMISSION_OPERATION_FAILURE) { if (uidState.grantPermission(bp)) { if (callback != null) { callback.onInstallPermissionGranted(); } Loading @@ -1531,19 +1533,15 @@ public class PermissionManagerService extends IPermissionManager.Stub { return; } final int result = uidState.grantPermission(bp); switch (result) { case PERMISSION_OPERATION_FAILURE: { if (!uidState.grantPermission(bp)) { return; } case UidPermissionState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: { if (bp.hasGids()) { if (callback != null) { callback.onGidsChanged(UserHandle.getAppId(pkg.getUid()), userId); } } break; } if (bp.isRuntime()) { logPermission(MetricsEvent.ACTION_PERMISSION_GRANTED, permName, packageName); Loading Loading @@ -1662,7 +1660,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // normal runtime permissions. For now they apply to all users. // TODO(zhanghai): We are breaking the behavior above by making all permission state // per-user. It isn't documented behavior and relatively rarely used anyway. if (uidState.revokePermission(bp) != PERMISSION_OPERATION_FAILURE) { if (uidState.revokePermission(bp)) { if (callback != null) { mDefaultPermissionCallback.onInstallPermissionRevoked(); } Loading @@ -1670,12 +1668,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { return; } // Permission is already revoked, no need to do anything. if (!uidState.isPermissionGranted(permName)) { return; } if (uidState.revokePermission(bp) == PERMISSION_OPERATION_FAILURE) { if (!uidState.revokePermission(bp)) { return; } Loading Loading @@ -2525,11 +2518,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } @Nullable @NonNull private int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId) { BasePermission permission = mSettings.getPermission(permissionName); if (permission == null) { return null; return EmptyArray.INT; } return permission.computeGids(userId); } Loading Loading @@ -2650,8 +2643,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } uidState.setGlobalGids(mGlobalGids); ArraySet<String> newImplicitPermissions = new ArraySet<>(); final String friendlyName = pkg.getPackageName() + "(" + pkg.getUid() + ")"; Loading Loading @@ -2786,7 +2777,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { switch (grant) { case GRANT_INSTALL: { // Grant an install permission. if (uidState.grantPermission(bp) != PERMISSION_OPERATION_FAILURE) { if (uidState.grantPermission(bp)) { changedInstallPermission = true; } } break; Loading Loading @@ -2818,8 +2809,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { if (permissionPolicyInitialized && hardRestricted) { if (!restrictionExempt) { if (origPermState != null && origPermState.isGranted() && uidState.revokePermission( bp) != PERMISSION_OPERATION_FAILURE) { && uidState.revokePermission(bp)) { wasChanged = true; } if (!restrictionApplied) { Loading Loading @@ -2851,8 +2841,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { || (!hardRestricted || restrictionExempt)) { if ((origPermState != null && origPermState.isGranted()) || upgradedActivityRecognitionPermission != null) { if (uidState.grantPermission(bp) == PERMISSION_OPERATION_FAILURE) { if (!uidState.grantPermission(bp)) { wasChanged = true; } } Loading @@ -2871,8 +2860,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (!uidState.isPermissionGranted(bp.name) && uidState.grantPermission(bp) != PERMISSION_OPERATION_FAILURE) { && uidState.grantPermission(bp)) { wasChanged = true; } Loading Loading @@ -2920,13 +2908,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } break; } } else { if (uidState.revokePermission(bp) != PERMISSION_OPERATION_FAILURE) { // Also drop the permission flags. uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0); changedInstallPermission = true; if (DEBUG_PERMISSIONS) { Slog.i(TAG, "Un-granting permission " + perm boolean wasGranted = uidState.isPermissionGranted(bp.name); if (wasGranted || bp.isAppOp()) { Slog.i(TAG, (wasGranted ? "Un-granting" : "Not granting") + " permission " + perm + " from package " + friendlyName + " (protectionLevel=" + bp.getProtectionLevel() + " flags=0x" Loading @@ -2934,20 +2920,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { ps)) + ")"); } } else if (bp.isAppOp()) { // Don't print warning for app op permissions, since it is fine for them // not to be granted, there