diff options
| -rw-r--r-- | api/system-current.txt | 3 | ||||
| -rw-r--r-- | core/java/android/content/Intent.java | 2 | ||||
| -rw-r--r-- | core/java/android/content/pm/PackageInstaller.java | 24 | ||||
| -rw-r--r-- | core/java/com/android/internal/util/XmlUtils.java | 3 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 24 | ||||
| -rw-r--r-- | packages/Shell/AndroidManifest.xml | 4 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageInstallerService.java | 54 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 108 |
8 files changed, 165 insertions, 57 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index cbb1bb2..d1e19fb 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -104,6 +104,7 @@ package android { field public static final java.lang.String HARDWARE_TEST = "android.permission.HARDWARE_TEST"; field public static final java.lang.String HDMI_CEC = "android.permission.HDMI_CEC"; field public static final java.lang.String INJECT_EVENTS = "android.permission.INJECT_EVENTS"; + field public static final java.lang.String INSTALL_GRANT_RUNTIME_PERMISSIONS = "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS"; field public static final java.lang.String INSTALL_LOCATION_PROVIDER = "android.permission.INSTALL_LOCATION_PROVIDER"; field public static final java.lang.String INSTALL_PACKAGES = "android.permission.INSTALL_PACKAGES"; field public static final java.lang.String INSTALL_SHORTCUT = "com.android.launcher.permission.INSTALL_SHORTCUT"; @@ -181,6 +182,7 @@ package android { field public static final java.lang.String REQUEST_INSTALL_PACKAGES = "android.permission.REQUEST_INSTALL_PACKAGES"; field public static final deprecated java.lang.String RESTART_PACKAGES = "android.permission.RESTART_PACKAGES"; field public static final java.lang.String RETRIEVE_WINDOW_CONTENT = "android.permission.RETRIEVE_WINDOW_CONTENT"; + field public static final java.lang.String REVOKE_RUNTIME_PERMISSIONS = "android.permission.REVOKE_RUNTIME_PERMISSIONS"; field public static final java.lang.String SCORE_NETWORKS = "android.permission.SCORE_NETWORKS"; field public static final java.lang.String SEND_RESPOND_VIA_MESSAGE = "android.permission.SEND_RESPOND_VIA_MESSAGE"; field public static final java.lang.String SEND_SMS = "android.permission.SEND_SMS"; @@ -9436,6 +9438,7 @@ package android.content.pm { method public void setAppIcon(android.graphics.Bitmap); method public void setAppLabel(java.lang.CharSequence); method public void setAppPackageName(java.lang.String); + method public void setGrantedRuntimePermissions(java.lang.String[]); method public void setInstallLocation(int); method public void setOriginatingUri(android.net.Uri); method public void setReferrerUri(android.net.Uri); diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java index 5571662..f786d2f 100644 --- a/core/java/android/content/Intent.java +++ b/core/java/android/content/Intent.java @@ -1023,7 +1023,7 @@ public class Intent implements Parcelable, Cloneable { * * <p>Note: if you app targets {@link android.os.Build.VERSION_CODES#MNC MNC} * and above and declares as using the {@link android.Manifest.permission#CALL_PHONE} - * permission which is not granted, then atempting to use this action will + * permission which is not granted, then attempting to use this action will * result in a {@link java.lang.SecurityException}. */ @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) diff --git a/core/java/android/content/pm/PackageInstaller.java b/core/java/android/content/pm/PackageInstaller.java index b7ee82d..9341be1 100644 --- a/core/java/android/content/pm/PackageInstaller.java +++ b/core/java/android/content/pm/PackageInstaller.java @@ -18,8 +18,10 @@ package android.content.pm; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.RequiresPermission; import android.annotation.SdkConstant; import android.annotation.SdkConstant.SdkConstantType; +import android.annotation.SystemApi; import android.app.ActivityManager; import android.content.Context; import android.content.Intent; @@ -889,6 +891,8 @@ public class PackageInstaller { public String abiOverride; /** {@hide} */ public String volumeUuid; + /** {@hide} */ + public String[] grantedRuntimePermissions; /** * Construct parameters for a new package install session. @@ -914,6 +918,7 @@ public class PackageInstaller { referrerUri = source.readParcelable(null); abiOverride = source.readString(); volumeUuid = source.readString(); + grantedRuntimePermissions = source.readStringArray(); } /** @@ -987,6 +992,23 @@ public class PackageInstaller { this.referrerUri = referrerUri; } + /** + * Sets which runtime permissions to be granted to the package at installation. + * Using this API requires holding {@link android.Manifest.permission + * #INSTALL_GRANT_RUNTIME_PERMISSIONS} + * + * @param permissions The permissions to grant or null to grant all runtime + * permissions. + * + * @hide + */ + @SystemApi + @RequiresPermission(android.Manifest.