Loading core/java/android/permission/flags.aconfig +10 −0 Original line number Diff line number Diff line Loading @@ -157,3 +157,13 @@ flag { bug: "266164193" } flag { name: "ignore_apex_permissions" is_fixed_read_only: true namespace: "permissions" description: "Ignore APEX pacakges for permissions on V+" bug: "301320911" metadata { purpose: PURPOSE_BUGFIX } } services/permission/java/com/android/server/permission/access/AccessPolicy.kt +13 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.permission.access import android.permission.flags.Flags import android.util.Slog import com.android.modules.utils.BinaryXmlPullParser import com.android.modules.utils.BinaryXmlSerializer Loading Loading @@ -78,6 +79,9 @@ private constructor( setPackageStates(packageStates) setDisabledSystemPackageStates(disabledSystemPackageStates) packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } mutateAppIdPackageNames() .mutateOrPut(packageState.appId) { MutableIndexedListSet() } .add(packageState.packageName) Loading @@ -103,6 +107,9 @@ private constructor( newState.mutateUserStatesNoWrite()[userId] = MutableUserState() forEachSchemePolicy { with(it) { onUserAdded(userId) } } newState.externalState.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } upgradePackageVersion(packageState, userId) } } Loading @@ -126,6 +133,9 @@ private constructor( setPackageStates(packageStates) setDisabledSystemPackageStates(disabledSystemPackageStates) packageStates.forEach { (packageName, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } if (packageState.volumeUuid == volumeUuid) { // The APK for a package on a mounted storage volume may still be unavailable // due to APK being deleted, e.g. after an OTA. Loading @@ -151,6 +161,9 @@ private constructor( with(it) { onStorageVolumeMounted(volumeUuid, packageNames, isSystemUpdated) } } packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } if (packageState.volumeUuid == volumeUuid) { newState.userStates.forEachIndexed { _, userId, _ -> upgradePackageVersion(packageState, userId) Loading services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt +3 −0 Original line number Diff line number Diff line Loading @@ -81,6 +81,9 @@ class AppIdPermissionPolicy : SchemePolicy() { override fun MutateStateScope.onUserAdded(userId: Int) { newState.externalState.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } evaluateAllPermissionStatesForPackageAndUser(packageState, userId, null) } newState.externalState.appIdPackageNames.forEachIndexed { _, appId, _ -> Loading services/permission/java/com/android/server/permission/access/permission/PermissionService.kt +29 −2 Original line number Diff line number Diff line Loading @@ -1445,6 +1445,9 @@ class PermissionService(private val service: AccessCheckingService) : val packageStates = packageManagerLocal.withUnfilteredSnapshot().use { it.packageStates } service.mutateState { packageStates.forEach { (packageName, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } val androidPackage = packageState.androidPackage ?: return@forEach androidPackage.requestedPermissions.forEach { permissionName -> updatePermissionFlags( Loading Loading @@ -1877,6 +1880,9 @@ class PermissionService(private val service: AccessCheckingService) : packageManagerLocal.withUnfilteredSnapshot().use { snapshot -> service.mutateState { snapshot.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } with(policy) { resetRuntimePermissions(packageState.packageName, userId) } with(devicePolicy) { resetRuntimePermissions(packageState.packageName, userId) } } Loading Loading @@ -1918,8 +1924,11 @@ class PermissionService(private val service: AccessCheckingService) : } packageManagerLocal.withUnfilteredSnapshot().use { snapshot -> snapshot.packageStates.forEach packageStates@{ (_, packageState) -> val androidPackage = packageState.androidPackage ?: return@packageStates snapshot.