DO NOT MERGE Don't allow non-instant permissions for instant apps.

Bug: 140256621 Test: atest EphemeralTest Change-Id: Id07342c0347c0b4d2ccb3f58a4af9fda7a20d6ef
2020-08-13 01:45:09 +00:00
parent 504e7d848d
commit a710a30457
1 changed files with 20 additions and 9 deletions
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3343,12 +3343,9 @@ public class PackageManagerService extends IPackageManager.Stub
        Iterator<ResolveInfo> iter = matches.iterator();
        while (iter.hasNext()) {
            final ResolveInfo rInfo = iter.next();
-            final PackageSetting ps = mSettings.mPackages.get(rInfo.activityInfo.packageName);
-            if (ps != null) {
-                final PermissionsState permissionsState = ps.getPermissionsState();
-                if (permissionsState.hasPermission(Manifest.permission.INSTALL_PACKAGES, 0)) {
-                    continue;
-                }
+            if (checkPermission(Manifest.permission.INSTALL_PACKAGES,
+                    rInfo.activityInfo.packageName, 0) == PERMISSION_GRANTED) {
+                continue;
            }
            iter.remove();
        }
@@ -3599,9 +3596,24 @@ public class PackageManagerService extends IPackageManager.Stub
        final int[] gids = (flags & PackageManager.GET_GIDS) == 0
                ? EMPTY_INT_ARRAY : permissionsState.computeGids(userId);
        // Compute granted permissions only if package has requested permissions
-        final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
+        Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
                ? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
        final PackageUserState state = ps.readUserState(userId);
+        if (state.instantApp) {
+            permissions = new ArraySet<>(permissions);
+            permissions.removeIf(permissionName -> {
+                BasePermission permission = mSettings.mPermissions.get(permissionName);
+                if (permission == null) {
+                    return true;
+                }
+                if (!permission.isInstant()) {
+                    EventLog.writeEvent(0x534e4554, "140256621", UserHandle.getUid(userId,
+                            ps.appId), permissionName);
+                    return true;
+                }
+                return false;
+            });
+        }

        if ((flags & MATCH_UNINSTALLED_PACKAGES) != 0
                && ps.isSystem()) {
@@ -8299,10 +8311,9 @@ public class PackageManagerService extends IPackageManager.Stub
    private void addPackageHoldingPermissions(ArrayList<PackageInfo> list, PackageSetting ps,
            String[] permissions, boolean[] tmp, int flags, int userId) {
        int numMatch = 0;
-        final PermissionsState permissionsState = ps.getPermissionsState();
        for (int i=0; i<permissions.length; i++) {
            final String permission = permissions[i];
-            if (permissionsState.hasPermission(permission, userId)) {
+            if (checkPermission(permission, ps.name, userId) == PERMISSION_GRANTED) {
                tmp[i] = true;
                numMatch++;
            } else {