Merge "Preserve flags for non-runtime permissions upon package update." into... (f4749dfc) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+50 −38

Original line number	Diff line number	Diff line
		@@ -2810,6 +2810,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		+ pkg.getPackageName());
		}

		if (bp.isNormal() \|\| bp.isSignature() \|\| bp.isInternal()) {
		if ((bp.isNormal() && shouldGrantNormalPermission)
		\|\| (bp.isSignature()
		&& (!bp.isPrivileged() \|\| CollectionUtils.contains(
		@@ -2818,8 +2819,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		permName)
		\|\| (((bp.isPrivileged() && CollectionUtils.contains(
		shouldGrantPrivilegedPermissionIfWasGranted,
		permName)) \|\| bp.isDevelopment() \|\| bp.isRole())
		&& origState.isPermissionGranted(permName))))
		permName)) \|\| bp.isDevelopment()
		\|\| bp.isRole())
		&& origState.isPermissionGranted(
		permName))))
		\|\| (bp.isInternal()
		&& (!bp.isPrivileged() \|\| CollectionUtils.contains(
		isPrivilegedPermissionAllowlisted, permName))
		@@ -2827,12 +2830,35 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		permName)
		\|\| (((bp.isPrivileged() && CollectionUtils.contains(
		shouldGrantPrivilegedPermissionIfWasGranted,
		permName)) \|\| bp.isDevelopment() \|\| bp.isRole())
		&& origState.isPermissionGranted(permName))))) {
		permName)) \|\| bp.isDevelopment()
		\|\| bp.isRole())
		&& origState.isPermissionGranted(
		permName))))) {
		// Grant an install permission.
		if (uidState.grantPermission(bp)) {
		installPermissionsChangedForUser = true;
		}
		} else {
		if (DEBUG_PERMISSIONS) {
		boolean wasGranted = uidState.isPermissionGranted(bp.getName());
		if (wasGranted \|\| bp.isAppOp()) {
		Slog.i(TAG, (wasGranted ? "Un-granting" : "Not granting")
		+ " permission " + perm
		+ " from package " + friendlyName
		+ " (protectionLevel=" + bp.getProtectionLevel()
		+ " flags=0x"
		+ Integer.toHexString(PackageInfoUtils.appInfoFlags(pkg,
		ps))
		+ ")");
		}
		}
		if (uidState.revokePermission(bp)) {
		installPermissionsChangedForUser = true;
		}
		}
		PermissionState origPermState = origState.getPermissionState(perm);
		int flags = origPermState != null ? origPermState.getFlags() : 0;
		uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, flags);
		} else if (bp.isRuntime()) {
		boolean hardRestricted = bp.isHardRestricted();
		boolean softRestricted = bp.isSoftRestricted();
		@@ -2956,22 +2982,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL,
		flags);
		} else {
		if (DEBUG_PERMISSIONS) {
		boolean wasGranted = uidState.isPermissionGranted(bp.getName());
		if (wasGranted \|\| bp.isAppOp()) {
		Slog.i(TAG, (wasGranted ? "Un-granting" : "Not granting")
		+ " permission " + perm
		+ " from package " + friendlyName
		+ " (protectionLevel=" + bp.getProtectionLevel()
		+ " flags=0x"
		+ Integer.toHexString(PackageInfoUtils.appInfoFlags(pkg,
		ps))
		+ ")");
		}
		}
		if (uidState.removePermissionState(bp.getName())) {
		installPermissionsChangedForUser = true;
		}
		Slog.wtf(LOG_TAG, "Unknown permission protection " + bp.getProtection()
		+ " for permission " + bp.getName());
		}
		}