Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6ba142a authored by Nate Myren's avatar Nate Myren
Browse files

RESTRICT AUTOMERGE Revoke SYSTEM_ALERT_WINDOW on upgrade past api 23 

Bug: 221040577
Test: atest PermissionTest23#testPre23AppsWithSystemAlertWindowGetDeniedOnUpgrade
Change-Id: I4b4605aaae107875811070dea6d031c5d9f25c96
parent 459808b2

services/core/java/com/android/server/pm/PackageManagerService.java

+1 −3
Original line number Diff line number Diff line
@@ -12322,9 +12322,7 @@ public class PackageManagerService extends IPackageManager.Stub 














                AsyncTask.execute(() -> {















                    if (hasOldPkg) {













                        mPermissionManager.revokeRuntimePermissionsIfGroupChanged(pkg, oldPkg,













                                allPackageNames, mPermissionCallback);













                        mPermissionManager.revokeStoragePermissionsIfScopeExpanded(pkg, oldPkg,













                        mPermissionManager.onPackageUpdated(pkg, oldPkg, allPackageNames,















                                mPermissionCallback);















                    }















                    if (hasPermissionDefinitionChanges) {

























services/core/java/com/android/server/pm/permission/PermissionManagerService.java



+47
−11




























Original line number
Diff line number
Diff line








@@ -646,6 +646,45 @@ public class PermissionManagerService {





























    }





























    /**













     * If the package was below api 23, got the SYSTEM_ALERT_WINDOW permission automatically, and













     * then updated past api 23, and the app does not satisfy any of the other SAW permission flags,













     * the permission should be revoked.













     *













     * @param newPackage The new package that was installed













     * @param oldPackage The old package that was updated













     */













    private void revokeSystemAlertWindowIfUpgradedPast23(













            @NonNull PackageParser.Package newPackage,













            @NonNull PackageParser.Package oldPackage,













            @NonNull PermissionCallback permissionCallback) {













        if (oldPackage.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M













                || newPackage.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M













                || !newPackage.requestedPermissions













                .contains(Manifest.permission.SYSTEM_ALERT_WINDOW)) {













            return;













        }



























        BasePermission saw;













        synchronized (mLock) {













            saw = mSettings.getPermissionLocked(Manifest.permission.SYSTEM_ALERT_WINDOW);













        }













        final PackageSetting ps = (PackageSetting) newPackage.mExtras;













        if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, saw,













                ps.getPermissionsState())) {













            return;













        }













        for (int userId: mUserManagerInt.getUserIds()) {













            try {













                revokeRuntimePermission(Manifest.permission.SYSTEM_ALERT_WINDOW,













                        newPackage.packageName, false, userId, permissionCallback);













            } catch (IllegalStateException | SecurityException e) {













                Log.e(TAG, "unable to revoke SYSTEM_ALERT_WINDOW for "













                        + newPackage.packageName + " user " + userId, e);













            }













        }













    }





























    /**















     * We might auto-grant permissions if any permission of the group is already granted. Hence if















     * the group of a granted permission changes we need to revoke it to avoid having permissions of










@@ -3170,25 +3209,22 @@ public class PermissionManagerService {













        }































        /**













         * If the app is updated, and has scoped storage permissions, then it is possible that the













         * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.













         * If the app is updated, then some checks need to be performed to ensure the













         * package is not attempting to expoit permission changes across API boundaries.















         * @param newPackage The new package that was installed















         * @param oldPackage The old package that was updated













         * @param allPackageNames The current packages in the system













         * @param permissionCallback Callback for permission changed















         */













        public void revokeStoragePermissionsIfScopeExpanded(













        public void onPackageUpdated(















                @NonNull PackageParser.Package newPackage,















                @NonNull PackageParser.Package oldPackage,













                @NonNull ArrayList<String> allPackageNames,















                @NonNull PermissionCallback permissionCallback) {















            PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,















                    oldPackage, permissionCallback);













        }



























        @Override













        public void revokeRuntimePermissionsIfGroupChanged(













                @NonNull PackageParser.Package newPackage,













                @NonNull PackageParser.Package oldPackage,













                @NonNull ArrayList<String> allPackageNames,













                @NonNull PermissionCallback permissionCallback) {













            PermissionManagerService.this.revokeSystemAlertWindowIfUpgradedPast23(newPackage,













                    oldPackage, permissionCallback);















            PermissionManagerService.this.revokeRuntimePermissionsIfGroupChanged(newPackage,















                    oldPackage, allPackageNames, permissionCallback);















        }

































services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java



+9
−22




























Original line number
Diff line number
Diff line








@@ -98,16 +98,14 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager













            @NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback);































     /**













     * We might auto-grant permissions if any permission of the group is already granted. Hence if













     * the group of a granted permission changes we need to revoke it to avoid having permissions of













     * the new group auto-granted.













     *













      * If the app is updated, then some checks need to be performed to ensure the package is not 













      * attempting to expoit permission changes across API boundaries.















      * @param newPackage The new package that was installed















      * @param oldPackage The old package that was updated













     * @param allPackageNames All packages













      * @param allPackageNames The current packages in the system















      * @param permissionCallback Callback for permission changed















      */













    public abstract void revokeRuntimePermissionsIfGroupChanged(













    public abstract void onPackageUpdated(















            @NonNull PackageParser.Package newPackage,















            @NonNull PackageParser.Package oldPackage,















            @NonNull ArrayList<String> allPackageNames,









@@ -126,17 +124,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager













            @NonNull ArrayList<String> allPackageNames,















            @NonNull PermissionCallback permissionCallback);





























    /**













     * If the app is updated, and has scoped storage permissions, then it is possible that the













     * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.













     * @param newPackage The new package that was installed













     * @param oldPackage The old package that was updated













     */













    public abstract void revokeStoragePermissionsIfScopeExpanded(













            @NonNull PackageParser.Package newPackage,













            @NonNull PackageParser.Package oldPackage,













            @NonNull PermissionCallback permissionCallback);





























    /**















     * Add all permissions in the given package.















     * <p>