Merge "Upgrade permissions on PermissionController version change" into rvc-dev
This commit is contained in:
Evan Severson
committed by
Android (Google) Code Review
Android (Google) Code Review
commit
2a129f696a
@@ -202,7 +202,8 @@ public abstract class PermissionControllerService extends Service {
|
||||
/**
|
||||
* Grant or upgrade runtime permissions. The upgrade could be performed
|
||||
* based on whether the device upgraded, whether the permission database
|
||||
* version is old, or because the permission policy changed.
|
||||
* version is old, because the permission policy changed, or because the
|
||||
* permission controller has updated.
|
||||
*
|
||||
* @param callback Callback waiting for operation to be complete
|
||||
*
|
||||
|
||||
@@ -927,13 +927,11 @@ public abstract class PackageManagerInternal {
|
||||
IntentSender intentSender, int flags);
|
||||
|
||||
/**
|
||||
* Get fingerprint of build that updated the runtime permissions for a user.
|
||||
* Update fingerprint of build that updated the runtime permissions for a user.
|
||||
*
|
||||
* @param userId The user to update
|
||||
* @param fingerPrint The fingerprint to set
|
||||
*/
|
||||
public abstract void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint,
|
||||
@UserIdInt int userId);
|
||||
public abstract void updateRuntimePermissionsFingerprint(@UserIdInt int userId);
|
||||
|
||||
/**
|
||||
* Migrates legacy obb data to its new location.
|
||||
@@ -961,8 +959,8 @@ public abstract class PackageManagerInternal {
|
||||
public abstract boolean isCallerInstallerOfRecord(
|
||||
@NonNull AndroidPackage pkg, int callingUid);
|
||||
|
||||
/** Returns whether or not default runtime permissions are granted for the given user */
|
||||
public abstract boolean areDefaultRuntimePermissionsGranted(@UserIdInt int userId);
|
||||
/** Returns whether or not permissions need to be upgraded for the given user */
|
||||
public abstract boolean isPermissionUpgradeNeeded(@UserIdInt int userId);
|
||||
|
||||
/** Sets the enforcement of reading external storage */
|
||||
public abstract void setReadExternalStorageEnforced(boolean enforced);
|
||||
|
||||
@@ -3364,6 +3364,10 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
// critical part of the core system.
|
||||
mRequiredPermissionControllerPackage = getRequiredPermissionControllerLPr();
|
||||
|
||||
mSettings.setPermissionControllerVersion(
|
||||
getPackageInfo(mRequiredPermissionControllerPackage, 0,
|
||||
UserHandle.USER_SYSTEM).getLongVersionCode());
|
||||
|
||||
// Initialize InstantAppRegistry's Instant App list for all users.
|
||||
final int[] userIds = UserManagerService.getInstance().getUserIds();
|
||||
for (AndroidPackage pkg : mPackages.values()) {
|
||||
@@ -22668,7 +22672,7 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
boolean readPermissionStateForUser(@UserIdInt int userId) {
|
||||
synchronized (mPackages) {
|
||||
mSettings.readPermissionStateForUserSyncLPr(userId);
|
||||
return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId);
|
||||
return mPmInternal.isPermissionUpgradeNeeded(userId);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24067,10 +24071,9 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint,
|
||||
@UserIdInt int userId) {
|
||||
public void updateRuntimePermissionsFingerprint(@UserIdInt int userId) {
|
||||
synchronized (mLock) {
|
||||
mSettings.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId);
|
||||
mSettings.updateRuntimePermissionsFingerprintLPr(userId);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24122,9 +24125,9 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean areDefaultRuntimePermissionsGranted(int userId) {
|
||||
public boolean isPermissionUpgradeNeeded(int userId) {
|
||||
synchronized (mLock) {
|
||||
return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId);
|
||||
return mSettings.isPermissionUpgradeNeededLPr(userId);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1319,13 +1319,12 @@ public final class Settings {
|
||||
}
|
||||
}
|
||||
|
||||
boolean areDefaultRuntimePermissionsGrantedLPr(int userId) {
|
||||
return mRuntimePermissionsPersistence
|
||||
.areDefaultRuntimePermissionsGrantedLPr(userId);
|
||||
boolean isPermissionUpgradeNeededLPr(int userId) {
|
||||
return mRuntimePermissionsPersistence.isPermissionUpgradeNeeded(userId);
|
||||
}
|
||||
|
||||
void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint, @UserIdInt int userId) {
|
||||
mRuntimePermissionsPersistence.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId);
|
||||
void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
|
||||
mRuntimePermissionsPersistence.updateRuntimePermissionsFingerprintLPr(userId);
|
||||
}
|
||||
|
||||
int getDefaultRuntimePermissionsVersionLPr(int userId) {
|
||||
@@ -1336,6 +1335,10 @@ public final class Settings {
|
||||
mRuntimePermissionsPersistence.setVersionLPr(version, userId);
|
||||
}
|
||||
|
||||
void setPermissionControllerVersion(long version) {
|
||||
mRuntimePermissionsPersistence.setPermissionControllerVersion(version);
|
||||
}
|
||||
|
||||
public VersionInfo findOrCreateVersion(String volumeUuid) {
|
||||
VersionInfo ver = mVersion.get(volumeUuid);
|
||||
if (ver == null) {
|
||||
@@ -5296,6 +5299,8 @@ public final class Settings {
|
||||
private static final int UPGRADE_VERSION = -1;
|
||||
private static final int INITIAL_VERSION = 0;
|
||||
|
||||
private String mExtendedFingerprint;
|
||||
|
||||
private final RuntimePermissionsPersistence mPersistence =
|
||||
RuntimePermissionsPersistence.createInstance();
|
||||
|
||||
@@ -5320,7 +5325,7 @@ public final class Settings {
|
||||
|
||||
@GuardedBy("mLock")
|
||||
// The mapping keys are user ids.
