summaryrefslogtreecommitdiffstats
path: root/services/core/java/com
diff options
context:
space:
mode:
authorSvetoslav <svetoslavganov@google.com>2015-03-26 20:53:34 -0700
committerSvetoslav <svetoslavganov@google.com>2015-03-26 21:01:57 -0700
commitcf959f6e722ddd20033b7c98b3e04c7143f6438e (patch)
tree56940be658f10ef07d10c3a7e5c640719b506153 /services/core/java/com
parentb4a16b16e75eaf32a8acb7ed2a6d94fbc0c18f98 (diff)
downloadframeworks_base-cf959f6e722ddd20033b7c98b3e04c7143f6438e.zip
frameworks_base-cf959f6e722ddd20033b7c98b3e04c7143f6438e.tar.gz
frameworks_base-cf959f6e722ddd20033b7c98b3e04c7143f6438e.tar.bz2
Handle dynamic enable/disable of runtime permissions support.
This change adds support for the case where we change the state of runtime permissions support via the system property. This was not working properly before because we did not handle system app permissions properly.: Change-Id: I66c5e6c823b8521999972b0432b1daaba38c9709
Diffstat (limited to 'services/core/java/com')
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java56
-rw-r--r--services/core/java/com/android/server/pm/PackageSettingBase.java6
-rw-r--r--services/core/java/com/android/server/pm/Settings.java25
3 files changed, 57 insertions, 30 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index bffa0e9..3356e68 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -248,7 +248,7 @@ public class PackageManagerService extends IPackageManager.Stub {
private static final boolean DEBUG_DEXOPT = false;
private static final boolean DEBUG_ABI_SELECTION = false;
- private static final boolean RUNTIME_PERMISSIONS_ENABLED =
+ static final boolean RUNTIME_PERMISSIONS_ENABLED =
SystemProperties.getInt("ro.runtime.permissions.enabled", 0) == 1;
private static final int RADIO_UID = Process.PHONE_UID;
@@ -1810,7 +1810,26 @@ public class PackageManagerService extends IPackageManager.Stub {
+ mSettings.mInternalSdkPlatform + " to " + mSdkVersion
+ "; regranting permissions for internal storage");
mSettings.mInternalSdkPlatform = mSdkVersion;
-
+
+
+ // We keep track for which users we granted permissions to be able
+ // to grant runtime permissions to system apps for newly appeared
+ // users. If we supported runtime permissions during the previous
+ // boot, then we already granted permissions for all device users.
+ // In such a case we set the users for which we granted permissions
+ // to avoid clobbering of runtime permissions we granted to system
+ // apps but the user revoked later.
+ if (PackageManagerService.RUNTIME_PERMISSIONS_ENABLED &&
+ mSettings.mRuntimePermissionEnabled) {
+ final int[] userIds = UserManagerService.getInstance().getUserIds();
+ for (PackageSetting ps : mSettings.mPackages.values()) {
+ ps.setPermissionsUpdatedForUserIds(userIds);
+ }
+ for (SharedUserSetting sus : mSettings.mSharedUsers.values()) {
+ sus.setPermissionsUpdatedForUserIds(userIds);
+ }
+ }
+
updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL
| (regrantPermissions
? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL)
@@ -1842,7 +1861,6 @@ public class PackageManagerService extends IPackageManager.Stub {
EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY,
SystemClock.uptimeMillis());
-
mRequiredVerifierPackage = getRequiredVerifierLPr();
} // synchronized (mPackages)
} // synchronized (mInstallLock)
@@ -6970,11 +6988,12 @@ public class PackageManagerService extends IPackageManager.Stub {
final int[] currentUserIds = UserManagerService.getInstance().getUserIds();
int[] upgradeUserIds = PermissionsState.USERS_NONE;
+ int[] changedRuntimePermissionUserIds = PermissionsState.USERS_NONE;
- boolean changedPermission = false;
+ boolean changedInstallPermission = false;
if (replace) {
- ps.permissionsFixed = false;
+ ps.installPermissionsFixed = false;
origPermissions = new PermissionsState(permissionsState);
permissionsState.reset();
}
@@ -7069,7 +7088,7 @@ public class PackageManagerService extends IPackageManager.Stub {
}
if (grant != GRANT_DENIED) {
- if (!isSystemApp(ps) && ps.permissionsFixed) {
+ if (!isSystemApp(ps) && ps.installPermissionsFixed) {
// If this is an existing, non-system package, then
// we can't add any new permissions to it.
