Merge "Upgrade permissions on PermissionController version change" into rvc-dev

author: Evan Severson <evanseverson@google.com> 2020-03-05 17:40:08 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-03-05 17:40:08 +0000
commit: 2a129f696a125a077af0ae4fcde7fce6c29eed3c (patch)
tree: a345899b7f55ab1215183eca31e8daa459215bde
parent: 88a6bcaec8d3ed94be46b0d10b355520352dbe0c (diff)
parent: 0dc24cba2bdde289f55e7db6172278c664b3d47a (diff)
8 files changed, 58 insertions, 62 deletions
diff --git a/core/java/android/permission/PermissionControllerService.java b/core/java/android/permission/PermissionControllerService.java
index 5d4561c21e55..263b2c7a4ac7 100644
--- a/core/java/android/permission/PermissionControllerService.java
+++ b/core/java/android/permission/PermissionControllerService.java
@@ -202,7 +202,8 @@ public abstract class PermissionControllerService extends Service {
     /**
      * Grant or upgrade runtime permissions. The upgrade could be performed
      * based on whether the device upgraded, whether the permission database
-     * version is old, or because the permission policy changed.
+     * version is old, because the permission policy changed, or because the
+     * permission controller has updated.
      *
      * @param callback Callback waiting for operation to be complete
      *
diff --git a/services/core/java/android/content/pm/PackageManagerInternal.java b/services/core/java/android/content/pm/PackageManagerInternal.java
index 31044d0f0085..dadcd4e03f89 100644
--- a/services/core/java/android/content/pm/PackageManagerInternal.java
+++ b/services/core/java/android/content/pm/PackageManagerInternal.java
@@ -927,13 +927,11 @@ public abstract class PackageManagerInternal {
             IntentSender intentSender, int flags);
 
     /**
-     * Get fingerprint of build that updated the runtime permissions for a user.
+     * Update fingerprint of build that updated the runtime permissions for a user.
      *
      * @param userId The user to update
-     * @param fingerPrint The fingerprint to set
      */
-    public abstract void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint,
-            @UserIdInt int userId);
+    public abstract void updateRuntimePermissionsFingerprint(@UserIdInt int userId);
 
     /**
      * Migrates legacy obb data to its new location.
@@ -961,8 +959,8 @@ public abstract class PackageManagerInternal {
     public abstract boolean isCallerInstallerOfRecord(
             @NonNull AndroidPackage pkg, int callingUid);
 
-    /** Returns whether or not default runtime permissions are granted for the given user */
-    public abstract boolean areDefaultRuntimePermissionsGranted(@UserIdInt int userId);
+    /** Returns whether or not permissions need to be upgraded for the given user */
+    public abstract boolean isPermissionUpgradeNeeded(@UserIdInt int userId);
 
     /** Sets the enforcement of reading external storage */
     public abstract void setReadExternalStorageEnforced(boolean enforced);
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 3a0daf13b1d3..853c29ceccf1 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3364,6 +3364,10 @@ public class PackageManagerService extends IPackageManager.Stub
             // critical part of the core system.
             mRequiredPermissionControllerPackage = getRequiredPermissionControllerLPr();
 
+            mSettings.setPermissionControllerVersion(
+                    getPackageInfo(mRequiredPermissionControllerPackage, 0,
+                            UserHandle.USER_SYSTEM).getLongVersionCode());
+
             // Initialize InstantAppRegistry's Instant App list for all users.
             final int[] userIds = UserManagerService.getInstance().getUserIds();
             for (AndroidPackage pkg : mPackages.values()) {
@@ -22668,7 +22672,7 @@ public class PackageManagerService extends IPackageManager.Stub
     boolean readPermissionStateForUser(@UserIdInt int userId) {
         synchronized (mPackages) {
             mSettings.readPermissionStateForUserSyncLPr(userId);
-            return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId);
+            return mPmInternal.isPermissionUpgradeNeeded(userId);
         }
     }
 
