Create a better implementation for permission GIDs. (dc8c435c) · Commits · e / os / android_frameworks_base

core/java/android/permission/flags.aconfig

+11 −0

Original line number	Diff line number	Diff line
		@@ -64,3 +64,14 @@ flag {
		description: "enable Permission PREPARE_FACTORY_RESET."
		bug: "302016478"
		}

		flag {
		name: "new_permission_gid_enabled"
		is_fixed_read_only: true
		namespace: "permissions"
		description: "Enable new permission GID implementation"
		bug: "325137277"
		metadata {
		purpose: PURPOSE_BUGFIX
		}
		}

services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt

+54 −32

Original line number	Diff line number	Diff line
		@@ -22,6 +22,7 @@ import android.content.pm.PermissionGroupInfo
		import android.content.pm.PermissionInfo
		import android.content.pm.SigningDetails
		import android.os.Build
		import android.permission.flags.Flags
		import android.util.Slog
		import com.android.internal.os.RoSystemProperties
		import com.android.internal.pm.permission.CompatibilityPermissionInfo
		@@ -45,6 +46,7 @@ import com.android.server.pm.KnownPackages
		import com.android.server.pm.parsing.PackageInfoUtils
		import com.android.server.pm.pkg.AndroidPackage
		import com.android.server.pm.pkg.PackageState
		import libcore.util.EmptyArray

		class AppIdPermissionPolicy : SchemePolicy() {
		private val persistence = AppIdPermissionPersistence()
		@@ -72,6 +74,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		}

		override fun MutateStateScope.onInitialized() {
		if (!Flags.newPermissionGidEnabled()) {
		newState.externalState.configPermissions.forEach { (permissionName, permissionEntry) ->
		val oldPermission = newState.systemState.permissions[permissionName]
		val newPermission =
		@@ -108,6 +111,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		newState.mutateSystemState().mutatePermissions()[permissionName] = newPermission
		}
		}
		}

		override fun MutateStateScope.onUserAdded(userId: Int) {
		newState.externalState.packageStates.forEach { (_, packageState) ->
		@@ -454,7 +458,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
		)
		return@forEachIndexed
		}
		val newPermission =
		var newPermission =
		if (oldPermission != null && newPackageName != oldPermission.packageName) {
		val oldPackageName = oldPermission.packageName
		// Only allow system apps to redefine non-system permissions.
		@@ -577,6 +581,24 @@ class AppIdPermissionPolicy : SchemePolicy() {
		)
		}
		}
		if (Flags.newPermissionGidEnabled()) {
		var gids = EmptyArray.INT
		var areGidsPerUser = false
		if (!parsedPermission.isTree && packageState.isSystem) {
		newState.externalState.configPermissions[permissionName]?.let {
		gids = it.gids
		areGidsPerUser = it.perUser
		}
		}
		newPermission = Permission(
		newPermissionInfo,
		true,
		Permission.TYPE_MANIFEST,
		packageState.appId,
		gids,
		areGidsPerUser
		)
		}

		if (parsedPermission.isTree) {
		newState.mutateSystemState().mutatePermissionTrees()[permissionName] = newPermission