Clear permissions for virtual devices (bfd2e7a5) · Commits · e / os / android_frameworks_base

services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt

+32 −0

Original line number	Diff line number	Diff line
		@@ -61,6 +61,38 @@ class DevicePermissionPolicy : SchemePolicy() {
		}
		}

		fun MutateStateScope.removeInactiveDevicesPermission(activePersistentDeviceIds: Set<String>) {
		newState.userStates.forEachIndexed { _, userId, userState ->
		userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ ->
		val appIdDevicePermissionFlags =
		newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags()
		val devicePermissionFlags =
		appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed

		val removePersistentDeviceIds = mutableSetOf<String>()
		devicePermissionFlags.forEachIndexed { _, deviceId, _ ->
		if (!activePersistentDeviceIds.contains(deviceId)) {
		removePersistentDeviceIds.add(deviceId)
		}
		}

		removePersistentDeviceIds.forEach { deviceId -> devicePermissionFlags -= deviceId }
		}
		}
		}

		fun MutateStateScope.onDeviceIdRemoved(deviceId: String) {
		newState.userStates.forEachIndexed { _, userId, userState ->
		userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ ->
		val appIdDevicePermissionFlags =
		newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags()
		val devicePermissionFlags =
		appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed
		devicePermissionFlags -= deviceId
		}
		}
		}

		override fun MutateStateScope.onStorageVolumeMounted(
		volumeUuid: String?,
		packageNames: List<String>,

services/permission/java/com/android/server/permission/access/permission/PermissionService.kt

+15 −4

Original line number	Diff line number	Diff line
		@@ -2314,6 +2314,18 @@ class PermissionService(private val service: AccessCheckingService) :
		service.onSystemReady()
		virtualDeviceManagerInternal =
		LocalServices.getService(VirtualDeviceManagerInternal::class.java)

		virtualDeviceManagerInternal?.allPersistentDeviceIds?.let { persistentDeviceIds ->
		service.mutateState {
		with(devicePolicy) { removeInactiveDevicesPermission(persistentDeviceIds) }
		}
		}

		// trim permission states for the external devices, when they are removed.
		virtualDeviceManagerInternal?.registerPersistentDeviceIdRemovedListener { persistentDeviceId
		->
		service.mutateState { with(devicePolicy) { onDeviceIdRemoved(persistentDeviceId) } }
		}
		permissionControllerManager =
		PermissionControllerManager(context, PermissionThread.getHandler())
		}
		@@ -2681,8 +2693,8 @@ class PermissionService(private val service: AccessCheckingService) :
		permissionName in NOTIFICATIONS_PERMISSIONS &&
		runtimePermissionRevokedUids.get(uid, true)
		}
		runtimePermissionChangedUidDevices
		.getOrPut(uid) { mutableSetOf() } += persistentDeviceId
		runtimePermissionChangedUidDevices.getOrPut(uid) { mutableSetOf() } +=
		persistentDeviceId
		}

		if (permission.hasGids && !wasPermissionGranted && isPermissionGranted) {
		@@ -2799,8 +2811,7 @@ class PermissionService(private val service: AccessCheckingService) :

		fun onPermissionsChanged(uid: Int, persistentDeviceId: String) {
		if (listeners.registeredCallbackCount > 0) {
		obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0, persistentDeviceId)
		.sendToTarget()
		obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0, persistentDeviceId).sendToTarget()
		}
		}