mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
0c4db149e1
This revokes the permissions to all user installed apps on update. Likely an expected quirk of being on 20.0 without the permission. 19.1 upgrades and new 20.0 installs should be fine. TODO: update 19.1 with the SpecialRuntimePermAppUtils too Signed-off-by: Tad <tad@spotco.us>
232 lines
13 KiB
Diff
232 lines
13 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
|
Date: Fri, 7 Oct 2022 20:15:14 +0300
|
|
Subject: [PATCH] srt permissions: fix auto granting after package install
|
|
|
|
Previous approach to auto-granting is not compatible with ability to disable auto-grants:
|
|
special runtime permissions were auto-granted for all users, including those that didn't have
|
|
the package installed.
|
|
---
|
|
.../server/pm/InstallPackageHelper.java | 10 +++--
|
|
.../PermissionManagerServiceImpl.java | 43 +++++++++++++------
|
|
.../PermissionManagerServiceInternal.java | 20 ++++++++-
|
|
3 files changed, 55 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
|
|
index 7da5f51bcbc2..f7fa93bce4cb 100644
|
|
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
|
|
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
|
|
@@ -599,6 +599,7 @@ final class InstallPackageHelper {
|
|
permissionParamsBuilder.setAllowlistedRestrictedPermissions(
|
|
pkgSetting.getPkg().getRequestedPermissions());
|
|
}
|
|
+ permissionParamsBuilder.setNewlyInstalledInUserId(userId);
|
|
mPm.mPermissionManager.onPackageInstalled(pkgSetting.getPkg(),
|
|
Process.INVALID_UID /* previousAppId */,
|
|
permissionParamsBuilder.build(), userId);
|
|
@@ -2118,6 +2119,10 @@ final class InstallPackageHelper {
|
|
}
|
|
}
|
|
|
|
+ final PermissionManagerServiceInternal.PackageInstalledParams.Builder
|
|
+ permissionParamsBuilder =
|
|
+ new PermissionManagerServiceInternal.PackageInstalledParams.Builder();
|
|
+
|
|
// Set install reason for users that are having the package newly installed.
|
|
final int[] allUsersList = mPm.mUserManager.getUserIds();
|
|
if (userId == UserHandle.USER_ALL) {
|
|
@@ -2125,10 +2130,12 @@ final class InstallPackageHelper {
|
|
if (!previousUserIds.contains(currentUserId)
|
|
&& ps.getInstalled(currentUserId)) {
|
|
ps.setInstallReason(installReason, currentUserId);
|
|
+ permissionParamsBuilder.setNewlyInstalledInUserId(currentUserId);
|
|
}
|
|
}
|
|
} else if (!previousUserIds.contains(userId)) {
|
|
ps.setInstallReason(installReason, userId);
|
|
+ permissionParamsBuilder.setNewlyInstalledInUserId(userId);
|
|
}
|
|
|
|
// TODO(b/169721400): generalize Incremental States and create a Callback object
|
|
@@ -2149,9 +2156,6 @@ final class InstallPackageHelper {
|
|
|
|
mPm.mSettings.writeKernelMappingLPr(ps);
|
|
|
|
- final PermissionManagerServiceInternal.PackageInstalledParams.Builder
|
|
- permissionParamsBuilder =
|
|
- new PermissionManagerServiceInternal.PackageInstalledParams.Builder();
|
|
final boolean grantPermissions = (installArgs.mInstallFlags
|
|
& PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0;
|
|
if (grantPermissions) {
|
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
|
index 2204ad6721c8..0fcd067142f5 100644
|
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
|
|
@@ -136,6 +136,7 @@ import com.android.server.pm.parsing.pkg.AndroidPackage;
|
|
import com.android.server.pm.parsing.pkg.AndroidPackageUtils;
|
|
import com.android.server.pm.pkg.AndroidPackageApi;
|
|
import com.android.server.pm.pkg.PackageStateInternal;
|
|
+import com.android.server.pm.pkg.PackageUserStateUtils;