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } val androidPackage = packageState.androidPackage ?: return@forEach if (permissionName in androidPackage.requestedPermissions) { packageNames += androidPackage.packageName } Loading @@ -1934,6 +1943,9 @@ class PermissionService(private val service: AccessCheckingService) : val permissions = service.getState { with(policy) { getPermissions() } } packageManagerLocal.withUnfilteredSnapshot().use { snapshot -> snapshot.packageStates.forEach packageStates@{ (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@packageStates } val androidPackage = packageState.androidPackage ?: return@packageStates androidPackage.requestedPermissions.forEach requestedPermissions@{ permissionName -> val permission = permissions[permissionName] ?: return@requestedPermissions Loading Loading @@ -2060,6 +2072,9 @@ class PermissionService(private val service: AccessCheckingService) : val appIdPackageNames = MutableIndexedMap<Int, MutableIndexedSet<String>>() packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } appIdPackageNames .getOrPut(packageState.appId) { MutableIndexedSet() } .add(packageState.packageName) Loading Loading @@ -2313,6 +2328,10 @@ class PermissionService(private val service: AccessCheckingService) : isInstantApp: Boolean, oldPackage: AndroidPackage? ) { if (Flags.ignoreApexPermissions() && packageState.isApex) { return } synchronized(storageVolumeLock) { // Accumulating the package names here because we want to maintain the same call order // of onPackageAdded() and reuse this order in onStorageVolumeAdded(). We need the Loading @@ -2339,6 +2358,10 @@ class PermissionService(private val service: AccessCheckingService) : params: PermissionManagerServiceInternal.PackageInstalledParams, userId: Int ) { if (Flags.ignoreApexPermissions() && androidPackage.isApex) { return } if (params === PermissionManagerServiceInternal.PackageInstalledParams.DEFAULT) { // TODO: We should actually stop calling onPackageInstalled() when we are passing // PackageInstalledParams.DEFAULT in InstallPackageHelper, because there's actually no Loading Loading @@ -2391,6 +2414,10 @@ class PermissionService(private val service: AccessCheckingService) : sharedUserPkgs: List<AndroidPackage>, userId: Int ) { if (Flags.ignoreApexPermissions() && packageState.isApex) { return } val userIds = if (userId == UserHandle.USER_ALL) { userManagerService.userIdsIncludingPreCreated Loading Loading
core/java/android/permission/flags.aconfig +10 −0 Original line number Diff line number Diff line Loading @@ -157,3 +157,13 @@ flag { bug: "266164193" } flag { name: "ignore_apex_permissions" is_fixed_read_only: true namespace: "permissions" description: "Ignore APEX pacakges for permissions on V+" bug: "301320911" metadata { purpose: PURPOSE_BUGFIX } }
services/permission/java/com/android/server/permission/access/AccessPolicy.kt +13 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.permission.access import android.permission.flags.Flags import android.util.Slog import com.android.modules.utils.BinaryXmlPullParser import com.android.modules.utils.BinaryXmlSerializer Loading Loading @@ -78,6 +79,9 @@ private constructor( setPackageStates(packageStates) setDisabledSystemPackageStates(disabledSystemPackageStates) packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } mutateAppIdPackageNames() .mutateOrPut(packageState.appId) { MutableIndexedListSet() } .add(packageState.packageName) Loading @@ -103,6 +107,9 @@ private constructor( newState.mutateUserStatesNoWrite()[userId] = MutableUserState() forEachSchemePolicy { with(it) { onUserAdded(userId) } } newState.externalState.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } upgradePackageVersion(packageState, userId) } } Loading @@ -126,6 +133,9 @@ private constructor( setPackageStates(packageStates) setDisabledSystemPackageStates(disabledSystemPackageStates) packageStates.forEach { (packageName, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } if (packageState.volumeUuid == volumeUuid) { // The APK for a package on a mounted storage volume may still be unavailable // due to APK being deleted, e.g. after an OTA. Loading @@ -151,6 +161,9 @@ private constructor( with(it) { onStorageVolumeMounted(volumeUuid, packageNames, isSystemUpdated) } } packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } if (packageState.volumeUuid == volumeUuid) { newState.userStates.forEachIndexed { _, userId, _ -> upgradePackageVersion(packageState, userId) Loading