if (!allowedSig && !origPermissions.hasInstallPermission(perm)) {
@@ -7087,7 +7106,7 @@ public class PackageManagerService extends IPackageManager.Stub {
// Grant an install permission.
if (permissionsState.grantInstallPermission(bp) !=
PermissionsState.PERMISSION_OPERATION_FAILURE) {
- changedPermission = true;
+ changedInstallPermission = true;
}
} break;
@@ -7095,9 +7114,11 @@ public class PackageManagerService extends IPackageManager.Stub {
// Grant previously granted runtime permissions.
for (int userId : UserManagerService.getInstance().getUserIds()) {
if (origPermissions.hasRuntimePermission(bp.name, userId)) {
- if (permissionsState.grantRuntimePermission(bp, userId) !=
+ if (permissionsState.grantRuntimePermission(bp, userId) ==
PermissionsState.PERMISSION_OPERATION_FAILURE) {
- changedPermission = true;
+ // If we cannot put the permission as it was, we have to write.
+ changedRuntimePermissionUserIds = ArrayUtils.appendInt(
+ changedRuntimePermissionUserIds, userId);
}
}
}
@@ -7109,7 +7130,9 @@ public class PackageManagerService extends IPackageManager.Stub {
for (int userId : upgradeUserIds) {
if (permissionsState.grantRuntimePermission(bp, userId) !=
PermissionsState.PERMISSION_OPERATION_FAILURE) {
- changedPermission = true;
+ // If we granted the permission, we have to write.
+ changedRuntimePermissionUserIds = ArrayUtils.appendInt(
+ changedRuntimePermissionUserIds, userId);
}
}
} break;
@@ -7126,7 +7149,7 @@ public class PackageManagerService extends IPackageManager.Stub {
} else {
if (permissionsState.revokeInstallPermission(bp) !=
PermissionsState.PERMISSION_OPERATION_FAILURE) {
- changedPermission = true;
+ changedInstallPermission = true;
Slog.i(TAG, "Un-granting permission " + perm
+ " from package " + pkg.packageName
+ " (protectionLevel=" + bp.protectionLevel
@@ -7146,15 +7169,20 @@ public class PackageManagerService extends IPackageManager.Stub {
}
}
- if ((changedPermission || replace) && !ps.permissionsFixed &&
+ if ((changedInstallPermission || replace) && !ps.installPermissionsFixed &&
!isSystemApp(ps) || isUpdatedSystemApp(ps)){
// This is the first that we have heard about this package, so the
// permissions we have now selected are fixed until explicitly
// changed.
- ps.permissionsFixed = true;
+ ps.installPermissionsFixed = true;
}
- ps.setPermissionsUpdatedForUserIds(currentUserIds);
+ ps.setPermissionsUpdatedForUserIds(changedRuntimePermissionUserIds);
+
+ // Persist the runtime permissions state for users with changes.
