Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d84e31b5 authored by Hai Zhang's avatar Hai Zhang
Browse files

Use a separate fingerprint for DefaultPermissionGrantPolicy. 

History here is that initially DefaultPermissionGrantPolicy and
RuntimePermissionsUpgradeController were both using Build.FINGERPRINT
as the fingerprint to determine if they need to re-run, because they
both can only change upon OTAs. Then when we made PermissionController
updatable via Mainline, we added PermissionController version code to
that fingerprint and started calling it extended fingerprint. That
made sure RuntimePermissionsUpgradeController can run upon
PermissionController upgrade, but also unnecessarily re-runs
DefaultPermissionGrantPolicy as the platform class itself and
preloaded apps can't change without an OTA.

In the new subsystem, we are moving the functionality of
RuntimePermissionsUpgradeController back into system server because it
has been a performance bottleneck, and we also no longer need the
existing fingerprint for it because we can now directly let the
upgrade logic check if the permission state is latest (this other
numeric version is also changed from per-user to be per-user-package),
compared to previously we needed this fingerprint to determine if we
need to call into PermissionController and let
RuntimePermissionsUpgradeController look at the latest numeric version
in its APK code.

But we still need the fingerprint for DefaultPermissionGrantPolicy
which is part of the platform, and it is currently missing in the new
subsystem, so this CL adds it to the new subsystem. Since
DefaultPermissionGrantPolicy only applies to what's on the system
image, we are also changing the fingerprint for it back to
Build.FINGERPRINT (instead of the extended fingerprint) when running
the new subsystem. Whereas for the old system, the fingerprint is
simply emulated to be either null or Build.FINGERPRINT depending on
whether the old subsystem wants to run DefaultPermissionGrantPolicy.

Bug: 284205103
Test: presubmit
Change-Id: Ib3358be57d7dd401fd2014ade3e58f9fc6c2b6a7
parent 9cda05b2

services/core/java/com/android/server/pm/PackageManagerService.java

+10 −2
Original line number Diff line number Diff line
@@ -4110,7 +4110,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        final int livingUserCount = livingUsers.size();

        for (int i = 0; i < livingUserCount; i++) {

            final int userId = livingUsers.get(i).id;

            if (mSettings.isPermissionUpgradeNeeded(userId)) {

            final boolean isPermissionUpgradeNeeded = !Objects.equals(

                    mPermissionManager.getDefaultPermissionGrantFingerprint(userId),

                    Build.FINGERPRINT);

            if (isPermissionUpgradeNeeded) {

                grantPermissionsUserIds = ArrayUtils.appendInt(

                        grantPermissionsUserIds, userId);

            }
@@ -4118,6 +4121,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        // If we upgraded grant all default permissions before kicking off.

        for (int userId : grantPermissionsUserIds) {

            mLegacyPermissionManager.grantDefaultPermissions(userId);

            mPermissionManager.setDefaultPermissionGrantFingerprint(Build.FINGERPRINT, userId);

        }

        if (grantPermissionsUserIds == EMPTY_INT_ARRAY) {

            // If we did not grant default permissions, we preload from this the
@@ -4286,6 +4290,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
        if (!convertedFromPreCreated || !readPermissionStateForUser(userId)) {

            mPermissionManager.onUserCreated(userId);

            mLegacyPermissionManager.grantDefaultPermissions(userId);

            mPermissionManager.setDefaultPermissionGrantFingerprint(Build.FINGERPRINT, userId);

            mDomainVerificationManager.clearUser(userId);

        }

    }
@@ -4295,7 +4300,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
            mPermissionManager.writeLegacyPermissionStateTEMP();

            mSettings.readPermissionStateForUserSyncLPr(userId);

            mPermissionManager.readLegacyPermissionStateTEMP();

            return mSettings.isPermissionUpgradeNeeded(userId);

            final boolean isPermissionUpgradeNeeded = !Objects.equals(

                    mPermissionManager.getDefaultPermissionGrantFingerprint(userId),

                    Build.FINGERPRINT);

            return isPermissionUpgradeNeeded;

        }

    }

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+12 −0
Original line number Diff line number Diff line
@@ -687,6 +687,18 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
            mPermissionManagerServiceImpl.writeLegacyPermissionsTEMP(legacyPermissionSettings);

        }



        @Nullable

        @Override

        public String getDefaultPermissionGrantFingerprint(@UserIdInt int userId) {

            return mPermissionManagerServiceImpl.getDefaultPermissionGrantFingerprint(userId);

        }



        @Override

        public void setDefaultPermissionGrantFingerprint(@NonNull String fingerprint,

                @UserIdInt int userId) {

            mPermissionManagerServiceImpl.setDefaultPermissionGrantFingerprint(fingerprint, userId);

        }



        @Override

        public void onPackageAdded(@NonNull PackageState packageState, boolean isInstantApp,

                @Nullable AndroidPackage oldPkg) {

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+13 −0
Original line number Diff line number Diff line
@@ -4599,6 +4599,19 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 
        }

    }



    @Nullable

    @Override

    public String getDefaultPermissionGrantFingerprint(@UserIdInt int userId) {

        return mPackageManagerInt.isPermissionUpgradeNeeded(userId) ? null : Build.FINGERPRINT;

    }



    @Override

    public void setDefaultPermissionGrantFingerprint(@NonNull String fingerprint,

            @UserIdInt int userId) {

        // Ignored - default permission grant here shares the same version with runtime permission

        // upgrade, and the new version is set by that later.

    }



    private void onPackageAddedInternal(@NonNull PackageState packageState,

            @NonNull AndroidPackage pkg, boolean isInstantApp, @Nullable AndroidPackage oldPkg) {

        if (!pkg.getAdoptPermissions().isEmpty()) {

services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java

+12 −1
Original line number Diff line number Diff line
@@ -522,6 +522,17 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte 
     */

    void writeLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings);



    /**

     * Get the fingerprint for default permission grants.

     */

    @Nullable

    String getDefaultPermissionGrantFingerprint(@UserIdInt int userId);



    /**

     * Set the fingerprint for default permission grants.

     */

    void setDefaultPermissionGrantFingerprint(@NonNull String fingerprint, @UserIdInt int userId);



    /**

     * Callback when the system is ready.

     */
@@ -603,6 +614,6 @@ public interface PermissionManagerServiceInterface extends PermissionManagerInte 
     * @param userId the user ID the package is uninstalled for

     */

    void onPackageUninstalled(@NonNull String packageName, int appId,

            @NonNull PackageState packageState, @NonNull AndroidPackage pkg,

            @NonNull PackageState packageState, @Nullable AndroidPackage pkg,

            @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId);

}

services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java

+11 −0
Original line number Diff line number Diff line
@@ -214,6 +214,17 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter 
     */

    void writeLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings);



    /**

     * Get the fingerprint for default permission grants.

     */

    @Nullable

    String getDefaultPermissionGrantFingerprint(@UserIdInt int userId);



    /**

     * Set the fingerprint for default permission grants.

     */

    void setDefaultPermissionGrantFingerprint(@NonNull String fingerprint, @UserIdInt int userId);



    /**

     * Callback when the system is ready.

     */