|
|
import com.android.server.pm.pkg.component.ComponentMutateUtils;
|
|
import com.android.server.pm.pkg.component.ParsedPermission;
|
|
import com.android.server.pm.pkg.component.ParsedPermissionGroup;
|
|
@@ -2611,9 +2612,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
|
|
|
synchronized (mLock) {
|
|
for (final int userId : userIds) {
|
|
+ final boolean isNotInstalledUserApp = !ps.isSystem()
|
|
+ && !PackageUserStateUtils.isAvailable(ps.getUserStateOrDefault(userId), 0);
|
|
+
|
|
final UserPermissionState userState = mState.getOrCreateUserState(userId);
|
|
- // "replace" parameter is set to true even when the app is first installed
|
|
- final boolean uidStateWasPresent = userState.getUidState(ps.getAppId()) != null;
|
|
final UidPermissionState uidState = userState.getOrCreateUidState(ps.getAppId());
|
|
|
|
if (uidState.isMissing()) {
|
|
@@ -2891,13 +2893,23 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
|
}
|
|
}
|
|
|
|
- if (isSpecialRuntimePermission(permName) &&
|
|
- origPermState == null &&
|
|
- // don't grant special runtime permission after update,
|
|
- // unless app comes from the system image
|
|
- (!uidStateWasPresent || ps.isSystem())) {
|
|
- if (uidState.grantPermission(bp)) {
|
|
- wasChanged = true;
|
|
+ if (isSpecialRuntimePermission(permName)) {
|
|
+ if (origPermState == null && ps.isSystem()) {
|
|
+ // always grant special runtime permissions to system packages
|
|
+ if (uidState.grantPermission(bp)) {
|
|
+ wasChanged = true;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (isNotInstalledUserApp) {
|
|
+ // Previously, special runtime permissions were granted in users
|
|
+ // that didn't have the package installed, which breaks the code
|
|
+ // that allows to skip granting these permissions at install time.
|
|
+ // (if UidPermissionState is already present at install time, it's
|
|
+ // reused as is).
|
|
+ if (uidState.revokePermission(bp)) {
|
|
+ wasChanged = true;
|
|
+ }
|
|
}
|
|
}
|
|
} else {
|
|
@@ -3639,7 +3651,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
|
}
|
|
|
|
private void grantRequestedRuntimePermissionsInternal(@NonNull AndroidPackage pkg,
|
|
- @Nullable List<String> permissions, int userId) {
|
|
+ @Nullable List<String> permissions, int userId, boolean newlyInstalled) {
|
|
final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
|
|
| PackageManager.FLAG_PERMISSION_POLICY_FIXED;
|
|
|
|
@@ -3654,6 +3666,9 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
|
final int myUid = Process.myUid();
|
|
|
|
for (String permission : pkg.getRequestedPermissions()) {
|
|
+ final boolean isPregrantedSpecialRuntimePermission = newlyInstalled &&
|
|
+ SpecialRuntimePermUtils.shouldAutoGrant(pkg.getPackageName(), userId, permission);
|
|
+
|
|
final boolean shouldGrantPermission;
|
|
synchronized (mLock) {
|
|
final Permission bp = mRegistry.getPermission(permission);
|
|
@@ -3662,10 +3677,11 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
|
&& (supportsRuntimePermissions || !bp.isRuntimeOnly())
|
|
&& (permissions == null || permissions.contains(permission));
|
|
}
|
|
- if (shouldGrantPermission) {
|
|
+
|
|
+ if (shouldGrantPermission || isPregrantedSpecialRuntimePermission) {
|
|
final int flags = getPermissionFlagsInternal(pkg.getPackageName(), permission,
|
|
myUid, userId);
|
|
- if (supportsRuntimePermissions || isSpecialRuntimePermission(permission)) {
|
|
+ if (supportsRuntimePermissions || isPregrantedSpecialRuntimePermission) {
|
|
// Installer cannot change immutable permissions.