is a UI for the user to decide. if (DEBUG_PERMISSIONS && (packageOfInterest == null || packageOfInterest.equals(pkg.getPackageName()))) { Slog.i(TAG, "Not granting permission " + perm + " to package " + friendlyName + " (protectionLevel=" + bp.getProtectionLevel() + " flags=0x" + Integer.toHexString(PackageInfoUtils.appInfoFlags(pkg, ps)) + ")"); } if (uidState.removePermissionState(bp.name)) { changedInstallPermission = true; } } } Loading Loading @@ -3026,8 +3001,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { if ((flags & BLOCKING_PERMISSION_FLAGS) == 0 && supportsRuntimePermissions) { int revokeResult = ps.revokePermission(bp); if (revokeResult != PERMISSION_OPERATION_FAILURE) { if (ps.revokePermission(bp)) { if (DEBUG_PERMISSIONS) { Slog.i(TAG, "Revoking runtime permission " + permission + " for " + pkgName Loading Loading @@ -3895,14 +3869,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } // The package is gone - no need to keep flags for applying policy. uidState.updatePermissionFlags(bp, PackageManager.MASK_PERMISSION_FLAGS_ALL, 0); // Try to revoke as a runtime permission which is per user. // TODO(zhanghai): This doesn't make sense. revokePermission() doesn't fail, and why are // we only killing the uid when gids changed, instead of any permission change? if (uidState.revokePermission(bp) == UidPermissionState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED) { // TODO(zhanghai): Why are we only killing the UID when GIDs changed, instead of any // permission change? if (uidState.removePermissionState(bp.name) && bp.hasGids()) { affectedUserId = userId; } } Loading Loading @@ -3935,17 +3904,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { boolean runtimePermissionChanged = false; // Prune permissions final List<com.android.server.pm.permission.PermissionState> permissionStates = uidState.getPermissionStates(); final List<PermissionState> permissionStates = uidState.getPermissionStates(); final int permissionStatesSize = permissionStates.size(); for (int i = permissionStatesSize - 1; i >= 0; i--) { PermissionState permissionState = permissionStates.get(i); if (!usedPermissions.contains(permissionState.getName())) { BasePermission bp = mSettings.getPermissionLocked(permissionState.getName()); if (bp != null) { uidState.revokePermission(bp); uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0); if (permissionState.isRuntime()) { if (uidState.removePermissionState(bp.name) && permissionState.isRuntime()) { runtimePermissionChanged = true; } } Loading Loading @@ -4208,11 +4174,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { + p.getPackageName() + " and user " + userId); return; } if (uidState.getPermissionState(bp.getName()) != null) { uidState.revokePermission(bp); uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0); } uidState.removePermissionState(bp.name); } }); } Loading Loading @@ -4771,7 +4733,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { Slog.e(TAG, "Missing permissions state for app ID " + appId + " and user ID " + userId); return EMPTY_INT_ARRAY; } return uidState.computeGids(userId); return uidState.computeGids(mGlobalGids, userId); } private class PermissionManagerServiceInternalImpl extends PermissionManagerServiceInternal { Loading Loading @@ -4834,7 +4796,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { @UserIdInt int userId) { return PermissionManagerService.this.getGrantedPermissions(packageName, userId); } @Nullable @NonNull @Override public int[] getPermissionGids(@NonNull String permissionName, @UserIdInt int userId) { return PermissionManagerService.this.getPermissionGids(permissionName, userId); Loading
services/core/java/com/android/server/pm/permission/PermissionState.java +1 −2 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.server.pm.permission; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import com.android.internal.annotations.GuardedBy; Loading Loading @@ -62,7 +61,7 @@ public final class PermissionState { return mPermission.getName(); } @Nullable @NonNull public int[] computeGids(@UserIdInt int userId) { return mPermission.computeGids(userId); } Loading
services/core/java/com/android/server/pm/permission/UidPermissionState.java +98 −205 File changed.Preview size limit exceeded, changes collapsed. Show changes