|
||||
private final SparseBooleanArray mDefaultPermissionsGranted = new SparseBooleanArray();
|
||||
private final SparseBooleanArray mPermissionUpgradeNeeded = new SparseBooleanArray();
|
||||
|
||||
public RuntimePermissionPersistence(Object persistenceLock) {
|
||||
mPersistenceLock = persistenceLock;
|
||||
@@ -5338,17 +5343,36 @@ public final class Settings {
|
||||
}
|
||||
|
||||
@GuardedBy("Settings.this.mLock")
|
||||
public boolean areDefaultRuntimePermissionsGrantedLPr(int userId) {
|
||||
return mDefaultPermissionsGranted.get(userId);
|
||||
public boolean isPermissionUpgradeNeeded(int userId) {
|
||||
return mPermissionUpgradeNeeded.get(userId, true);
|
||||
}
|
||||
|
||||
@GuardedBy("Settings.this.mLock")
|
||||
public void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint,
|
||||
@UserIdInt int userId) {
|
||||
mFingerprints.put(userId, fingerPrint);
|
||||
public void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
|
||||
if (mExtendedFingerprint == null) {
|
||||
throw new RuntimeException("The version of the permission controller hasn't been "
|
||||
+ "set before trying to update the fingerprint.");
|
||||
}
|
||||
mFingerprints.put(userId, mExtendedFingerprint);
|
||||
writePermissionsForUserAsyncLPr(userId);
|
||||
}
|
||||
|
||||
public void setPermissionControllerVersion(long version) {
|
||||
int numUser = mFingerprints.size();
|
||||
mExtendedFingerprint = getExtendedFingerprint(version);
|
||||
|
||||
for (int i = 0; i < numUser; i++) {
|
||||
int userId = mFingerprints.keyAt(i);
|
||||
String fingerprint = mFingerprints.valueAt(i);
|
||||
mPermissionUpgradeNeeded.put(userId,
|
||||
!TextUtils.equals(mExtendedFingerprint, fingerprint));
|
||||
}
|
||||
}
|
||||
|
||||
private String getExtendedFingerprint(long version) {
|
||||
return Build.FINGERPRINT + "?pc_version=" + version;
|
||||
}
|
||||
|
||||
public void writePermissionsForUserSyncLPr(int userId) {
|
||||
mHandler.removeMessages(userId);
|
||||
writePermissionsSync(userId);
|
||||
@@ -5461,7 +5485,7 @@ public final class Settings {
|
||||
revokeRuntimePermissionsAndClearFlags(sb, userId);
|
||||
}
|
||||
|
||||
mDefaultPermissionsGranted.delete(userId);
|
||||
mPermissionUpgradeNeeded.delete(userId);
|
||||
mVersions.delete(userId);
|
||||
mFingerprints.remove(userId);
|
||||
}
|
||||
@@ -5503,8 +5527,6 @@ public final class Settings {
|
||||
|
||||
String fingerprint = runtimePermissions.getFingerprint();
|
||||
mFingerprints.put(userId, fingerprint);
|
||||
boolean defaultPermissionsGranted = Build.FINGERPRINT.equals(fingerprint);
|
||||
mDefaultPermissionsGranted.put(userId, defaultPermissionsGranted);
|
||||
|
||||
boolean isUpgradeToR = getInternalVersion().sdkVersion < Build.VERSION_CODES.R;
|
||||
|
||||
@@ -5636,7 +5658,7 @@ public final class Settings {
|
||||
|
||||
} catch (XmlPullParserException | IOException e) {
|
||||
throw new IllegalStateException("Failed parsing permissions file: "
|
||||
+ permissionsFile , e);
|
||||
+ permissionsFile, e);
|
||||
} finally {
|
||||
IoUtils.closeQuietly(in);
|
||||
}
|
||||
@@ -5664,8 +5686,6 @@ public final class Settings {
|
||||
mVersions.put(userId, version);
|
||||
String fingerprint = parser.getAttributeValue(null, ATTR_FINGERPRINT);
|
||||
mFingerprints.put(userId, fingerprint);
|
||||
final boolean defaultsGranted = Build.FINGERPRINT.equals(fingerprint);
|
||||
mDefaultPermissionsGranted.put(userId, defaultsGranted);
|
||||
} break;
|
||||
|
||||
case TAG_PACKAGE: {
|
||||
@@ -5724,13 +5744,14 @@ public final class Settings {
|
||||
if (granted) {
|
||||
permissionsState.grantRuntimePermission(bp, userId);
|
||||
permissionsState.updatePermissionFlags(bp, userId,
|
||||
PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
|
||||
PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
|
||||
} else {
|
||||
permissionsState.updatePermissionFlags(bp, userId,
|
||||
PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
|
||||
}
|
||||
|
||||
} break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -60,10 +60,8 @@ import android.util.ArrayMap;
