diff options
Diffstat (limited to 'services/core/java/com/android/server')
3 files changed, 57 insertions, 30 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index bffa0e9..3356e68 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -248,7 +248,7 @@ public class PackageManagerService extends IPackageManager.Stub { private static final boolean DEBUG_DEXOPT = false; private static final boolean DEBUG_ABI_SELECTION = false; - private static final boolean RUNTIME_PERMISSIONS_ENABLED = + static final boolean RUNTIME_PERMISSIONS_ENABLED = SystemProperties.getInt("ro.runtime.permissions.enabled", 0) == 1; private static final int RADIO_UID = Process.PHONE_UID; @@ -1810,7 +1810,26 @@ public class PackageManagerService extends IPackageManager.Stub { + mSettings.mInternalSdkPlatform + " to " + mSdkVersion + "; regranting permissions for internal storage"); mSettings.mInternalSdkPlatform = mSdkVersion; - + + + // We keep track for which users we granted permissions to be able + // to grant runtime permissions to system apps for newly appeared + // users. If we supported runtime permissions during the previous + // boot, then we already granted permissions for all device users. + // In such a case we set the users for which we granted permissions + // to avoid clobbering of runtime permissions we granted to system + // apps but the user revoked later. + if (PackageManagerService.RUNTIME_PERMISSIONS_ENABLED && + mSettings.mRuntimePermissionEnabled) { + final int[] userIds = UserManagerService.getInstance().getUserIds(); + for (PackageSetting ps : mSettings.mPackages.values()) { + ps.setPermissionsUpdatedForUserIds(userIds); + } + for (SharedUserSetting sus : mSettings.mSharedUsers.values()) { + sus.setPermissionsUpdatedForUserIds(userIds); + } + } + updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL | (regrantPermissions ? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL) @@ -1842,7 +1861,6 @@ public class PackageManagerService extends IPackageManager.Stub { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY, SystemClock.uptimeMillis()); - mRequiredVerifierPackage = getRequiredVerifierLPr(); } // synchronized (mPackages) } // synchronized (mInstallLock) @@ -6970,11 +6988,12 @@ public class PackageManagerService extends IPackageManager.Stub { final int[] currentUserIds = UserManagerService.getInstance().getUserIds(); int[] upgradeUserIds = PermissionsState.USERS_NONE; + int[] changedRuntimePermissionUserIds = PermissionsState.USERS_NONE; - boolean changedPermission = false; + boolean changedInstallPermission = false; if (replace) { - ps.permissionsFixed = false; + ps.installPermissionsFixed = false; origPermissions = new PermissionsState(permissionsState); permissionsState.reset(); } @@ -7069,7 +7088,7 @@ public class PackageManagerService extends IPackageManager.Stub { } if (grant != GRANT_DENIED) { - if (!isSystemApp(ps) && ps.permissionsFixed) { + if (!isSystemApp(ps) && ps.installPermissionsFixed) { // If this is an existing, non-system package, then // we can't add any new permissions to it. if (!allowedSig && !origPermissions.hasInstallPermission(perm)) { @@ -7087,7 +7106,7 @@ public class PackageManagerService extends IPackageManager.Stub { // Grant an install permission. if (permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { - changedPermission = true; + changedInstallPermission = true; } } break; @@ -7095,9 +7114,11 @@ public class PackageManagerService extends IPackageManager.Stub { // Grant previously granted runtime permissions. for (int userId : UserManagerService.getInstance().getUserIds()) { if (origPermissions.hasRuntimePermission(bp.name, userId)) { - if (permissionsState.grantRuntimePermission(bp, userId) != + if (permissionsState.grantRuntimePermission(bp, userId) == PermissionsState.PERMISSION_OPERATION_FAILURE) { - changedPermission = true; + // If we cannot put the permission as it was, we have to write. + changedRuntimePermissionUserIds = ArrayUtils.appendInt( + changedRuntimePermissionUserIds, userId); } } } @@ -7109,7 +7130,9 @@ public class PackageManagerService extends IPackageManager.Stub { for (int userId : upgradeUserIds) { if (permissionsState.grantRuntimePermission(bp, userId) != PermissionsState.PERMISSION_OPERATION_FAILURE) { - changedPermission = true; + // If we granted the permission, we have to write. + changedRuntimePermissionUserIds = ArrayUtils.appendInt( + changedRuntimePermissionUserIds, userId); } } } break; @@ -7126,7 +7149,7 @@ public class PackageManagerService extends IPackageManager.Stub { } else { if (permissionsState.