+ for (int userId : changedRuntimePermissionUserIds) {
+ mSettings.writeRuntimePermissionsForUserLPr(userId, true);
+ }
}
private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) {
diff --git a/services/core/java/com/android/server/pm/PackageSettingBase.java b/services/core/java/com/android/server/pm/PackageSettingBase.java
index c40784b..35df33b 100644
--- a/services/core/java/com/android/server/pm/PackageSettingBase.java
+++ b/services/core/java/com/android/server/pm/PackageSettingBase.java
@@ -92,7 +92,7 @@ abstract class PackageSettingBase extends SettingBase {
PackageSignatures signatures = new PackageSignatures();
- boolean permissionsFixed;
+ boolean installPermissionsFixed;
PackageKeySetData keySetData = new PackageKeySetData();
@@ -145,7 +145,7 @@ abstract class PackageSettingBase extends SettingBase {
signatures = new PackageSignatures(base.signatures);
- permissionsFixed = base.permissionsFixed;
+ installPermissionsFixed = base.installPermissionsFixed;
userState.clear();
for (int i=0; i<base.userState.size(); i++) {
userState.put(base.userState.keyAt(i),
@@ -207,7 +207,7 @@ abstract class PackageSettingBase extends SettingBase {
firstInstallTime = base.firstInstallTime;
lastUpdateTime = base.lastUpdateTime;
signatures = base.signatures;
- permissionsFixed = base.permissionsFixed;
+ installPermissionsFixed = base.installPermissionsFixed;
userState.clear();
for (int i=0; i<base.userState.size(); i++) {
userState.put(base.userState.keyAt(i), base.userState.valueAt(i));
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 95ee990..0a2389f 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -175,6 +175,7 @@ final class Settings {
private static final String ATTR_HIDDEN = "hidden";
private static final String ATTR_INSTALLED = "inst";
private static final String ATTR_BLOCK_UNINSTALL = "blockUninstall";
+ private static final String ATTR_RUNTIME_PERMSISSIONS_ENABLED = "runtime-permissions-enabled";
private final Object mLock;
private final Context mContext;
@@ -201,6 +202,10 @@ final class Settings {
int mInternalSdkPlatform;
int mExternalSdkPlatform;
+
+ // Whether runtime permissions are enabled.
+ boolean mRuntimePermissionEnabled;
+
/**
* The current database version for apps on internal storage. This is
* used to upgrade the format of the packages.xml database not necessarily
@@ -1645,6 +1650,8 @@ final class Settings {
serializer.attribute(null, "internal", Integer.toString(mInternalSdkPlatform));
serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform));
serializer.attribute(null, "fingerprint", mFingerprint);
+ serializer.attribute(null, ATTR_RUNTIME_PERMSISSIONS_ENABLED,
+ String.valueOf(PackageManagerService.RUNTIME_PERMISSIONS_ENABLED));
serializer.endTag(null, "last-platform-version");
serializer.startTag(null, "database-version");
@@ -2141,6 +2148,8 @@ final class Settings {
} catch (NumberFormatException e) {
}
mFingerprint = parser.getAttributeValue(null, "fingerprint");
+ mRuntimePermissionEnabled = XmlUtils.readBooleanAttribute(parser,
+ ATTR_RUNTIME_PERMSISSIONS_ENABLED);
} else if (tagName.equals("database-version")) {
mInternalDatabaseVersion = mExternalDatabaseVersion = 0;
try {
@@ -2253,17 +2262,6 @@ final class Settings {
mReadMessages.append("Read completed successfully: " + mPackages.size() + " packages, "
+ mSharedUsers.size() + " shared uids\n");
- // The persisted state we just read was generated after a permissions
- // update for all users, update each package and shared user setting
- // with the device users ids to start from were we left off.
- final int[] userIds = UserManagerService.getInstance().getUserIds();
- for (PackageSetting ps : mPackages.values()) {
- ps.setPermissionsUpdatedForUserIds(userIds);
- }
- for (SharedUserSetting sus : mSharedUsers.values()) {
- sus.setPermissionsUpdatedForUserIds(userIds);
- }
-
return true;
}
@@ -3001,7 +2999,7 @@ final class Settings {
} else if (tagName.equals(TAG_PERMISSIONS)) {
readInstallPermissionsLPr(parser,
packageSetting.getPermissionsState());
- packageSetting.permissionsFixed = true;
+ packageSetting.installPermissionsFixed = true;
} else if (tagName.equals("proper-signing-keyset")) {
long id = Long.parseLong(parser.getAttributeValue(null, "identifier"));
packageSetting.keySetData.setProperSigningKeySet(id);
@@ -3574,7 +3572,8 @@ final class Settings {
pw.println(ps.installerPackageName);
}
pw.print(prefix); pw.print(" signatures="); pw.println(ps.signatures);
- pw.print(prefix); pw.print(" permissionsFixed="); pw.print(ps.permissionsFixed);
+ pw.print(prefix); pw.print(" installPermissionsFixed=");
+ pw.print(ps.installPermissionsFixed);
pw.print(" installStatus="); pw.println(ps.installStatus);
pw.print(prefix); pw.print(" pkgFlags="); printFlags(pw, ps.pkgFlags, FLAG_DUMP_SPEC);
pw.println();
generated by cgit v1.1 at 2024-06-30 17:12:44 +0000