From 8b3e6b0df102901f938cd0687f9994a3ff767fcf Mon Sep 17 00:00:00 2001 From: Todd Kennedy Date: Wed, 12 Aug 2015 08:26:15 -0700 Subject: Promote system app permissions When upgrading from a pre-M version of Android, install permissions for exisiting system are promoted to runtime permissions. This only happens for apps that existed prior to the OTA. Other system apps targeting M are not automatically granted any permissions. Bug: 22970710 Change-Id: I964ee3f93c66ea43fbb1be6b5ac6b09ddea3c385 --- .../android/server/pm/PackageManagerService.java | 42 +++++++++++++++++++--- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 6a4ae3d..21e256e 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -481,12 +481,21 @@ public class PackageManagerService extends IPackageManager.Stub { new ArrayMap>(); /** - * Tracks new system packages [receiving in an OTA] that we expect to + * Tracks new system packages [received in an OTA] that we expect to * find updated user-installed versions. Keys are package name, values * are package location. */ final private ArrayMap mExpectingBetter = new ArrayMap<>(); + /** + * Tracks existing system packages prior to receiving an OTA. Keys are package name. + */ + final private ArraySet mExistingSystemPackages = new ArraySet<>(); + /** + * Whether or not system app permissions should be promoted from install to runtime. + */ + boolean mPromoteSystemApps; + final Settings mSettings; boolean mRestoredSettings; @@ -2028,6 +2037,24 @@ public class PackageManagerService extends IPackageManager.Stub { } } + final VersionInfo ver = mSettings.getInternalVersion(); + mIsUpgrade = !Build.FINGERPRINT.equals(ver.fingerprint); + // when upgrading from pre-M, promote system app permissions from install to runtime + mPromoteSystemApps = + mIsUpgrade && ver.sdkVersion <= Build.VERSION_CODES.LOLLIPOP_MR1; + + // save off the names of pre-existing system packages prior to scanning; we don't + // want to automatically grant runtime permissions for new system apps + if (mPromoteSystemApps) { + Iterator pkgSettingIter = mSettings.mPackages.values().iterator(); + while (pkgSettingIter.hasNext()) { + PackageSetting ps = pkgSettingIter.next(); + if (isSystemApp(ps)) { + mExistingSystemPackages.add(ps.name); + } + } + } + // Collect vendor overlay packages. // (Do this before scanning any apps.) // For security and version matching reason, only consider @@ -2247,8 +2274,6 @@ public class PackageManagerService extends IPackageManager.Stub { // cases get permissions that the user didn't initially explicitly // allow... it would be nice to have some better way to handle // this situation. - final VersionInfo ver = mSettings.getInternalVersion(); - int updateFlags = UPDATE_PERMISSIONS_ALL; if (ver.sdkVersion != mSdkVersion) { Slog.i(TAG, "Platform changed from " + ver.sdkVersion + " to " @@ -2257,6 +2282,9 @@ public class PackageManagerService extends IPackageManager.Stub { } updatePermissionsLPw(null, null, updateFlags); ver.sdkVersion = mSdkVersion; + // clear only after permissions have been updated + mExistingSystemPackages.clear(); + mPromoteSystemApps = false; // If this is the first boot, and it is a normal boot, then // we need to initialize the default preferred apps. @@ -2268,7 +2296,6 @@ public class PackageManagerService extends IPackageManager.Stub { // If this is first boot after an OTA, and a normal boot, then // we need to clear code cache directories. - mIsUpgrade = !Build.FINGERPRINT.equals(ver.fingerprint); if (mIsUpgrade && !onlyCore) { Slog.i(TAG, "Build fingerprint changed; clearing code caches"); for (int i = 0; i < mSettings.mPackages.size(); i++) { @@ -8356,6 +8383,13 @@ public class PackageManagerService extends IPackageManager.Stub { } else if (origPermissions.hasInstallPermission(bp.name)) { // For legacy apps that became modern, install becomes runtime. grant = GRANT_UPGRADE; + } else if (mPromoteSystemApps + && isSystemApp(ps) + && mExistingSystemPackages.contains(ps.name)) { + // For legacy system apps, install becomes runtime. + // We cannot check hasInstallPermission() for system apps since those + // permissions were granted implicitly and not persisted pre-M. + grant = GRANT_UPGRADE; } else { // For modern apps keep runtime permissions unchanged. grant = GRANT_RUNTIME; -- cgit v1.1