Merge "Default grants: handle update system packages" into mnc-dev

author: Svetoslav Ganov <svetoslavganov@google.com> 2015-07-29 21:54:13 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-07-29 21:54:13 +0000
commit: 393c7fb2c67e7fc9dfab710a52313f9b55aaa57c (patch)
tree: 2fd8e2c65b20c107fd130eeb1d42d27d6dd4d0a3
parent: e2cd84196e1266200f906b5d721640217fc2e6f9 (diff)
parent: 4aa97977863e01af3803afcee97292109bbec97c (diff)
1 files changed, 40 insertions, 22 deletions
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 94011fd7ed19..62783714e03e 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -170,30 +170,23 @@ final class DefaultPermissionGrantPolicy {
 
         synchronized (mService.mPackages) {
             for (PackageParser.Package pkg : mService.mPackages.values()) {
-                if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
-                        || !doesPackageSupportRuntimePermissions(pkg)) {
+                if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg)
+                        || !doesPackageSupportRuntimePermissions(pkg)
+                        || pkg.requestedPermissions.isEmpty()) {
                     continue;
                 }
+                Set<String> permissions = new ArraySet<>();
                 final int permissionCount = pkg.requestedPermissions.size();
                 for (int i = 0; i < permissionCount; i++) {
                     String permission = pkg.requestedPermissions.get(i);
                     BasePermission bp = mService.mSettings.mPermissions.get(permission);
                     if (bp != null && bp.isRuntime()) {
-                        final int flags = mService.getPermissionFlags(permission,
-                                pkg.packageName, userId);
-                        if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) {
-                            mService.grantRuntimePermission(pkg.packageName, permission, userId);
-                            mService.updatePermissionFlags(permission, pkg.packageName,
-                                    PackageManager.MASK_PERMISSION_FLAGS,
-                                    PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
-                                    | PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, userId);
-                            if (DEBUG) {
-                                Log.i(TAG, "Granted " + permission + " to system component "
-                                        + pkg.packageName);
-                            }
-                        }
+                        permissions.add(permission);
                     }
                 }
+                if (!permissions.isEmpty()) {
+                    grantRuntimePermissionsLPw(pkg, permissions, true, userId);
+                }
             }
         }
     }
@@ -739,7 +732,7 @@ final class DefaultPermissionGrantPolicy {
     private PackageParser.Package getSystemPackageLPr(String packageName) {
         PackageParser.Package pkg = getPackageLPr(packageName);
         if (pkg != null && pkg.isSystemApp()) {
-            return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
+            return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null;
         }
         return null;
     }
@@ -756,18 +749,36 @@ final class DefaultPermissionGrantPolicy {
 
     private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
             boolean systemFixed, boolean overrideUserChoice,  int userId) {
+        if (pkg.requestedPermissions.isEmpty()) {
+            return;
+        }
+
         List<String> requestedPermissions = pkg.requestedPermissions;
+        Set<String> grantablePermissions = null;
 
         if (pkg.isUpdatedSystemApp()) {
             PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName);
             if (sysPs != null) {
-                requestedPermissions = sysPs.pkg.requestedPermissions;
+                if (sysPs.pkg.requestedPermissions.isEmpty()) {
+                    return;
+                }
+                if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) {
+                    grantablePermissions = new ArraySet<>(requestedPermissions);
+                    requestedPermissions = sysPs.pkg.requestedPermissions;
+                }
             }
         }
 
-        final int permissionCount = requestedPermissions.size();
-        for (int i = 0; i < permissionCount; i++) {
+        final int grantablePermissionCount = requestedPermissions.size();
+        for (int i = 0; i < grantablePermissionCount; i++) {
             String permission = requestedPermissions.get(i);
+
+            // If there is a disabled system app it may request a permission the updated
+            // version ot the data partition doesn't, In this case skip the permission.
+            if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
+                continue;
+            }
+
             if (permissions.contains(permission)) {
                 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId);
 
@@ -803,12 +814,19 @@ final class DefaultPermissionGrantPolicy {
         }
     }
 
-    private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
+    private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) {
         if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
             return true;
         }
-        if ((pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) == 0
-                || (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
+        if (!pkg.isPrivilegedApp()) {
+            return false;
+        }
+        PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName);
+        if (sysPkg != null) {
+            if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
+                return false;
+            }
+        } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
             return false;
         }
         return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures,
author	Svetoslav Ganov <svetoslavganov@google.com>	2015-07-29 21:54:13 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-07-29 21:54:13 +0000
commit	393c7fb2c67e7fc9dfab710a52313f9b55aaa57c (patch)
tree	2fd8e2c65b20c107fd130eeb1d42d27d6dd4d0a3
parent	e2cd84196e1266200f906b5d721640217fc2e6f9 (diff)
parent	4aa97977863e01af3803afcee97292109bbec97c (diff)