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS) + public void setGrantedRuntimePermissions(String[] permissions) { + installFlags |= PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS; + this.grantedRuntimePermissions = permissions; + } + /** {@hide} */ public void setInstallFlagsInternal() { installFlags |= PackageManager.INSTALL_INTERNAL; @@ -1012,6 +1034,7 @@ public class PackageInstaller { pw.printPair("referrerUri", referrerUri); pw.printPair("abiOverride", abiOverride); pw.printPair("volumeUuid", volumeUuid); + pw.printPair("grantedRuntimePermissions", grantedRuntimePermissions); pw.println(); } @@ -1033,6 +1056,7 @@ public class PackageInstaller { dest.writeParcelable(referrerUri, flags); dest.writeString(abiOverride); dest.writeString(volumeUuid); + dest.writeStringArray(grantedRuntimePermissions); } public static final Parcelable.Creator<SessionParams> diff --git a/core/java/com/android/internal/util/XmlUtils.java b/core/java/com/android/internal/util/XmlUtils.java index 32746c2..6393fba 100644 --- a/core/java/com/android/internal/util/XmlUtils.java +++ b/core/java/com/android/internal/util/XmlUtils.java @@ -20,6 +20,7 @@ import android.graphics.Bitmap; import android.graphics.BitmapFactory; import android.graphics.Bitmap.CompressFormat; import android.net.Uri; +import android.text.TextUtils; import android.util.ArrayMap; import android.util.Base64; import android.util.Xml; @@ -45,6 +46,8 @@ import java.util.Set; /** {@hide} */ public class XmlUtils { + private static final String STRING_ARRAY_SEPARATOR = ":"; + public static void skipCurrentTag(XmlPullParser parser) throws XmlPullParserException, IOException { int outerDepth = parser.getDepth(); diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 062ae27..0c0ba7f 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2052,10 +2052,24 @@ <permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" android:protectionLevel="signature|privileged" /> - <!-- @hide Allows an application to grant or revoke specific permissions. --> - <permission android:name="android.permission.GRANT_REVOKE_PERMISSIONS" + <!-- Allows an application to grant specific permissions. + @hide --> + <permission android:name="android.permission.GRANT_RUNTIME_PERMISSIONS" android:protectionLevel="signature|installer" /> + <!-- Allows an app that has this permission and the permissions to install packages + to request certain runtime permissions to be granted at installation. + @hide + @SystemApi --> + <permission android:name="android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS" + android:protectionLevel="signature|installer|verifier" /> + + <!-- Allows an application to revoke specific permissions. + @hide + @SystemApi --> + <permission android:name="android.permission.REVOKE_RUNTIME_PERMISSIONS" + android:protectionLevel="signature|installer|verifier" /> + <!-- @hide Allows an application to observe permission changes. --> <permission android:name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS" android:protectionLevel="signature|privileged" /> @@ -2539,12 +2553,6 @@ <permission android:name="android.permission.ACCESS_VOICE_INTERACTION_SERVICE" android:protectionLevel="signature" /> - <!-- Allows an app that has this permission and a permissions to install packages - to request all runtime permissions to be granted at installation. - @hide --> - <permission android:name="android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS" - android:protectionLevel="signature" /> - <!