@@ -24067,10 +24071,9 @@ public class PackageManagerService extends IPackageManager.Stub
         }
 
         @Override
-        public void setRuntimePermissionsFingerPrint(@NonNull String fingerPrint,
-                @UserIdInt int userId) {
+        public void updateRuntimePermissionsFingerprint(@UserIdInt int userId) {
             synchronized (mLock) {
-                mSettings.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId);
+                mSettings.updateRuntimePermissionsFingerprintLPr(userId);
             }
         }
 
@@ -24122,9 +24125,9 @@ public class PackageManagerService extends IPackageManager.Stub
         }
 
         @Override
-        public boolean areDefaultRuntimePermissionsGranted(int userId) {
+        public boolean isPermissionUpgradeNeeded(int userId) {
             synchronized (mLock) {
-                return mSettings.areDefaultRuntimePermissionsGrantedLPr(userId);
+                return mSettings.isPermissionUpgradeNeededLPr(userId);
             }
         }
 
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 1dc705b4add9..2d16854f787a 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -1319,13 +1319,12 @@ public final class Settings {
         }
     }
 
-    boolean areDefaultRuntimePermissionsGrantedLPr(int userId) {
-        return mRuntimePermissionsPersistence
-                .areDefaultRuntimePermissionsGrantedLPr(userId);
+    boolean isPermissionUpgradeNeededLPr(int userId) {
+        return mRuntimePermissionsPersistence.isPermissionUpgradeNeeded(userId);
     }
 
-    void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint, @UserIdInt int userId) {
-        mRuntimePermissionsPersistence.setRuntimePermissionsFingerPrintLPr(fingerPrint, userId);
+    void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
+        mRuntimePermissionsPersistence.updateRuntimePermissionsFingerprintLPr(userId);
     }
 
     int getDefaultRuntimePermissionsVersionLPr(int userId) {
@@ -1336,6 +1335,10 @@ public final class Settings {
         mRuntimePermissionsPersistence.setVersionLPr(version, userId);
     }
 
+    void setPermissionControllerVersion(long version) {
+        mRuntimePermissionsPersistence.setPermissionControllerVersion(version);
+    }
+
     public VersionInfo findOrCreateVersion(String volumeUuid) {
         VersionInfo ver = mVersion.get(volumeUuid);
         if (ver == null) {
@@ -5296,6 +5299,8 @@ public final class Settings {
         private static final int UPGRADE_VERSION = -1;
         private static final int INITIAL_VERSION = 0;
 
+        private String mExtendedFingerprint;
+
         private final RuntimePermissionsPersistence mPersistence =
                 RuntimePermissionsPersistence.createInstance();
 
@@ -5320,7 +5325,7 @@ public final class Settings {
 
         @GuardedBy("mLock")
         // The mapping keys are user ids.
-        private final SparseBooleanArray mDefaultPermissionsGranted = new SparseBooleanArray();
+        private final SparseBooleanArray mPermissionUpgradeNeeded = new SparseBooleanArray();
 
         public RuntimePermissionPersistence(Object persistenceLock) {
             mPersistenceLock = persistenceLock;
@@ -5338,17 +5343,36 @@ public final class Settings {
         }
 
         @GuardedBy("Settings.this.mLock")
-        public boolean areDefaultRuntimePermissionsGrantedLPr(int userId) {
-            return mDefaultPermissionsGranted.get(userId);
+        public boolean isPermissionUpgradeNeeded(int userId) {
+            return mPermissionUpgradeNeeded.get(userId, true);
         }
 
         @GuardedBy("Settings.this.mLock")
-        public void setRuntimePermissionsFingerPrintLPr(@NonNull String fingerPrint,
-                @UserIdInt int userId) {
-            mFingerprints.put(userId, fingerPrint);
+        public void updateRuntimePermissionsFingerprintLPr(@UserIdInt int userId) {
+            if (mExtendedFingerprint == null) {
+                throw new RuntimeException("The version of the permission controller hasn't been "
+                        + "set before trying to update the fingerprint.");
+            }
+            mFingerprints.put(userId, mExtendedFingerprint);
             writePermissionsForUserAsyncLPr(userId);
         }
 
