Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Upgrade permissions on PermissionController version change" into rvc-dev

Browse Source
This commit is contained in:
Evan Severson
2020-03-05 17:40:08 +00:00
committed by Android (Google) Code Review
parent 88a6bcaec8 0dc24cba2b
commit 2a129f696a
8 changed files with 58 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/java/android/permission/PermissionControllerService.java
View File

@@ -202,7 +202,8 @@ public abstract class PermissionControllerService extends Service {
/** /**
* Grant or upgrade runtime permissions. The upgrade could be performed * Grant or upgrade runtime permissions. The upgrade could be performed
* based on whether the device upgraded, whether the permission database * based on whether the device upgraded, whether the permission database
* version is old, or because the permission policy changed. * version is old, because the permission policy changed, or because the
* permission controller has updated.
* *
* @param callback Callback waiting for operation to be complete * @param callback Callback waiting for operation to be complete
* *

10
services/core/java/android/content/pm/PackageManagerInternal.java
View File

@@ -927,13 +927,11 @@ public abstract class PackageManagerInternal {
IntentSender intentSender, int flags); IntentSender intentSender, int flags);
/** /**
* Get fingerprint of build that updated the runtime permissions for a user. * Update fingerprint of build that updated the runtime permissions for a user.
* *
* @param userId The user to update * @param userId The user to update
* @param fingerPrint The fingerprint to set
*/ */
public abstract void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint, public abstract void updateRuntimePermissionsFingerprint(@UserIdInt int userId);
@UserIdInt int userId);
/** /**
* Migrates legacy obb data to its new location. * Migrates legacy obb data to its new location.
@@ -961,8 +959,8 @@ public abstract class PackageManagerInternal {
public abstract boolean isCallerInstallerOfRecord( public abstract boolean isCallerInstallerOfRecord(
@NonNull AndroidPackage pkg, int callingUid); @NonNull AndroidPackage pkg, int callingUid);
/** Returns whether or not default runtime permissions are granted for the given user */ /** Returns whether or not permissions need to be upgraded for the given user */
public abstract boolean areDefaultRuntimePermissionsGranted(@UserIdInt int userId); public abstract boolean isPermissionUpgradeNeeded(@UserIdInt int userId);
/** Sets the enforcement of reading external storage */ /** Sets the enforcement of reading external storage */
public abstract void setReadExternalStorageEnforced(boolean enforced); public abstract void setReadExternalStorageEnforced(boolean enforced);

15
services/core/java/com/android/server/pm/PackageManagerService.java
View File

@@ -3364,6 +3364,10 @@ public class PackageManagerService extends IPackageManager.Stub
// critical part of the core system. // critical part of the core system.
mRequiredPermissionControllerPackage = getRequiredPermissionControllerLPr(); mRequiredPermissionControllerPackage = getRequiredPermissionControllerLPr();
mSettings.setPermissionControllerVersion(
getPackageInfo(mRequiredPermissionControllerPackage, 0,
UserHandle.USER_SYSTEM).getLongVersionCode());
// Initialize InstantAppRegistry's Instant App list for all users. // Initialize InstantAppRegistry's Instant App list for all users.
final int[] userIds = UserManagerService.getInstance().getUserIds(); final int[] userIds = UserManagerService.getInstance().getUserIds();
for (AndroidPackage pkg : mPackages.values()) { for (AndroidPackage pkg : mPackages.values()) {
@@ -22668,7 +22672,7 @@ public class PackageManagerService extends IPackageManager.Stub
boolean readPermissionStateForUser(@UserIdInt int userId) { boolean readPermissionStateForUser(@UserIdInt int userId) {
synchronized (mPackages) { synchronized (mPackages) {
mSettings.readPermissionStateForUserSyncLPr(userId); mSettings.readPermissionStateForUserSyncLPr(userId);
return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId); return mPmInternal.isPermissionUpgradeNeeded(userId);
} }
} }
@@ -24067,10 +24071,9 @@ public class PackageManagerService extends IPackageManager.Stub
} }
@Override @Override
public void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint, public void updateRuntimePermissionsFingerprint(@UserIdInt int userId) {
@UserIdInt int userId) {
synchronized (mLock) { synchronized (mLock) {
mSettings.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId); mSettings.updateRuntimePermissionsFingerprintLPr(userId);
} }
} }
@@ -24122,9 +24125,9 @@ public class PackageManagerService extends IPackageManager.Stub
} }
@Override @Override
public boolean areDefaultRuntimePermissionsGranted(int userId) { public boolean isPermissionUpgradeNeeded(int userId) {
synchronized (mLock) { synchronized (mLock) {
return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId); return mSettings.isPermissionUpgradeNeededLPr(userId);
} }
} }

