Don't keep pregrants for non-system apps after partial uninstallation

Non-system apps may be marked as uninstalled but not fully removed if they are still installed in another user on the device. However, since they aren't system apps we should still prefer considering them gone and not preserve their pregrants, maintaining the same behavior as U. Fixes: 365920333 Test: presubmit Change-Id: If11c0c74216a2daba557e5332124b549ff10c42d
author: Hai Zhang <zhanghai@google.com> 2024-09-12 23:02:10 +0000
committer: Hai Zhang <zhanghai@google.com> 2024-12-18 19:33:53 -0800
commit: 218b605b36e677d3877d34b04da80f2920885058 (patch)
tree: 8e36eda62f1f784dc1d4d96e75a3c78d9f014abd
parent: 98248bd3b85aae30fc0a1ee04462059b419319d7 (diff)
2 files changed, 12 insertions, 4 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
index c558aae5248e..b130124b1634 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
@@ -297,14 +297,21 @@ class AppIdPermissionPolicy : SchemePolicy() {
                 return@forEach
             }
             var newFlags = oldFlags
+            val isSystemOrInstalled =
+                packageState.isSystem || packageState.getUserStateOrDefault(userId).isInstalled
             newFlags =
                 if (
-                    newFlags.hasBits(PermissionFlags.ROLE) ||
-                        newFlags.hasBits(PermissionFlags.PREGRANT)
+                    isSystemOrInstalled && (
+                        newFlags.hasBits(PermissionFlags.ROLE) ||
+                            newFlags.hasBits(PermissionFlags.PREGRANT)
+                    )
                 ) {
                     newFlags or PermissionFlags.RUNTIME_GRANTED
                 } else {
-                    newFlags andInv PermissionFlags.RUNTIME_GRANTED
+                    newFlags andInv (
+                        PermissionFlags.RUNTIME_GRANTED or PermissionFlags.ROLE or
+                            PermissionFlags.PREGRANT
+                    )
                 }
             newFlags = newFlags andInv USER_SETTABLE_MASK
             if (newFlags.hasBits(PermissionFlags.LEGACY_GRANTED)) {
diff --git a/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionResetTest.kt b/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionResetTest.kt
index 12370954e9a5..8b357862dcbc 100644
--- a/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionResetTest.kt
+++ b/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionResetTest.kt
@@ -72,7 +72,8 @@ class AppIdPermissionPolicyPermissionResetTest : BasePermissionPolicyTest() {
         } else {
             mockPackageState(
                 APP_ID_1,
-                mockAndroidPackage(PACKAGE_NAME_1, requestedPermissions = setOf(PERMISSION_NAME_0))
+                mockAndroidPackage(PACKAGE_NAME_1, requestedPermissions = setOf(PERMISSION_NAME_0)),
+                true
             )
         }
         setPermissionFlags(APP_ID_1, USER_ID_0, PERMISSION_NAME_0, oldFlags)
author	Hai Zhang <zhanghai@google.com>	2024-09-12 23:02:10 +0000
committer	Hai Zhang <zhanghai@google.com>	2024-12-18 19:33:53 -0800
commit	218b605b36e677d3877d34b04da80f2920885058 (patch)
tree	8e36eda62f1f784dc1d4d96e75a3c78d9f014abd
parent	98248bd3b85aae30fc0a1ee04462059b419319d7 (diff)