+        public void setPermissionControllerVersion(long version) {
+            int numUser = mFingerprints.size();
+            mExtendedFingerprint = getExtendedFingerprint(version);
+
+            for (int i = 0;  i < numUser; i++) {
+                int userId = mFingerprints.keyAt(i);
+                String fingerprint = mFingerprints.valueAt(i);
+                mPermissionUpgradeNeeded.put(userId,
+                        !TextUtils.equals(mExtendedFingerprint, fingerprint));
+            }
+        }
+
+        private String getExtendedFingerprint(long version) {
+            return Build.FINGERPRINT + "?pc_version=" + version;
+        }
+
         public void writePermissionsForUserSyncLPr(int userId) {
             mHandler.removeMessages(userId);
             writePermissionsSync(userId);
@@ -5461,7 +5485,7 @@ public final class Settings {
                 revokeRuntimePermissionsAndClearFlags(sb, userId);
             }
 
-            mDefaultPermissionsGranted.delete(userId);
+            mPermissionUpgradeNeeded.delete(userId);
             mVersions.delete(userId);
             mFingerprints.remove(userId);
         }
@@ -5503,8 +5527,6 @@ public final class Settings {
 
             String fingerprint = runtimePermissions.getFingerprint();
             mFingerprints.put(userId, fingerprint);
-            boolean defaultPermissionsGranted = Build.FINGERPRINT.equals(fingerprint);
-            mDefaultPermissionsGranted.put(userId, defaultPermissionsGranted);
 
             boolean isUpgradeToR = getInternalVersion().sdkVersion < Build.VERSION_CODES.R;
 
@@ -5636,7 +5658,7 @@ public final class Settings {
 
             } catch (XmlPullParserException | IOException e) {
                 throw new IllegalStateException("Failed parsing permissions file: "
-                        + permissionsFile , e);
+                        + permissionsFile, e);
             } finally {
                 IoUtils.closeQuietly(in);
             }
@@ -5664,8 +5686,6 @@ public final class Settings {
                         mVersions.put(userId, version);
                         String fingerprint = parser.getAttributeValue(null, ATTR_FINGERPRINT);
                         mFingerprints.put(userId, fingerprint);
-                        final boolean defaultsGranted = Build.FINGERPRINT.equals(fingerprint);
-                        mDefaultPermissionsGranted.put(userId, defaultsGranted);
                     } break;
 
                     case TAG_PACKAGE: {
@@ -5724,13 +5744,14 @@ public final class Settings {
                         if (granted) {
                             permissionsState.grantRuntimePermission(bp, userId);
                             permissionsState.updatePermissionFlags(bp, userId,
-                                        PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
+                                    PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
                         } else {
                             permissionsState.updatePermissionFlags(bp, userId,
                                     PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
                         }
 
-                    } break;
+                    }
+                    break;
                 }
             }
         }
diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 2feddb6a4fe3..e3abcda2530f 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -60,10 +60,8 @@ import android.util.ArrayMap;
 import android.util.ArraySet;
 import android.util.Log;
 import android.util.Slog;
-import android.util.SparseIntArray;
 import android.util.Xml;
 
-import com.android.internal.annotations.GuardedBy;
 import com.android.internal.util.ArrayUtils;
 import com.android.internal.util.XmlUtils;
 import com.android.server.LocalServices;
@@ -226,9 +224,6 @@ public final class DefaultPermissionGrantPolicy {
     private final PackageManagerInternal mServiceInternal;
     private final PermissionManagerService mPermissionManager;
 
-    @GuardedBy("mLock")
-    private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();
-
     DefaultPermissionGrantPolicy(Context context, Looper looper,
             @NonNull PermissionManagerService permissionManager) {
         mContext = context;
@@ -297,19 +292,10 @@ public final class DefaultPermissionGrantPolicy {
         }
     }
 