|
||||
import android.util.ArraySet;
|
||||
import android.util.Log;
|
||||
import android.util.Slog;
|
||||
import android.util.SparseIntArray;
|
||||
import android.util.Xml;
|
||||
|
||||
import com.android.internal.annotations.GuardedBy;
|
||||
import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.XmlUtils;
|
||||
import com.android.server.LocalServices;
|
||||
@@ -226,9 +224,6 @@ public final class DefaultPermissionGrantPolicy {
|
||||
private final PackageManagerInternal mServiceInternal;
|
||||
private final PermissionManagerService mPermissionManager;
|
||||
|
||||
@GuardedBy("mLock")
|
||||
private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();
|
||||
|
||||
DefaultPermissionGrantPolicy(Context context, Looper looper,
|
||||
@NonNull PermissionManagerService permissionManager) {
|
||||
mContext = context;
|
||||
@@ -297,19 +292,10 @@ public final class DefaultPermissionGrantPolicy {
|
||||
}
|
||||
}
|
||||
|
||||
public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
|
||||
synchronized (mLock) {
|
||||
return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
|
||||
}
|
||||
}
|
||||
|
||||
public void grantDefaultPermissions(int userId) {
|
||||
grantPermissionsToSysComponentsAndPrivApps(userId);
|
||||
grantDefaultSystemHandlerPermissions(userId);
|
||||
grantDefaultPermissionExceptions(userId);
|
||||
synchronized (mLock) {
|
||||
mDefaultPermissionsGrantedUsers.put(userId, userId);
|
||||
}
|
||||
}
|
||||
|
||||
private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
|
||||
|
||||
@@ -4223,7 +4223,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
|
||||
int[] grantPermissionsUserIds = EMPTY_INT_ARRAY;
|
||||
for (int userId : UserManagerService.getInstance().getUserIds()) {
|
||||
if (!mPackageManagerInt.areDefaultRuntimePermissionsGranted(userId)) {
|
||||
if (mPackageManagerInt.isPermissionUpgradeNeeded(userId)) {
|
||||
grantPermissionsUserIds = ArrayUtils.appendInt(
|
||||
grantPermissionsUserIds, userId);
|
||||
}
|
||||
@@ -4627,13 +4627,6 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
|
||||
synchronized (mLock) {
|
||||
return mDefaultPermissionGrantPolicy.wereDefaultPermissionsGrantedSinceBoot(userId);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onNewUserCreated(int userId) {
|
||||
mDefaultPermissionGrantPolicy.grantDefaultPermissions(userId);
|
||||
|
||||
@@ -447,12 +447,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
|
||||
public abstract void grantDefaultPermissionsToDefaultUseOpenWifiApp(
|
||||
@NonNull String packageName, @UserIdInt int userId);
|
||||
|
||||
/**
|
||||
* Returns whether or not default permission grants have been performed for the given
|
||||
* user since the device booted.
|
||||
*/
|
||||
public abstract boolean wereDefaultPermissionsGrantedSinceBoot(@UserIdInt int userId);
|
||||
|
||||
/** Called when a new user has been created. */
|
||||
public abstract void onNewUserCreated(@UserIdInt int userId);
|
||||
}
|
||||
|
||||
@@ -280,7 +280,7 @@ public final class PermissionPolicyService extends SystemService {
|
||||
LocalServices.getService(PackageManagerInternal.class);
|
||||
final PermissionManagerServiceInternal permissionManagerInternal =
|
||||
LocalServices.getService(PermissionManagerServiceInternal.class);
|
||||
if (permissionManagerInternal.wereDefaultPermissionsGrantedSinceBoot(userId)) {
|
||||
if (packageManagerInternal.isPermissionUpgradeNeeded(userId)) {
|
||||
if (DEBUG) Slog.i(LOG_TAG, "defaultPermsWereGrantedSinceBoot(" + userId + ")");
|
||||
|
||||
// Now call into the permission controller to apply policy around permissions
|
||||
@@ -314,7 +314,7 @@ public final class PermissionPolicyService extends SystemService {
|
||||
|
||||
permissionControllerManager.updateUserSensitive();
|
||||
|
||||
packageManagerInternal.setRuntimePermissionsFingerPrint(Build.FINGERPRINT, userId);
|
||||
packageManagerInternal.updateRuntimePermissionsFingerprint(userId);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user