59
services/core/java/com/android/server/pm/Settings.java
View File

@@ -1319,13 +1319,12 @@ public final class Settings {
} }
} }
boolean areDefaultRuntimePermissionsGrantedLPr(int userId) { boolean isPermissionUpgradeNeededLPr(int userId) {
return mRuntimePermissionsPersistence return mRuntimePermissionsPersistence.isPermissionUpgradeNeeded(userId);
.areDefaultRuntimePermissionsGrantedLPr(userId);
} }
void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint, @UserIdInt int userId) { void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
mRuntimePermissionsPersistence.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId); mRuntimePermissionsPersistence.updateRuntimePermissionsFingerprintLPr(userId);
} }
int getDefaultRuntimePermissionsVersionLPr(int userId) { int getDefaultRuntimePermissionsVersionLPr(int userId) {
@@ -1336,6 +1335,10 @@ public final class Settings {
mRuntimePermissionsPersistence.setVersionLPr(version, userId); mRuntimePermissionsPersistence.setVersionLPr(version, userId);
} }
void setPermissionControllerVersion(long version) {
mRuntimePermissionsPersistence.setPermissionControllerVersion(version);
}
public VersionInfo findOrCreateVersion(String volumeUuid) { public VersionInfo findOrCreateVersion(String volumeUuid) {
VersionInfo ver = mVersion.get(volumeUuid); VersionInfo ver = mVersion.get(volumeUuid);
if (ver == null) { if (ver == null) {
@@ -5296,6 +5299,8 @@ public final class Settings {
private static final int UPGRADE_VERSION = -1; private static final int UPGRADE_VERSION = -1;
private static final int INITIAL_VERSION = 0; private static final int INITIAL_VERSION = 0;
private String mExtendedFingerprint;
private final RuntimePermissionsPersistence mPersistence = private final RuntimePermissionsPersistence mPersistence =
RuntimePermissionsPersistence.createInstance(); RuntimePermissionsPersistence.createInstance();
@@ -5320,7 +5325,7 @@ public final class Settings {
@GuardedBy("mLock") @GuardedBy("mLock")
// The mapping keys are user ids. // The mapping keys are user ids.
private final SparseBooleanArray mDefaultPermissionsGranted = new SparseBooleanArray(); private final SparseBooleanArray mPermissionUpgradeNeeded = new SparseBooleanArray();
public RuntimePermissionPersistence(Object persistenceLock) { public RuntimePermissionPersistence(Object persistenceLock) {
mPersistenceLock = persistenceLock; mPersistenceLock = persistenceLock;
@@ -5338,17 +5343,36 @@ public final class Settings {
} }
@GuardedBy("Settings.this.mLock") @GuardedBy("Settings.this.mLock")
public boolean areDefaultRuntimePermissionsGrantedLPr(int userId) { public boolean isPermissionUpgradeNeeded(int userId) {
return mDefaultPermissionsGranted.get(userId); return mPermissionUpgradeNeeded.get(userId, true);
} }
@GuardedBy("Settings.this.mLock") @GuardedBy("Settings.this.mLock")
public void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint, public void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
@UserIdInt int userId) { if (mExtendedFingerprint == null) {
mFingerprints.put(userId, fingerPrint); throw new RuntimeException("The version of the permission controller hasn't been "
+ "set before trying to update the fingerprint.");
}
mFingerprints.put(userId, mExtendedFingerprint);
writePermissionsForUserAsyncLPr(userId); writePermissionsForUserAsyncLPr(userId);
} }
public void setPermissionControllerVersion(long version) {
int numUser = mFingerprints.size();
mExtendedFingerprint = getExtendedFingerprint(version);
for (int i = 0; i < numUser; i++) {
int userId = mFingerprints.keyAt(i);
String fingerprint = mFingerprints.valueAt(i);
mPermissionUpgradeNeeded.put(userId,
!TextUtils.equals(mExtendedFingerprint, fingerprint));
}
}
private String getExtendedFingerprint(long version) {
return Build.FINGERPRINT + "?pc_version=" + version;
}
public void writePermissionsForUserSyncLPr(int userId) { public void writePermissionsForUserSyncLPr(int userId) {
mHandler.removeMessages(userId); mHandler.removeMessages(userId);
writePermissionsSync(userId); writePermissionsSync(userId);
@@ -5461,7 +5485,7 @@ public final class Settings {
revokeRuntimePermissionsAndClearFlags(sb, userId); revokeRuntimePermissionsAndClearFlags(sb, userId);
} }
mDefaultPermissionsGranted.delete(userId); mPermissionUpgradeNeeded.delete(userId);
mVersions.delete(userId); mVersions.delete(userId);
mFingerprints.remove(userId); mFingerprints.remove(userId);
} }
@@ -5503,8 +5527,6 @@ public final class Settings {
String fingerprint = runtimePermissions.getFingerprint(); String fingerprint = runtimePermissions.getFingerprint();
mFingerprints.put(userId, fingerprint); mFingerprints.put(userId, fingerprint);
boolean defaultPermissionsGranted = Build.FINGERPRINT.equals(fingerprint);
mDefaultPermissionsGranted.put(userId, defaultPermissionsGranted);
boolean isUpgradeToR = getInternalVersion().sdkVersion < Build.VERSION_CODES.R; boolean isUpgradeToR = getInternalVersion().sdkVersion < Build.VERSION_CODES.R;
@@ -5636,7 +5658,7 @@ public final class Settings {
} catch (XmlPullParserException | IOException e) { } catch (XmlPullParserException | IOException e) {
throw new IllegalStateException("Failed parsing permissions file: " throw new IllegalStateException("Failed parsing permissions file: "
+ permissionsFile , e); + permissionsFile, e);
} finally { } finally {
IoUtils.closeQuietly(in); IoUtils.closeQuietly(in);
} }
@@ -5664,8 +5686,6 @@ public final class Settings {
mVersions.put(userId, version); mVersions.put(userId, version);
String fingerprint = parser.getAttributeValue(null, ATTR_FINGERPRINT); String fingerprint = parser.getAttributeValue(null, ATTR_FINGERPRINT);
mFingerprints.put(userId, fingerprint); mFingerprints.put(userId, fingerprint);
final boolean defaultsGranted = Build.FINGERPRINT.equals(fingerprint);
mDefaultPermissionsGranted.put(userId, defaultsGranted);
} break; } break;
case TAG_PACKAGE: { case TAG_PACKAGE: {
@@ -5724,13 +5744,14 @@ public final class Settings {
if (granted) { if (granted) {
permissionsState.grantRuntimePermission(bp, userId); permissionsState.grantRuntimePermission(bp, userId);
permissionsState.updatePermissionFlags(bp, userId, permissionsState.updatePermissionFlags(bp, userId,
PackageManager.MASK_PERMISSION_FLAGS_ALL, flags); PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
} else { } else {
permissionsState.updatePermissionFlags(bp, userId, permissionsState.updatePermissionFlags(bp, userId,
PackageManager.MASK_PERMISSION_FLAGS_ALL, flags); PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
} }
} break; }
break;
} }
} }
} }