-- The system process that is allowed to bind to services in carrier apps will have this permission. Carrier apps should use this permission to protect their services that only the system is allowed to bind to. diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml index 9832b45..c00fdf3 100644 --- a/packages/Shell/AndroidManifest.xml +++ b/packages/Shell/AndroidManifest.xml @@ -76,7 +76,9 @@ <uses-permission android:name="android.permission.FORCE_STOP_PACKAGES" /> <uses-permission android:name="android.permission.STOP_APP_SWITCHES" /> <uses-permission android:name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY" /> - <uses-permission android:name="android.permission.GRANT_REVOKE_PERMISSIONS" /> + <uses-permission android:name="android.permission.GRANT_RUNTIME_PERMISSIONS" /> + <uses-permission android:name="android.permission.REVOKE_RUNTIME_PERMISSIONS" /> + <uses-permission android:name="android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS" /> <uses-permission android:name="android.permission.SET_KEYBOARD_LAYOUT" /> <uses-permission android:name="android.permission.GET_DETAILED_TASKS" /> <uses-permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" /> diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java index 2abd924..07de6f5 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java @@ -43,7 +43,6 @@ import android.content.Context; import android.content.Intent; import android.content.IntentSender; import android.content.IntentSender.SendIntentException; -import android.content.pm.ApplicationInfo; import android.content.pm.IPackageInstaller; import android.content.pm.IPackageInstallerCallback; import android.content.pm.IPackageInstallerSession; @@ -71,7 +70,6 @@ import android.os.SELinux; import android.os.UserHandle; import android.os.UserManager; import android.os.storage.StorageManager; -import android.os.storage.VolumeInfo; import android.system.ErrnoException; import android.system.Os; import android.text.TextUtils; @@ -123,6 +121,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub { /** XML constants used in {@link #mSessionsFile} */ private static final String TAG_SESSIONS = "sessions"; private static final String TAG_SESSION = "session"; + private static final String TAG_GRANTED_RUNTIME_PERMISSION = "granted-runtime-permission"; private static final String ATTR_SESSION_ID = "sessionId"; private static final String ATTR_USER_ID = "userId"; private static final String ATTR_INSTALLER_PACKAGE_NAME = "installerPackageName"; @@ -144,6 +143,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub { private static final String ATTR_REFERRER_URI = "referrerUri"; private static final String ATTR_ABI_OVERRIDE = "abiOverride"; private static final String ATTR_VOLUME_UUID = "volumeUuid"; + private static final String ATTR_NAME = "name"; /** Automatically destroy sessions older than this */ private static final long MAX_AGE_MILLIS = 3 * DateUtils.DAY_IN_MILLIS; @@ -374,16 +374,15 @@ public class PackageInstallerService extends IPackageInstaller.Stub { } } catch (FileNotFoundException e) { // Missing sessions are okay, probably first boot - } catch (IOException e) { - Slog.wtf(TAG, "Failed reading install sessions", e); - } catch (XmlPullParserException e) { + } catch (IOException | XmlPullParserException e) { Slog.wtf(TAG, "Failed reading install sessions", e); } finally { IoUtils.closeQuietly(fis); } } - private PackageInstallerSession readSessionLocked(XmlPullParser in) throws IOException { + private PackageInstallerSession readSessionLocked(XmlPullParser in) throws IOException, + XmlPullParserException { final int sessionId = readIntAttribute(in, ATTR_SESSION_ID); final int userId = readIntAttribute(in, ATTR_USER_ID); final String installerPackageName = readStringAttribute(in, ATTR_INSTALLER_PACKAGE_NAME); @@ -409,6 +408,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub { params.referrerUri = readUriAttribute(in, ATTR_REFERRER_URI); params.abiOverride = readStringAttribute(in, ATTR_ABI_OVERRIDE); params.volumeUuid = readStringAttribute(in, ATTR_VOLUME_UUID); + params.grantedRuntimePermissions = readGrantedRuntimePermissions(in); final File appIconFile = buildAppIconFile(sessionId); if (appIconFile.exists()) { @@ -501,9 +501,51 @@ public class PackageInstallerService extends IPackageInstaller.Stub { params.appIconLastModified = appIconFile.lastModified(); } + writeGrantedRuntimePermissions(out, params.grantedRuntimePermissions); + out.endTag(null, TAG_SESSION); } + private static void writeGrantedRuntimePermissions(XmlSerializer out, + String[] grantedRuntimePermissions) throws IOException { + if (grantedRuntimePermissions != null) { + for (String permission : grantedRuntimePermissions) { + out.startTag(null, TAG_GRANTED_RUNTIME_PERMISSION); + writeStringAttribute(out, ATTR_NAME, permission); + out.endTag(null, TAG_GRANTED_RUNTIME_PERMISSION); + } + } + } + + private static String[] readGrantedRuntimePermissions(XmlPullParser in) + throws IOException, XmlPullParserException { + List<String> permissions = null; + + final int outerDepth = in.getDepth(); + int type; + while ((type = in.next()) != XmlPullParser.END_DOCUMENT + && (type != XmlPullParser.END_TAG || in.getDepth() > outerDepth)) { + if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { + continue; + } + if (TAG_GRANTED_RUNTIME_PERMISSION.equals(in.getName())) { + String permission = readStringAttribute(in, ATTR_NAME); + if (permissions == null) { + permissions = new ArrayList<>(); + } + permissions.add(permission); + } + } + + if (permissions == null) { + return null; + } + + String[] permissionsArray = new String[permissions.size()]; + permissions.toArray(permissionsArray); + return permissionsArray; + } + private File buildAppIconFile(int sessionId) { return new File(mSessionsDir, "app_icon." + sessionId + ".png"); } diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index f2ac7be..e49454f 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -16,7 +16,6 @@ package com.android.server.pm; -import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_MEDIA_STORAGE; @@ -1339,8 +1338,8 @@ public class PackageManagerService extends IPackageManager.Stub { // permissions if requested before broadcasting the install. if ((args.installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0) { - grantRequestedRuntimePermissions(res.pkg, - args.user.getIdentifier()); + grantRequestedRuntimePermissions(res.pkg, args.user.getIdentifier(), + args.installGrantPermissions); } // Determine the set of users who are adding this @@ -1669,12 +1668,17 @@ public class PackageManagerService extends IPackageManager.Stub { } }; - private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int userId) { + private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int userId, + String[] grantedPermissions) { if (userId >= UserHandle.USER_OWNER) { - grantRequestedRuntimePermissionsForUser(pkg, userId); + grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions); } else if (userId == UserHandle.USER_ALL) { - for (int someUserId : UserManagerService.getInstance().getUserIds()) { - grantRequestedRuntimePermissionsForUser(pkg, someUserId); + final int[] userIds; + synchronized (mPackages) { + userIds = UserManagerService.getInstance().getUserIds(); + } + for (int someUserId : userIds) { + grantRequestedRuntimePermissionsForUser(pkg, someUserId, grantedPermissions); } } @@ -1684,7 +1688,8 @@ public class PackageManagerService extends IPackageManager.Stub { } } - private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId) { + private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId, + String[] grantedPermissions) { SettingBase sb = (SettingBase) pkg.mExtras; if (sb == null) { return; @@ -1694,7 +1699,8 @@ public class PackageManagerService extends IPackageManager.Stub { for (String permission : pkg.requestedPermissions) { BasePermission bp = mSettings.mPermissions.get(permission); - if (bp != null && bp.isRuntime()) { + if (bp != null && bp.isRuntime() && (grantedPermissions == null + || ArrayUtils.contains(grantedPermissions, permission))) { permissionsState.grantRuntimePermission(bp, userId); } } @@ -3382,7 +3388,7 @@ public class PackageManagerService extends IPackageManager.Stub { } mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, + android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, "grantRuntimePermission"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, @@ -3466,7 +3472,7 @@ public class PackageManagerService extends IPackageManager.Stub { } mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, + android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, "revokeRuntimePermission"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, @@ -3517,7 +3523,7 @@ public class PackageManagerService extends IPackageManager.Stub { @Override public void resetRuntimePermissions() { mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, + android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, "revokeRuntimePermission"); int callingUid = Binder.getCallingUid(); @@ -3527,16 +3533,19 @@ public class PackageManagerService extends IPackageManager.Stub { "resetRuntimePermissions"); } - final int[] userIds; - synchronized (mPackages) { updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL); - final int userCount = UserManagerService.getInstance().getUserIds().length; - userIds = Arrays.copyOf(UserManagerService.getInstance().getUserIds(), userCount); - } - - for (int userId : userIds) { - mDefaultPermissionPolicy.grantDefaultPermissions(userId); + for (int userId : UserManagerService.getInstance().getUserIds()) { + final int packageCount = mPackages.size(); + for (int i = 0; i < packageCount; i++) { + PackageParser.Package pkg = mPackages.valueAt(i); + if (!