services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt +3 −0 Original line number Diff line number Diff line Loading @@ -81,6 +81,9 @@ class AppIdPermissionPolicy : SchemePolicy() { override fun MutateStateScope.onUserAdded(userId: Int) { newState.externalState.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } evaluateAllPermissionStatesForPackageAndUser(packageState, userId, null) } newState.externalState.appIdPackageNames.forEachIndexed { _, appId, _ -> Loading
services/permission/java/com/android/server/permission/access/permission/PermissionService.kt +29 −2 Original line number Diff line number Diff line Loading @@ -1445,6 +1445,9 @@ class PermissionService(private val service: AccessCheckingService) : val packageStates = packageManagerLocal.withUnfilteredSnapshot().use { it.packageStates } service.mutateState { packageStates.forEach { (packageName, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } val androidPackage = packageState.androidPackage ?: return@forEach androidPackage.requestedPermissions.forEach { permissionName -> updatePermissionFlags( Loading Loading @@ -1877,6 +1880,9 @@ class PermissionService(private val service: AccessCheckingService) : packageManagerLocal.withUnfilteredSnapshot().use { snapshot -> service.mutateState { snapshot.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } with(policy) { resetRuntimePermissions(packageState.packageName, userId) } with(devicePolicy) { resetRuntimePermissions(packageState.packageName, userId) } } Loading Loading @@ -1918,8 +1924,11 @@ class PermissionService(private val service: AccessCheckingService) : } packageManagerLocal.withUnfilteredSnapshot().use { snapshot -> snapshot.packageStates.forEach packageStates@{ (_, packageState) -> val androidPackage = packageState.androidPackage ?: return@packageStates snapshot.packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } val androidPackage = packageState.androidPackage ?: return@forEach if (permissionName in androidPackage.requestedPermissions) { packageNames += androidPackage.packageName } Loading @@ -1934,6 +1943,9 @@ class PermissionService(private val service: AccessCheckingService) : val permissions = service.getState { with(policy) { getPermissions() } } packageManagerLocal.withUnfilteredSnapshot().use { snapshot -> snapshot.packageStates.forEach packageStates@{ (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@packageStates } val androidPackage = packageState.androidPackage ?: return@packageStates androidPackage.requestedPermissions.forEach requestedPermissions@{ permissionName -> val permission = permissions[permissionName] ?: return@requestedPermissions Loading Loading @@ -2060,6 +2072,9 @@ class PermissionService(private val service: AccessCheckingService) : val appIdPackageNames = MutableIndexedMap<Int, MutableIndexedSet<String>>() packageStates.forEach { (_, packageState) -> if (Flags.ignoreApexPermissions() && packageState.isApex) { return@forEach } appIdPackageNames .getOrPut(packageState.appId) { MutableIndexedSet() } .add(packageState.packageName) Loading Loading @@ -2313,6 +2328,10 @@ class PermissionService(private val service: AccessCheckingService) : isInstantApp: Boolean, oldPackage: AndroidPackage? ) { if (Flags.ignoreApexPermissions() && packageState.isApex) { return } synchronized(storageVolumeLock) { // Accumulating the package names here because we want to maintain the same call order // of onPackageAdded() and reuse this order in onStorageVolumeAdded(). We need the Loading @@ -2339,6 +2358,10 @@ class PermissionService(private val service: AccessCheckingService) : params: PermissionManagerServiceInternal.PackageInstalledParams, userId: Int ) { if (Flags.ignoreApexPermissions() && androidPackage.isApex) { return } if (params === PermissionManagerServiceInternal.PackageInstalledParams.DEFAULT) { // TODO: We should actually stop calling onPackageInstalled() when we are passing // PackageInstalledParams.DEFAULT in InstallPackageHelper, because there's actually no Loading Loading @@ -2391,6 +2414,10 @@ class PermissionService(private val service: AccessCheckingService) : sharedUserPkgs: List<AndroidPackage>, userId: Int ) { if (Flags.ignoreApexPermissions() && packageState.isApex) { return } val userIds = if (userId == UserHandle.USER_ALL) { userManagerService.userIdsIncludingPreCreated Loading