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { - changedPermission = true; + changedInstallPermission = true; Slog.i(TAG, "Un-granting permission " + perm + " from package " + pkg.packageName + " (protectionLevel=" + bp.protectionLevel @@ -7146,15 +7169,20 @@ public class PackageManagerService extends IPackageManager.Stub { } } - if ((changedPermission || replace) && !ps.permissionsFixed && + if ((changedInstallPermission || replace) && !ps.installPermissionsFixed && !isSystemApp(ps) || isUpdatedSystemApp(ps)){ // This is the first that we have heard about this package, so the // permissions we have now selected are fixed until explicitly // changed. - ps.permissionsFixed = true; + ps.installPermissionsFixed = true; } - ps.setPermissionsUpdatedForUserIds(currentUserIds); + ps.setPermissionsUpdatedForUserIds(changedRuntimePermissionUserIds); + + // Persist the runtime permissions state for users with changes. + for (int userId : changedRuntimePermissionUserIds) { + mSettings.writeRuntimePermissionsForUserLPr(userId, true); + } } private boolean isNewPlatformPermissionForPackage(String perm, PackageParser.Package pkg) { diff --git a/services/core/java/com/android/server/pm/PackageSettingBase.java b/services/core/java/com/android/server/pm/PackageSettingBase.java index c40784b..35df33b 100644 --- a/services/core/java/com/android/server/pm/PackageSettingBase.java +++ b/services/core/java/com/android/server/pm/PackageSettingBase.java @@ -92,7 +92,7 @@ abstract class PackageSettingBase extends SettingBase { PackageSignatures signatures = new PackageSignatures(); - boolean permissionsFixed; + boolean installPermissionsFixed; PackageKeySetData keySetData = new PackageKeySetData(); @@ -145,7 +145,7 @@ abstract class PackageSettingBase extends SettingBase { signatures = new PackageSignatures(base.signatures); - permissionsFixed = base.permissionsFixed; + installPermissionsFixed = base.installPermissionsFixed; userState.clear(); for (int i=0; i<base.userState.size(); i++) { userState.put(base.userState.keyAt(i), @@ -207,7 +207,7 @@ abstract class PackageSettingBase extends SettingBase { firstInstallTime = base.firstInstallTime; lastUpdateTime = base.lastUpdateTime; signatures = base.signatures; - permissionsFixed = base.permissionsFixed; + installPermissionsFixed = base.installPermissionsFixed; userState.clear(); for (int i=0; i<base.userState.size(); i++) { userState.put(base.userState.keyAt(i), base.userState.valueAt(i)); diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java index 95ee990..0a2389f 100644 --- a/services/core/java/com/android/server/pm/Settings.java +++ b/services/core/java/com/android/server/pm/Settings.java @@ -175,6 +175,7 @@ final class Settings { private static final String ATTR_HIDDEN = "hidden"; private static final String ATTR_INSTALLED = "inst"; private static final String ATTR_BLOCK_UNINSTALL = "blockUninstall"; + private static final String ATTR_RUNTIME_PERMSISSIONS_ENABLED = "runtime-permissions-enabled"; private final Object mLock; private final Context mContext; @@ -201,6 +202,10 @@ final class Settings { int mInternalSdkPlatform; int mExternalSdkPlatform; + + // Whether runtime permissions are enabled. + boolean mRuntimePermissionEnabled; + /** * The current database version for apps on internal storage. This is * used to upgrade the format of the packages.xml database not necessarily @@ -1645,6 +1650,8 @@ final class Settings { serializer.attribute(null, "internal", Integer.toString(mInternalSdkPlatform)); serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform)); serializer.attribute(null, "fingerprint", mFingerprint); + serializer.attribute(null, ATTR_RUNTIME_PERMSISSIONS_ENABLED, + String.valueOf(PackageManagerService.RUNTIME_PERMISSIONS_ENABLED)); serializer.endTag(null, "last-platform-version"); serializer.startTag(null, "database-version"); @@ -2141,6 +2148,8 @@ final class Settings { } catch (NumberFormatException e) { } mFingerprint = parser.getAttributeValue(null, "fingerprint"); + mRuntimePermissionEnabled = XmlUtils.readBooleanAttribute(parser, + ATTR_RUNTIME_PERMSISSIONS_ENABLED); } else if (tagName.equals("database-version")) { mInternalDatabaseVersion = mExternalDatabaseVersion = 0; try { @@ -2253,17 +2262,6 @@ final class Settings { mReadMessages.append("Read completed successfully: " + mPackages.size() + " packages, " + mSharedUsers.size() + " shared uids\n"); - // The persisted state we just read was generated after a permissions - // update for all users, update each package and shared user setting - // with the device users ids to start from were we left off. - final int[] userIds = UserManagerService.getInstance().getUserIds(); - for (PackageSetting ps : mPackages.values()) { - ps.setPermissionsUpdatedForUserIds(userIds); - } - for (SharedUserSetting sus : mSharedUsers.values()) { - sus.setPermissionsUpdatedForUserIds(userIds); - } - return true; } @@ -3001,7 +2999,7 @@ final class Settings { } else if (tagName.equals(TAG_PERMISSIONS)) { readInstallPermissionsLPr(parser, packageSetting.getPermissionsState()); - packageSetting.permissionsFixed = true; + packageSetting.installPermissionsFixed = true; } else if (tagName.equals("proper-signing-keyset")) { long id = Long.parseLong(parser.getAttributeValue(null, "identifier")); packageSetting.keySetData.setProperSigningKeySet(id); @@ -3574,7 +3572,8 @@ final class Settings { pw.println(ps.installerPackageName); } pw.print(prefix); pw.print(" signatures="); pw.println(ps.signatures); - pw.print(prefix); pw.print(" permissionsFixed="); pw.print(ps.permissionsFixed); + pw.print(prefix); pw.print(" installPermissionsFixed="); + pw.print(ps.installPermissionsFixed); pw.print(" installStatus="); pw.println(ps.installStatus); pw.print(prefix); pw.print(" pkgFlags="); printFlags(pw, ps.pkgFlags, FLAG_DUMP_SPEC); pw.println(); |