Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e38dffeb authored by Hai Zhang's avatar Hai Zhang
Browse files

Revert "Fix allowlisting restricted permissions for secondary users on app" 

This reverts commit 49e179cb.

Reason for revert: b/193206356

Bug: 193206356
Change-Id: I8020f0292c1a867ad53278f73296ac2aaef974bd
parent ffa27a23

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+14 −23
Original line number Diff line number Diff line
@@ -2564,17 +2564,16 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
     *     <li>During app update the state gets restored from the last version of the app</li>

     * </ul>

     *

     * <p>This restores the permission state for all users.

     *

     * @param pkg the package the permissions belong to

     * @param replace if the package is getting replaced (this might change the requested

     *                permissions of this package)

     * @param packageOfInterest If this is the name of {@code pkg} add extra logging

     * @param callback Result call back

     * @param filterUserId If not {@link UserHandle.USER_ALL}, only restore the permission state for

     *                     this particular user

     */

    private void restorePermissionState(@NonNull AndroidPackage pkg, boolean replace,

            @Nullable String packageOfInterest, @Nullable PermissionCallback callback,

            @UserIdInt int filterUserId) {

            @Nullable String packageOfInterest, @Nullable PermissionCallback callback) {

        // IMPORTANT: There are two types of permissions: install and runtime.

        // Install time permissions are granted when the app is installed to

        // all device users and users added in the future. Runtime permissions
@@ -2592,8 +2591,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
            return;

        }



        final int[] userIds = filterUserId == UserHandle.USER_ALL ? getAllUserIds()

                : new int[] { filterUserId };

        final int[] userIds = getAllUserIds();



        boolean runtimePermissionsRevoked = false;

        int[] updatedUserIds = EMPTY_INT_ARRAY;
@@ -3885,8 +3883,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 


        if (updatePermissions) {

            // Update permission of this app to take into account the new allowlist state.

            restorePermissionState(pkg, false, pkg.getPackageName(), mDefaultPermissionCallback,

                    userId);

            restorePermissionState(pkg, false, pkg.getPackageName(), mDefaultPermissionCallback);



            // If this resulted in losing a permission we need to kill the app.

            if (oldGrantedRestrictedPermissions == null) {
@@ -4040,17 +4037,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
     *

     * @param packageName The package that is updated

     * @param pkg The package that is updated, or {@code null} if package is deleted

     * @param filterUserId If not {@link UserHandle.USER_ALL}, only restore the permission state for

     *                     this particular user

     */

    private void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg,

                                   @UserIdInt int filterUserId) {

    private void updatePermissions(@NonNull String packageName, @Nullable AndroidPackage pkg) {

        // If the package is being deleted, update the permissions of all the apps

        final int flags =

                (pkg == null ? UPDATE_PERMISSIONS_ALL | UPDATE_PERMISSIONS_REPLACE_PKG

                        : UPDATE_PERMISSIONS_REPLACE_PKG);

        updatePermissions(packageName, pkg, getVolumeUuidForPackage(pkg), flags,

                mDefaultPermissionCallback, filterUserId);

        updatePermissions(

                packageName, pkg, getVolumeUuidForPackage(pkg), flags, mDefaultPermissionCallback);

    }



    /**
@@ -4072,8 +4066,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                    (fingerprintChanged

                            ? UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL

                            : 0);

            updatePermissions(null, null, volumeUuid, flags, mDefaultPermissionCallback,

                    UserHandle.USER_ALL);

            updatePermissions(null, null, volumeUuid, flags, mDefaultPermissionCallback);

        } finally {

            PackageManager.uncorkPackageInfoCache();

        }
@@ -4122,14 +4115,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
     *                          all volumes

     * @param flags Control permission for which apps should be updated

     * @param callback Callback to call after permission changes

     * @param filterUserId If not {@link UserHandle.USER_ALL}, only restore the permission state for

     *                     this particular user

     */

    private void updatePermissions(final @Nullable String changingPkgName,

            final @Nullable AndroidPackage changingPkg,

            final @Nullable String replaceVolumeUuid,

            @UpdatePermissionFlags int flags,

            final @Nullable PermissionCallback callback, @UserIdInt int filterUserId) {

            final @Nullable PermissionCallback callback) {

        // TODO: Most of the methods exposing BasePermission internals [source package name,

        // etc..] shouldn't be needed. Instead, when we've parsed a permission that doesn't

        // have package settings, we should make note of it elsewhere [map between
@@ -4165,7 +4156,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                // Only replace for packages on requested volume

                final String volumeUuid = getVolumeUuidForPackage(pkg);

                final boolean replace = replaceAll && Objects.equals(replaceVolumeUuid, volumeUuid);

                restorePermissionState(pkg, replace, changingPkgName, callback, filterUserId);

                restorePermissionState(pkg, replace, changingPkgName, callback);

            });

        }
@@ -4174,7 +4165,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
            final String volumeUuid = getVolumeUuidForPackage(changingPkg);

            final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_PKG) != 0)

                    && Objects.equals(replaceVolumeUuid, volumeUuid);

            restorePermissionState(changingPkg, replace, changingPkgName, callback, filterUserId);

            restorePermissionState(changingPkg, replace, changingPkgName, callback);

        }

        Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);

    }
@@ -4842,7 +4833,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
    private void onPackageInstalledInternal(@NonNull AndroidPackage pkg,

            @NonNull PermissionManagerServiceInternal.PackageInstalledParams params,

            @UserIdInt int userId) {

        updatePermissions(pkg.getPackageName(), pkg, userId);

        updatePermissions(pkg.getPackageName(), pkg);

        addAllowlistedRestrictedPermissionsInternal(pkg,

                params.getAllowlistedRestrictedPermissions(),

                FLAG_PERMISSION_WHITELIST_INSTALLER, userId);
@@ -4889,7 +4880,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
            resetRuntimePermissionsInternal(pkg, userId);

            return;

        }

        updatePermissions(packageName, null, userId);

        updatePermissions(packageName, null);

        if (sharedUserPkgs.isEmpty()) {

            removeUidStateAndResetPackageInstallPermissionsFixed(appId, packageName, userId);

        } else {