DO NOT MERGE Don't allow non-instant permissions for instant apps. am: a710a30457

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12366889 Change-Id: Iab47aca559ae8c13a26507827aadfc0c8b239d74
2020-08-29 01:09:22 +00:00
parent 46387fb17b a710a30457
commit ea36a0c236
1 changed files with 20 additions and 9 deletions
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3344,12 +3344,9 @@ public class PackageManagerService extends IPackageManager.Stub
        Iterator<ResolveInfo> iter = matches.iterator();
        while (iter.hasNext()) {
            final ResolveInfo rInfo = iter.next();
-            final PackageSetting ps = mSettings.mPackages.get(rInfo.activityInfo.packageName);
-            if (ps != null) {
-                final PermissionsState permissionsState = ps.getPermissionsState();
-                if (permissionsState.hasPermission(Manifest.permission.INSTALL_PACKAGES, 0)) {
-                    continue;
-                }
+            if (checkPermission(Manifest.permission.INSTALL_PACKAGES,
+                    rInfo.activityInfo.packageName, 0) == PERMISSION_GRANTED) {
+                continue;
            }
            iter.remove();
        }
@@ -3600,9 +3597,24 @@ public class PackageManagerService extends IPackageManager.Stub
        final int[] gids = (flags & PackageManager.GET_GIDS) == 0
                ? EMPTY_INT_ARRAY : permissionsState.computeGids(userId);
        // Compute granted permissions only if package has requested permissions
-        final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
+        Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
                ? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
        final PackageUserState state = ps.readUserState(userId);
+        if (state.instantApp) {
+            permissions = new ArraySet<>(permissions);
+            permissions.removeIf(permissionName -> {
+                BasePermission permission = mSettings.mPermissions.get(permissionName);
+                if (permission == null) {
+                    return true;
+                }
+                if (!permission.isInstant()) {
+                    EventLog.writeEvent(0x534e4554, "140256621", UserHandle.getUid(userId,
+                            ps.appId), permissionName);
+                    return true;
+                }
+                return false;
+            });
+        }

        if ((flags & MATCH_UNINSTALLED_PACKAGES) != 0
                && ps.isSystem()) {
@@ -8297,10 +8309,9 @@ public class PackageManagerService extends IPackageManager.Stub
    private void addPackageHoldingPermissions(ArrayList<PackageInfo> list, PackageSetting ps,
            String[] permissions, boolean[] tmp, int flags, int userId) {
        int numMatch = 0;
-        final PermissionsState permissionsState = ps.getPermissionsState();
        for (int i=0; i<permissions.length; i++) {
            final String permission = permissions[i];
-            if (permissionsState.hasPermission(permission, userId)) {
+            if (checkPermission(permission, ps.name, userId) == PERMISSION_GRANTED) {
                tmp[i] = true;
                numMatch++;
            } else {