Ensure storage permission revoke happens for all users

When revoking storage permissions due to storage escalation, ensure the revoke happens for all users Fixes: 186034260 Bug: 171430330 Test: atest --user-type secondary_user StorageEscalationTest Merged-In: Ieb8bb9cde1576e9eee131338d393b8a3528341ec Change-Id: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
author: Nate Myren <ntmyren@google.com> 2021-04-29 11:10:12 -0700
committer: Nate Myren <ntmyren@google.com> 2021-04-30 21:22:55 +0000
commit: 387182eb494e596ef670d6fd919f85e92d156c79 (patch)
tree: 9ba72399fe3808012129cf3e29f25d8007e3dca1
parent: 08db350c8bf5f3c94ed39e62751422980778811f (diff)
1 files changed, 22 insertions, 15 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 79c86c167cf9..128b7f775117 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -618,23 +618,30 @@ public class PermissionManagerService {
         }
 
         final int callingUid = Binder.getCallingUid();
-        final int userId = UserHandle.getUserId(newPackage.applicationInfo.uid);
-        int numRequestedPermissions = newPackage.requestedPermissions.size();
-        for (int i = 0; i < numRequestedPermissions; i++) {
-            PermissionInfo permInfo = getPermissionInfo(newPackage.requestedPermissions.get(i),
-                    newPackage.packageName, 0, callingUid);
-            if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
-                continue;
-            }
 
-            EventLog.writeEvent(0x534e4554, "171430330", newPackage.applicationInfo.uid,
-                    "Revoking permission " + permInfo.name + " from package "
-                            + newPackage.packageName + " as either the sdk downgraded "
-                            + downgradedSdk + " or newly requested legacy full storage "
-                            + newlyRequestsLegacy);
+        for (int userId: mUserManagerInt.getUserIds()) {
+            int numRequestedPermissions = newPackage.requestedPermissions.size();
+            for (int i = 0; i < numRequestedPermissions; i++) {
+                PermissionInfo permInfo = getPermissionInfo(newPackage.requestedPermissions.get(i),
+                        newPackage.packageName, 0, callingUid);
+                if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
+                    continue;
+                }
+
+                EventLog.writeEvent(0x534e4554, "171430330", newPackage.applicationInfo.uid,
+                        "Revoking permission " + permInfo.name + " from package "
+                                + newPackage.packageName + " as either the sdk downgraded "
+                                + downgradedSdk + " or newly requested legacy full storage "
+                                + newlyRequestsLegacy);
 
-            revokeRuntimePermission(permInfo.name, newPackage.packageName,
-                    false, userId, permissionCallback);
+                try {
+                    revokeRuntimePermission(permInfo.name, newPackage.packageName,
+                            false, userId, permissionCallback);
+                } catch (IllegalStateException | SecurityException e) {
+                    Log.e(TAG, "unable to revoke " + permInfo.name + " for "
+                            + newPackage.packageName + " user " + userId, e);
+                }
+            }
         }
 
     }
author	Nate Myren <ntmyren@google.com>	2021-04-29 11:10:12 -0700
committer	Nate Myren <ntmyren@google.com>	2021-04-30 21:22:55 +0000
commit	387182eb494e596ef670d6fd919f85e92d156c79 (patch)
tree	9ba72399fe3808012129cf3e29f25d8007e3dca1
parent	08db350c8bf5f3c94ed39e62751422980778811f (diff)