-    public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
-        synchronized (mLock) {
-            return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
-        }
-    }
-
     public void grantDefaultPermissions(int userId) {
         grantPermissionsToSysComponentsAndPrivApps(userId);
         grantDefaultSystemHandlerPermissions(userId);
         grantDefaultPermissionExceptions(userId);
-        synchronized (mLock) {
-            mDefaultPermissionsGrantedUsers.put(userId, userId);
-        }
     }
 
     private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 4a85027854d6..85da5593223b 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -4223,7 +4223,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
 
         int[] grantPermissionsUserIds = EMPTY_INT_ARRAY;
         for (int userId : UserManagerService.getInstance().getUserIds()) {
-            if (!mPackageManagerInt.areDefaultRuntimePermissionsGranted(userId)) {
+            if (mPackageManagerInt.isPermissionUpgradeNeeded(userId)) {
                 grantPermissionsUserIds = ArrayUtils.appendInt(
                         grantPermissionsUserIds, userId);
             }
@@ -4628,13 +4628,6 @@ public class PermissionManagerService extends IPermissionManager.Stub {
         }
 
         @Override
-        public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
-            synchronized (mLock) {
-                return mDefaultPermissionGrantPolicy.wereDefaultPermissionsGrantedSinceBoot(userId);
-            }
-        }
-
-        @Override
         public void onNewUserCreated(int userId) {
             mDefaultPermissionGrantPolicy.grantDefaultPermissions(userId);
             synchronized (mLock) {
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
index 048e487fdaeb..32ef2cee5685 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
@@ -447,12 +447,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
     public abstract void grantDefaultPermissionsToDefaultUseOpenWifiApp(
             @NonNull String packageName, @UserIdInt int userId);
 
-    /**
-     * Returns whether or not default permission grants have been performed for the given
-     * user since the device booted.
-     */
-    public abstract boolean wereDefaultPermissionsGrantedSinceBoot(@UserIdInt int userId);
-
     /** Called when a new user has been created. */
     public abstract void onNewUserCreated(@UserIdInt int userId);
 }
diff --git a/services/core/java/com/android/server/policy/PermissionPolicyService.java b/services/core/java/com/android/server/policy/PermissionPolicyService.java
index 139c844256fa..d589353cf3a0 100644
--- a/services/core/java/com/android/server/policy/PermissionPolicyService.java
+++ b/services/core/java/com/android/server/policy/PermissionPolicyService.java
@@ -280,7 +280,7 @@ public final class PermissionPolicyService extends SystemService {
                 LocalServices.getService(PackageManagerInternal.class);
         final PermissionManagerServiceInternal permissionManagerInternal =
                 LocalServices.getService(PermissionManagerServiceInternal.class);
-        if (permissionManagerInternal.wereDefaultPermissionsGrantedSinceBoot(userId)) {
+        if (packageManagerInternal.isPermissionUpgradeNeeded(userId)) {
             if (DEBUG) Slog.i(LOG_TAG, "defaultPermsWereGrantedSinceBoot(" + userId + ")");
 
             // Now call into the permission controller to apply policy around permissions
@@ -314,7 +314,7 @@ public final class PermissionPolicyService extends SystemService {
 
             permissionControllerManager.updateUserSensitive();
 
-            packageManagerInternal.setRuntimePermissionsFingerPrint(Build.FINGERPRINT, userId);
+            packageManagerInternal.updateRuntimePermissionsFingerprint(userId);
         }
     }
author	Evan Severson <evanseverson@google.com>	2020-03-05 17:40:08 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-03-05 17:40:08 +0000
commit	2a129f696a125a077af0ae4fcde7fce6c29eed3c (patch)
tree	a345899b7f55ab1215183eca31e8daa459215bde
parent	88a6bcaec8d3ed94be46b0d10b355520352dbe0c (diff)
parent	0dc24cba2bdde289f55e7db6172278c664b3d47a (diff)