14
services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
View File

@@ -60,10 +60,8 @@ import android.util.ArrayMap;
import android.util.ArraySet; import android.util.ArraySet;
import android.util.Log; import android.util.Log;
import android.util.Slog; import android.util.Slog;
import android.util.SparseIntArray;
import android.util.Xml; import android.util.Xml;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.util.ArrayUtils; import com.android.internal.util.ArrayUtils;
import com.android.internal.util.XmlUtils; import com.android.internal.util.XmlUtils;
import com.android.server.LocalServices; import com.android.server.LocalServices;
@@ -226,9 +224,6 @@ public final class DefaultPermissionGrantPolicy {
private final PackageManagerInternal mServiceInternal; private final PackageManagerInternal mServiceInternal;
private final PermissionManagerService mPermissionManager; private final PermissionManagerService mPermissionManager;
@GuardedBy("mLock")
private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();
DefaultPermissionGrantPolicy(Context context, Looper looper, DefaultPermissionGrantPolicy(Context context, Looper looper,
@NonNull PermissionManagerService permissionManager) { @NonNull PermissionManagerService permissionManager) {
mContext = context; mContext = context;
@@ -297,19 +292,10 @@ public final class DefaultPermissionGrantPolicy {
} }
} }
public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
synchronized (mLock) {
return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
}
}
public void grantDefaultPermissions(int userId) { public void grantDefaultPermissions(int userId) {
grantPermissionsToSysComponentsAndPrivApps(userId); grantPermissionsToSysComponentsAndPrivApps(userId);
grantDefaultSystemHandlerPermissions(userId); grantDefaultSystemHandlerPermissions(userId);
grantDefaultPermissionExceptions(userId); grantDefaultPermissionExceptions(userId);
synchronized (mLock) {
mDefaultPermissionsGrantedUsers.put(userId, userId);
}
} }
private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) { private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {

