Don't remove permission when cleaning up orphaned tree on uninstall

This is fixing a security bug in a relatively safe way. Fundamentally this situation shouldn't be happening. It's an artifact of the way that the manifest parsing is loose with types. We can consider a more thorough and upstream fix for upcoming OS releases, but for impact risk mitigation this is a relatively constrained change. Bug: 225880325 Test: Tests are included for the more thorough fix. Change-Id: I86801109ce2d9c2750c6dfef4bb0425df0ab135e Merged-In: I86801109ce2d9c2750c6dfef4bb0425df0ab135e (cherry picked from commit d8572e2747720856ae33bbdf96a15b01981d0720)
author: Joe Castro <joecastro@google.com> 2022-10-27 00:17:32 +0000
committer: Joe Castro <joecastro@google.com> 2023-01-12 01:01:02 +0000
commit: 02b90551b98575cc1609e38f4571e874e7e904bf (patch)
tree: 1a2d41c2cec70b17b4d4beb9b05245ea781eb08c
parent: e8072d98497c4d232319a2b1ba9e7e66a80a675f (diff)
1 files changed, 0 insertions, 21 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index 554e2690b878..20c9a211e586 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -4215,7 +4215,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
         }
         boolean changed = false;
 
-        Set<Permission> needsUpdate = null;
         synchronized (mLock) {
             final Iterator<Permission> it = mRegistry.getPermissionTrees().iterator();
             while (it.hasNext()) {
@@ -4234,26 +4233,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
                             + " that used to be declared by " + bp.getPackageName());
                     it.remove();
                 }
-                if (needsUpdate == null) {
-                    needsUpdate = new ArraySet<>();
-                }
-                needsUpdate.add(bp);
-            }
-        }
-        if (needsUpdate != null) {
-            for (final Permission bp : needsUpdate) {
-                final AndroidPackage sourcePkg =
-                        mPackageManagerInt.getPackage(bp.getPackageName());
-                final PackageStateInternal sourcePs =
-                        mPackageManagerInt.getPackageStateInternal(bp.getPackageName());
-                synchronized (mLock) {
-                    if (sourcePkg != null && sourcePs != null) {
-                        continue;
-                    }
-                    Slog.w(TAG, "Removing dangling permission tree: " + bp.getName()
-                            + " from package " + bp.getPackageName());
-                    mRegistry.removePermission(bp.getName());
-                }
             }
         }
         return changed;
author	Joe Castro <joecastro@google.com>	2022-10-27 00:17:32 +0000
committer	Joe Castro <joecastro@google.com>	2023-01-12 01:01:02 +0000
commit	02b90551b98575cc1609e38f4571e874e7e904bf (patch)
tree	1a2d41c2cec70b17b4d4beb9b05245ea781eb08c
parent	e8072d98497c4d232319a2b1ba9e7e66a80a675f (diff)