|
|
if ((flags & immutableFlags) == 0) {
|
|
grantRuntimePermissionInternal(pkg.getPackageName(), permission, false,
|
|
@@ -5016,7 +5032,8 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
|
|
addAllowlistedRestrictedPermissionsInternal(pkg,
|
|
params.getAllowlistedRestrictedPermissions(),
|
|
FLAG_PERMISSION_WHITELIST_INSTALLER, userId);
|
|
- grantRequestedRuntimePermissionsInternal(pkg, params.getGrantedPermissions(), userId);
|
|
+ grantRequestedRuntimePermissionsInternal(pkg, params.getGrantedPermissions(), userId,
|
|
+ params.isNewlyInstalledInUserId(userId));
|
|
}
|
|
}
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
|
|
index 95badb31f324..d17c0697ff7a 100644
|
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
|
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
|
|
@@ -22,6 +22,7 @@ import android.annotation.UserIdInt;
|
|
import android.app.AppOpsManager;
|
|
import android.content.pm.PermissionInfo;
|
|
import android.permission.PermissionManagerInternal;
|
|
+import android.util.SparseBooleanArray;
|
|
|
|
import com.android.server.pm.parsing.pkg.AndroidPackage;
|
|
|
|
@@ -322,13 +323,17 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter
|
|
private final List<String> mAllowlistedRestrictedPermissions;
|
|
@NonNull
|
|
private final int mAutoRevokePermissionsMode;
|
|
+ @NonNull
|
|
+ private final SparseBooleanArray mNewlyInstalledInUserIds;
|
|
|
|
private PackageInstalledParams(@NonNull List<String> grantedPermissions,
|
|
@NonNull List<String> allowlistedRestrictedPermissions,
|
|
- int autoRevokePermissionsMode) {
|
|
+ int autoRevokePermissionsMode,
|
|
+ SparseBooleanArray newlyInstalledInUserIds) {
|
|
mGrantedPermissions = grantedPermissions;
|
|
mAllowlistedRestrictedPermissions = allowlistedRestrictedPermissions;
|
|
mAutoRevokePermissionsMode = autoRevokePermissionsMode;
|
|
+ mNewlyInstalledInUserIds = newlyInstalledInUserIds;
|
|
}
|
|
|
|
/**
|
|
@@ -360,6 +365,10 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter
|
|
return mAutoRevokePermissionsMode;
|
|
}
|
|
|
|
+ public boolean isNewlyInstalledInUserId(int userId) {
|
|
+ return mNewlyInstalledInUserIds.get(userId, false);
|
|
+ }
|
|
+
|
|
/**
|
|
* Builder class for {@link PackageInstalledParams}.
|
|
*/
|
|
@@ -370,6 +379,8 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter
|
|
private List<String> mAllowlistedRestrictedPermissions = Collections.emptyList();
|
|
@NonNull
|
|
private int mAutoRevokePermissionsMode = AppOpsManager.MODE_DEFAULT;
|
|
+ @NonNull
|
|
+ private final SparseBooleanArray mNewlyInstalledInUserIds = new SparseBooleanArray();
|
|
|
|
/**
|
|
* Set the permissions to be granted.
|
|
@@ -419,6 +430,10 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter
|
|
mAutoRevokePermissionsMode = autoRevokePermissionsMode;
|
|
}
|
|
|
|
+ public void setNewlyInstalledInUserId(int userId) {
|
|
+ mNewlyInstalledInUserIds.put(userId, true);
|
|
+ }
|
|
+
|
|
/**
|
|
* Build a new instance of {@link PackageInstalledParams}.
|
|
*
|
|
@@ -427,7 +442,8 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter
|
|
@NonNull
|
|
public PackageInstalledParams build() {
|
|
return new PackageInstalledParams(mGrantedPermissions,
|
|
- mAllowlistedRestrictedPermissions, mAutoRevokePermissionsMode);
|
|
+ mAllowlistedRestrictedPermissions, mAutoRevokePermissionsMode,
|
|
+ mNewlyInstalledInUserIds);
|
|
}
|
|
}
|
|
}
|