diff options
| author | 2021-04-03 01:17:40 +0000 | |
|---|---|---|
| committer | 2021-04-03 02:48:55 +0000 | |
| commit | 2f11055d1db07b835d955c8127389f3cfa4fff65 (patch) | |
| tree | 4363b94b0b57a8f283a7186aa1fb38db0bf4fc8c | |
| parent | c9f96b6ea78192afad34867eea60d401d78c2d67 (diff) | |
Re-grant install permissions on build fingerprint change.
In addition to SDK change.
Bug: 181106905
Test: presubmit
Change-Id: I8a181bf9632f364c0327a3f34c76272f614458a5
3 files changed, 20 insertions, 20 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index cb68cc9d5e45..8383a7eca102 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -6880,19 +6880,18 @@ public class PackageManagerService extends IPackageManager.Stub + " seconds"); mPermissionManager.readLegacyPermissionStateTEMP(); - // If the platform SDK has changed since the last time we booted, + // If the build fingerprint has changed since the last time we booted, // we need to re-grant app permission to catch any new ones that // appear. This is really a hack, and means that apps can in some // cases get permissions that the user didn't initially explicitly // allow... it would be nice to have some better way to handle // this situation. - final boolean sdkUpdated = (ver.sdkVersion != mSdkVersion); - if (sdkUpdated) { - Slog.i(TAG, "Platform changed from " + ver.sdkVersion + " to " - + mSdkVersion + "; regranting permissions for internal storage"); + if (mIsUpgrade) { + Slog.i(TAG, "Build fingerprint changed from " + ver.fingerprint + " to " + + Build.FINGERPRINT + "; regranting permissions for internal storage"); } mPermissionManager.onStorageVolumeMounted( - StorageManager.UUID_PRIVATE_INTERNAL, sdkUpdated); + StorageManager.UUID_PRIVATE_INTERNAL, mIsUpgrade); ver.sdkVersion = mSdkVersion; // If this is the first boot or an update from pre-M, and it is a normal @@ -24612,12 +24611,13 @@ public class PackageManagerService extends IPackageManager.Stub } synchronized (mLock) { - final boolean sdkUpdated = (ver.sdkVersion != mSdkVersion); - if (sdkUpdated) { - logCriticalInfo(Log.INFO, "Platform changed from " + ver.sdkVersion + " to " - + mSdkVersion + "; regranting permissions for " + volumeUuid); + final boolean isUpgrade = !Build.FINGERPRINT.equals(ver.fingerprint); + if (isUpgrade) { + logCriticalInfo(Log.INFO, "Build fingerprint changed from " + ver.fingerprint + + " to " + Build.FINGERPRINT + "; regranting permissions for " + + volumeUuid); } - mPermissionManager.onStorageVolumeMounted(volumeUuid, sdkUpdated); + mPermissionManager.onStorageVolumeMounted(volumeUuid, isUpgrade); // Yay, everything is now upgraded ver.forceCurrent(); diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 7e3911ac9a6d..7aad179226be 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -3962,14 +3962,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { * </ol> * * @param volumeUuid The volume UUID of the packages to be updated - * @param sdkVersionChanged whether the current SDK version is different from what it was when - * this volume was last mounted + * @param fingerprintChanged whether the current build fingerprint is different from what it was + * when this volume was last mounted */ - private void updateAllPermissions(@NonNull String volumeUuid, boolean sdkVersionChanged) { + private void updateAllPermissions(@NonNull String volumeUuid, boolean fingerprintChanged) { PackageManager.corkPackageInfoCache(); // Prevent invalidation storm try { final int flags = UPDATE_PERMISSIONS_ALL | - (sdkVersionChanged + (fingerprintChanged ? UPDATE_PERMISSIONS_REPLACE_PKG | UPDATE_PERMISSIONS_REPLACE_ALL : 0); updatePermissions(null, null, volumeUuid, flags, mDefaultPermissionCallback); @@ -4944,8 +4944,8 @@ public class PermissionManagerService extends IPermissionManager.Stub { return PermissionManagerService.this.getAppOpPermissionPackagesInternal(permissionName); } @Override - public void onStorageVolumeMounted(@Nullable String volumeUuid, boolean sdkVersionChanged) { - updateAllPermissions(volumeUuid, sdkVersionChanged); + public void onStorageVolumeMounted(@Nullable String volumeUuid, boolean fingerprintChanged) { + updateAllPermissions(volumeUuid, fingerprintChanged); } @Override public void resetRuntimePermissions(@NonNull AndroidPackage pkg, @UserIdInt int userId) { diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java index 59682e13c7e1..3939d0efb4a1 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java @@ -210,11 +210,11 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter * Callback when a storage volume is mounted, so that all packages on it become available. * * @param volumeUuid the UUID of the storage volume - * @param sdkVersionChanged whether the current SDK version is different from what it was when - * this volume was last mounted + * @param fingerprintChanged whether the current build fingerprint is different from what it was + * when this volume was last mounted */ //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - void onStorageVolumeMounted(@NonNull String volumeUuid, boolean sdkVersionChanged); + void onStorageVolumeMounted(@NonNull String volumeUuid, boolean fingerprintChanged); /** * Callback when a user has been created. |