9
services/core/java/com/android/server/pm/permission/PermissionManagerService.java
View File

@@ -4223,7 +4223,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
int[] grantPermissionsUserIds = EMPTY_INT_ARRAY; int[] grantPermissionsUserIds = EMPTY_INT_ARRAY;
for (int userId : UserManagerService.getInstance().getUserIds()) { for (int userId : UserManagerService.getInstance().getUserIds()) {
if (!mPackageManagerInt.areDefaultRuntimePermissionsGranted(userId)) { if (mPackageManagerInt.isPermissionUpgradeNeeded(userId)) {
grantPermissionsUserIds = ArrayUtils.appendInt( grantPermissionsUserIds = ArrayUtils.appendInt(
grantPermissionsUserIds, userId); grantPermissionsUserIds, userId);
} }
@@ -4627,13 +4627,6 @@ public class PermissionManagerService extends IPermissionManager.Stub {
} }
} }
@Override
public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
synchronized (mLock) {
return mDefaultPermissionGrantPolicy.wereDefaultPermissionsGrantedSinceBoot(userId);
}
}
@Override @Override
public void onNewUserCreated(int userId) { public void onNewUserCreated(int userId) {
mDefaultPermissionGrantPolicy.grantDefaultPermissions(userId); mDefaultPermissionGrantPolicy.grantDefaultPermissions(userId);

6
services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
View File

@@ -447,12 +447,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
public abstract void grantDefaultPermissionsToDefaultUseOpenWifiApp( public abstract void grantDefaultPermissionsToDefaultUseOpenWifiApp(
@NonNull String packageName, @UserIdInt int userId); @NonNull String packageName, @UserIdInt int userId);
/**
* Returns whether or not default permission grants have been performed for the given
* user since the device booted.
*/
public abstract boolean wereDefaultPermissionsGrantedSinceBoot(@UserIdInt int userId);
/** Called when a new user has been created. */ /** Called when a new user has been created. */
public abstract void onNewUserCreated(@UserIdInt int userId); public abstract void onNewUserCreated(@UserIdInt int userId);
} }

4
services/core/java/com/android/server/policy/PermissionPolicyService.java
View File

@@ -280,7 +280,7 @@ public final class PermissionPolicyService extends SystemService {
LocalServices.getService(PackageManagerInternal.class); LocalServices.getService(PackageManagerInternal.class);
final PermissionManagerServiceInternal permissionManagerInternal = final PermissionManagerServiceInternal permissionManagerInternal =
LocalServices.getService(PermissionManagerServiceInternal.class); LocalServices.getService(PermissionManagerServiceInternal.class);
if (permissionManagerInternal.wereDefaultPermissionsGrantedSinceBoot(userId)) { if (packageManagerInternal.isPermissionUpgradeNeeded(userId)) {
if (DEBUG) Slog.i(LOG_TAG, "defaultPermsWereGrantedSinceBoot(" + userId + ")"); if (DEBUG) Slog.i(LOG_TAG, "defaultPermsWereGrantedSinceBoot(" + userId + ")");
// Now call into the permission controller to apply policy around permissions // Now call into the permission controller to apply policy around permissions
@@ -314,7 +314,7 @@ public final class PermissionPolicyService extends SystemService {
permissionControllerManager.updateUserSensitive(); permissionControllerManager.updateUserSensitive();
packageManagerInternal.setRuntimePermissionsFingerPrint(Build.FINGERPRINT, userId); packageManagerInternal.updateRuntimePermissionsFingerprint(userId);
} }
} }