diff --git a/services/core/java/com/android/server/pm/InstantAppRegistry.java b/services/core/java/com/android/server/pm/InstantAppRegistry.java index 5c4ebb926e9ac..69d3e5c2f941b 100644 --- a/services/core/java/com/android/server/pm/InstantAppRegistry.java +++ b/services/core/java/com/android/server/pm/InstantAppRegistry.java @@ -24,6 +24,7 @@ import android.content.pm.ApplicationInfo; import android.content.pm.InstantAppInfo; import android.content.pm.PackageManager; import android.content.pm.PackageParser; +import android.content.pm.PermissionInfo; import android.graphics.Bitmap; import android.graphics.BitmapFactory; import android.graphics.Canvas; @@ -36,6 +37,7 @@ import android.os.Looper; import android.os.Message; import android.os.UserHandle; import android.os.storage.StorageManager; +import android.permission.PermissionManager; import android.provider.Settings; import android.util.ArrayMap; import android.util.AtomicFile; @@ -974,8 +976,7 @@ class InstantAppRegistry implements Watchable, Snappable { final long identity = Binder.clearCallingIdentity(); try { for (String grantedPermission : appInfo.getGrantedPermissions()) { - final boolean propagatePermission = - mPermissionManager.canPropagatePermissionToInstantApp(grantedPermission); + final boolean propagatePermission = canPropagatePermission(grantedPermission); if (propagatePermission && pkg.getRequestedPermissions().contains( grantedPermission)) { mService.grantRuntimePermission(pkg.getPackageName(), grantedPermission, @@ -987,6 +988,19 @@ class InstantAppRegistry implements Watchable, Snappable { } } + private boolean canPropagatePermission(@NonNull String permissionName) { + final PermissionManager permissionManager = mService.mContext.getSystemService( + PermissionManager.class); + final PermissionInfo permissionInfo = permissionManager.getPermissionInfo(permissionName, + 0); + return permissionInfo != null + && (permissionInfo.getProtection() == PermissionInfo.PROTECTION_DANGEROUS + || (permissionInfo.getProtectionFlags() + & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) + && (permissionInfo.getProtectionFlags() & PermissionInfo.PROTECTION_FLAG_INSTANT) + != 0; + } + private @NonNull InstantAppInfo peekOrParseUninstalledInstantAppInfo( @NonNull String packageName, @UserIdInt int userId) { diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 38ade60e73ef3..22f4a92f06f70 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -20913,8 +20913,12 @@ public class PackageManagerService extends IPackageManager.Stub mSettings.applyDefaultPreferredAppsLPw(userId); clearIntentFilterVerificationsLPw(userId); primeDomainVerificationsLPw(userId); + final int numPackages = mPackages.size(); + for (int i = 0; i < numPackages; i++) { + final AndroidPackage pkg = mPackages.valueAt(i); + mPermissionManager.resetRuntimePermissions(pkg, userId); + } } - mPermissionManager.resetAllRuntimePermissions(userId); updateDefaultHomeNotLocked(userId); // TODO: We have to reset the default SMS and Phone. This requires // significant refactoring to keep all default apps in the package @@ -22412,7 +22416,7 @@ public class PackageManagerService extends IPackageManager.Stub mUserManager.reconcileUsers(StorageManager.UUID_PRIVATE_INTERNAL); reconcileApps(StorageManager.UUID_PRIVATE_INTERNAL); - mPermissionManager.systemReady(); + mPermissionManager.onSystemReady(); int[] grantPermissionsUserIds = EMPTY_INT_ARRAY; for (int userId : UserManagerService.getInstance().getUserIds()) { diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 1dbf8396bcfbe..221347b0456f4 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -4868,13 +4868,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } - private boolean canPropagatePermissionToInstantApp(@NonNull String permissionName) { - synchronized (mLock) { - final Permission bp = mRegistry.getPermission(permissionName); - return bp != null && (bp.isRuntime() || bp.isDevelopment()) && bp.isInstant(); - } - } - @NonNull private List getLegacyPermissions() { synchronized (mLock) { @@ -4954,7 +4947,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { private class PermissionManagerServiceInternalImpl implements PermissionManagerServiceInternal { @Override - public void systemReady() { + public void onSystemReady() { PermissionManagerService.this.systemReady(); } @@ -5012,11 +5005,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { Preconditions.checkArgumentNonNegative(userId, "userId"); resetRuntimePermissionsInternal(pkg, userId); } - @Override - public void resetAllRuntimePermissions(@UserIdInt int userId) { - Preconditions.checkArgumentNonNegative(userId, "userId"); - mPackageManagerInt.forEachPackage(pkg -> resetRuntimePermissionsInternal(pkg, userId)); - } @Override public Permission getPermissionTEMP(String permName) { @@ -5157,11 +5145,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { onPackageUninstalledInternal(packageName, appId, pkg, sharedUserPkgs, userId); } - @Override - public boolean canPropagatePermissionToInstantApp(@NonNull String permissionName) { - return PermissionManagerService.this.canPropagatePermissionToInstantApp(permissionName); - } - @NonNull @Override public List getLegacyPermissions() { diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java index 0817d4fc895ea..1cfae009737ad 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java @@ -54,8 +54,6 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter void removeOnRuntimePermissionStateChangedListener( @NonNull OnRuntimePermissionStateChangedListener listener); - void systemReady(); - /** * Get whether permission review is required for a package. * @@ -93,14 +91,6 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId); - /** - * Reset the runtime permission state changes for all packages. - * - * @param userId the user ID - */ - //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - void resetAllRuntimePermissions(@UserIdInt int userId); - /** * Read legacy permission state from package settings. * @@ -200,6 +190,12 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter */ void writeLegacyPermissionsTEMP(@NonNull LegacyPermissionSettings legacyPermissionSettings); + /** + * Callback when the system is ready. + */ + //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) + void onSystemReady(); + /** * Callback when a user has been created. * @@ -264,14 +260,6 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter void onPackageUninstalled(@NonNull String packageName, int appId, @Nullable AndroidPackage pkg, @NonNull List sharedUserPkgs, @UserIdInt int userId); - /** - * Check whether a permission can be propagated to instant app. - * - * @param permissionName the name of the permission - * @return whether the permission can be propagated - */ - boolean canPropagatePermissionToInstantApp(@NonNull String permissionName); - /** * Listener for package permission state (permissions or flags) changes. */