(pkg.mExtras instanceof PackageSetting)) { + continue; + } + PackageSetting ps = (PackageSetting) pkg.mExtras; + resetUserChangesToRuntimePermissionsAndFlagsLocked(ps, userId); + } + } } } @@ -3546,9 +3555,7 @@ public class PackageManagerService extends IPackageManager.Stub { return 0; } - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, - "getPermissionFlags"); + enforceGrantRevokeRuntimePermissionPermissions("getPermissionFlags"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "getPermissionFlags"); @@ -3581,9 +3588,7 @@ public class PackageManagerService extends IPackageManager.Stub { return; } - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, - "updatePermissionFlags"); + enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "updatePermissionFlags"); @@ -3643,9 +3648,7 @@ public class PackageManagerService extends IPackageManager.Stub { return; } - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, - "updatePermissionFlagsForAllApps"); + enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlagsForAllApps"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "updatePermissionFlagsForAllApps"); @@ -3675,6 +3678,17 @@ public class PackageManagerService extends IPackageManager.Stub { } } + private void enforceGrantRevokeRuntimePermissionPermissions(String message) { + if (mContext.checkCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS) + != PackageManager.PERMISSION_GRANTED + && mContext.checkCallingOrSelfPermission(Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) + != PackageManager.PERMISSION_GRANTED) { + throw new SecurityException(message + " requires " + + Manifest.permission.GRANT_RUNTIME_PERMISSIONS + " or " + + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS); + } + } + @Override public boolean shouldShowRequestPermissionRationale(String permissionName, String packageName, int userId) { @@ -9444,7 +9458,7 @@ public class PackageManagerService extends IPackageManager.Stub { final Message msg = mHandler.obtainMessage(INIT_COPY); msg.obj = new InstallParams(origin, null, observer, installFlags, installerPackageName, - null, verificationParams, user, packageAbiOverride); + null, verificationParams, user, packageAbiOverride, null); mHandler.sendMessage(msg); } @@ -9464,7 +9478,8 @@ public class PackageManagerService extends IPackageManager.Stub { final Message msg = mHandler.obtainMessage(INIT_COPY); msg.obj = new InstallParams(origin, null, observer, params.installFlags, - installerPackageName, params.volumeUuid, verifParams, user, params.abiOverride); + installerPackageName, params.volumeUuid, verifParams, user, params.abiOverride, + params.grantedRuntimePermissions); mHandler.sendMessage(msg); } @@ -10344,10 +10359,13 @@ public class PackageManagerService extends IPackageManager.Stub { private InstallArgs mArgs; private int mRet; final String packageAbiOverride; + final String[] grantedRuntimePermissions; + InstallParams(OriginInfo origin, MoveInfo move, IPackageInstallObserver2 observer, int installFlags, String installerPackageName, String volumeUuid, - VerificationParams verificationParams, UserHandle user, String packageAbiOverride) { + VerificationParams verificationParams, UserHandle user, String packageAbiOverride, + String[] grantedPermissions) { super(user); this.origin = origin; this.move = move; @@ -10357,6 +10375,7 @@ public class PackageManagerService extends IPackageManager.Stub { this.volumeUuid = volumeUuid; this.verificationParams = verificationParams; this.packageAbiOverride = packageAbiOverride; + this.grantedRuntimePermissions = grantedPermissions; } @Override @@ -10786,6 +10805,7 @@ public class PackageManagerService extends IPackageManager.Stub { final ManifestDigest manifestDigest; final UserHandle user; final String abiOverride; + final String[] installGrantPermissions; // The list of instruction sets supported by this app. This is currently // only used during the rmdex() phase to clean up resources. We can get rid of this @@ -10795,7 +10815,7 @@ public class PackageManagerService extends IPackageManager.Stub { InstallArgs(OriginInfo origin, MoveInfo move, IPackageInstallObserver2 observer, int installFlags, String installerPackageName, String volumeUuid, ManifestDigest manifestDigest, UserHandle user, String[] instructionSets, - String abiOverride) { + String abiOverride, String[] installGrantPermissions) { this.origin = origin; this.move = move; this.installFlags = installFlags; @@ -10806,6 +10826,7 @@ public class PackageManagerService extends IPackageManager.Stub { this.user = user; this.instructionSets = instructionSets; this.abiOverride = abiOverride; + this.installGrantPermissions = installGrantPermissions; } abstract int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException; @@ -10898,7 +10919,8 @@ public class PackageManagerService extends IPackageManager.Stub { FileInstallArgs(InstallParams params) { super(params.origin, params.move, params.observer, params.installFlags, params.installerPackageName, params.volumeUuid, params.getManifestDigest(), - params.getUser(), null /* instruction sets */, params.packageAbiOverride); + params.getUser(), null /* instruction sets */, params.packageAbiOverride, + params.grantedRuntimePermissions); if (isFwdLocked()) { throw new IllegalArgumentException("Forward locking only supported in ASEC"); } @@ -10907,7 +10929,7 @@ public class PackageManagerService extends IPackageManager.Stub { /** Existing install */ FileInstallArgs(String codePath, String resourcePath, String[] instructionSets) { super(OriginInfo.fromNothing(), null, null, 0, null, null, null, null, instructionSets, - null); + null, null); this.codeFile = (codePath != null) ? new File(codePath) : null; this.resourceFile = (resourcePath != null) ? new File(resourcePath) : null; } @@ -11123,7 +11145,8 @@ public class PackageManagerService extends IPackageManager.Stub { AsecInstallArgs(InstallParams params) { super(params.origin, params.move, params.observer, params.installFlags, params.installerPackageName, params.volumeUuid, params.getManifestDigest(), - params.getUser(), null /* instruction sets */, params.packageAbiOverride); + params.getUser(), null /* instruction sets */, params.packageAbiOverride, + params.grantedRuntimePermissions); } /** Existing install */ @@ -11131,7 +11154,7 @@ public class PackageManagerService extends IPackageManager.Stub { boolean isExternal, boolean isForwardLocked) { super(OriginInfo.fromNothing(), null, null, (isExternal ? INSTALL_EXTERNAL : 0) | (isForwardLocked ? INSTALL_FORWARD_LOCK : 0), null, null, null, null, - instructionSets, null); + instructionSets, null, null); // Hackily pretend we're still looking at a full code path if (!fullCodePath.endsWith(RES_FILE_NAME)) { fullCodePath = new File(fullCodePath, RES_FILE_NAME).getAbsolutePath(); @@ -11148,7 +11171,7 @@ public class PackageManagerService extends IPackageManager.Stub { AsecInstallArgs(String cid, String[] instructionSets, boolean isForwardLocked) { super(OriginInfo.fromNothing(), null, null, (isAsecExternal(cid) ? INSTALL_EXTERNAL : 0) | (isForwardLocked ? INSTALL_FORWARD_LOCK : 0), null, null, null, null, - instructionSets, null); + instructionSets, null, null); this.cid = cid; setMountPath(PackageHelper.getSdDir(cid)); } @@ -11415,7 +11438,8 @@ public class PackageManagerService extends IPackageManager.Stub { MoveInstallArgs(InstallParams params) { super(params.origin, params.move, params.observer, params.installFlags, params.installerPackageName, params.volumeUuid, params.getManifestDigest(), - params.getUser(), null /* instruction sets */, params.packageAbiOverride); + params.getUser(), null /* instruction sets */, params.packageAbiOverride, + params.grantedRuntimePermissions); } int copyApk(IMediaContainerService imcs, boolean temp) { @@ -15869,7 +15893,7 @@ public class PackageManagerService extends IPackageManager.Stub { final Message msg = mHandler.obtainMessage(INIT_COPY); final OriginInfo origin = OriginInfo.fromExistingFile(codeFile); msg.obj = new InstallParams(origin, move, installObserver, installFlags, - installerPackageName, volumeUuid, null, user, packageAbiOverride); + installerPackageName, volumeUuid, null, user, packageAbiOverride, null); mHandler.sendMessage(msg); } @@ -16036,7 +16060,9 @@ public class PackageManagerService extends IPackageManager.Stub { @Override public void setPermissionEnforced(String permission, boolean enforced) { - mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null); + // TODO: Now that we no longer change GID for storage, this should to away. + mContext.enforceCallingOrSelfPermission(Manifest.permission.GRANT_RUNTIME_PERMISSIONS, + "setPermissionEnforced"); if (READ_EXTERNAL_STORAGE.equals(permission)) { synchronized (mPackages) { if (mSettings.mReadExternalStorageEnforced == null |