summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Nate Myren <ntmyren@google.com> 2022-10-28 21:06:40 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2022-10-28 21:06:40 +0000
commit6664a27f76f69ee19ad8fa1b1ea27a2b22f731ef (patch)
treea8acbaae7af039c075efa79cd008229c69964f50
parent0185f5fc5dda21b1df08369e5b53b6042b361d26 (diff)
parent14551ab6d2c754d83d6b504549aabb40018d9c6a (diff)
Merge "RESTRICT AUTOMERGE Revoke SYSTEM_ALERT_WINDOW on upgrade past api 23" into rvc-dev
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java4
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerService.java60
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java29
3 files changed, 57 insertions, 36 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 12961584b740..5f6ef9903124 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -12494,9 +12494,7 @@ public class PackageManagerService extends IPackageManager.Stub
AsyncTask.execute(() -> {
if (hasOldPkg) {
- mPermissionManager.revokeRuntimePermissionsIfGroupChanged(pkg, oldPkg,
- allPackageNames);
- mPermissionManager.revokeStoragePermissionsIfScopeExpanded(pkg, oldPkg);
+ mPermissionManager.onPackageUpdated(pkg, oldPkg, allPackageNames);
}
if (hasPermissionDefinitionChanges) {
mPermissionManager.revokeRuntimePermissionsIfPermissionDefinitionChanged(
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 75c1b059a954..2a07f8eb67bb 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2322,6 +2322,46 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
/**
+ * If the package was below api 23, got the SYSTEM_ALERT_WINDOW permission automatically, and
+ * then updated past api 23, and the app does not satisfy any of the other SAW permission flags,
+ * the permission should be revoked.
+ *
+ * @param newPackage The new package that was installed
+ * @param oldPackage The old package that was updated
+ */
+ private void revokeSystemAlertWindowIfUpgradedPast23(
+ @NonNull AndroidPackage newPackage,
+ @NonNull AndroidPackage oldPackage,
+ @NonNull PermissionCallback permissionCallback) {
+ if (oldPackage.getTargetSdkVersion() >= Build.VERSION_CODES.M
+ || newPackage.getTargetSdkVersion() < Build.VERSION_CODES.M
+ || !newPackage.getRequestedPermissions()
+ .contains(Manifest.permission.SYSTEM_ALERT_WINDOW)) {
+ return;
+ }
+
+ BasePermission saw;
+ synchronized (mLock) {
+ saw = mSettings.getPermissionLocked(Manifest.permission.SYSTEM_ALERT_WINDOW);
+ }
+ final PackageSetting ps = (PackageSetting)
+ mPackageManagerInt.getPackageSetting(newPackage.getPackageName());
+ if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw,
+ ps.getPermissionsState())) {
+ return;
+ }
+ for (int userId : mUserManagerInt.getUserIds()) {
+ try {
+ revokePermissionFromPackageForUser(newPackage.getPackageName(),
+ Manifest.permission.SYSTEM_ALERT_WINDOW, false, userId, permissionCallback);
+ } catch (IllegalStateException | SecurityException e) {
+ Log.e(TAG, "unable to revoke SYSTEM_ALERT_WINDOW for "
+ + newPackage.getPackageName() + " user " + userId, e);
+ }
+ }
+ }
+
+ /**
* We might auto-grant permissions if any permission of the group is already granted. Hence if
* the group of a granted permission changes we need to revoke it to avoid having permissions of
* the new group auto-granted.
@@ -4789,24 +4829,20 @@ public class PermissionManagerService extends IPermissionManager.Stub {
return PermissionManagerService.this.isPermissionsReviewRequired(pkg, userId);
}
/**
- * If the app is updated, and has scoped storage permissions, then it is possible that the
- * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
+ * If the app is updated, then some checks need to be performed to ensure the
+ * package is not attempting to expoit permission changes across API boundaries.
* @param newPackage The new package that was installed
* @param oldPackage The old package that was updated
+ * @param allPackageNames The current packages in the system
*/
- public void revokeStoragePermissionsIfScopeExpanded(
- @NonNull AndroidPackage newPackage,
- @NonNull AndroidPackage oldPackage
- ) {
- PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,
- oldPackage, mDefaultPermissionCallback);
- }
-
- @Override
- public void revokeRuntimePermissionsIfGroupChanged(
+ public void onPackageUpdated(
@NonNull AndroidPackage newPackage,
@NonNull AndroidPackage oldPackage,
@NonNull ArrayList<String> allPackageNames) {
+ PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,
+ oldPackage, mDefaultPermissionCallback);
+ PermissionManagerService.this.revokeSystemAlertWindowIfUpgradedPast23(newPackage,
+ oldPackage, mDefaultPermissionCallback);
PermissionManagerService.this.revokeRuntimePermissionsIfGroupChanged(newPackage,
oldPackage, allPackageNames, mDefaultPermissionCallback);
}
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
index df0edfa16924..7003c7a2027e 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
@@ -239,16 +239,14 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
public abstract void resetRuntimePermissions(@NonNull AndroidPackage pkg,
@UserIdInt int userId);
- /**
- * We might auto-grant permissions if any permission of the group is already granted. Hence if
- * the group of a granted permission changes we need to revoke it to avoid having permissions of
- * the new group auto-granted.
- *
- * @param newPackage The new package that was installed
- * @param oldPackage The old package that was updated
- * @param allPackageNames All packages
- */
- public abstract void revokeRuntimePermissionsIfGroupChanged(
+ /**
+ * If the app is updated, then some checks need to be performed to ensure the package is not
+ * attempting to expoit permission changes across API boundaries.
+ * @param newPackage The new package that was installed
+ * @param oldPackage The old package that was updated
+ * @param allPackageNames The current packages in the system
+ */
+ public abstract void onPackageUpdated(
@NonNull AndroidPackage newPackage,
@NonNull AndroidPackage oldPackage,
@NonNull ArrayList<String> allPackageNames);
@@ -266,17 +264,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
@NonNull ArrayList<String> allPackageNames);
/**
- * If the app is updated, and has scoped storage permissions, then it is possible that the
- * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
- * @param newPackage The new package that was installed
- * @param oldPackage The old package that was updated
- */
- public abstract void revokeStoragePermissionsIfScopeExpanded(
- @NonNull AndroidPackage newPackage,
- @NonNull AndroidPackage oldPackage
- );
-
- /**
* Add all permissions in the given package.
* <p>
* NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-27 23:54:47 +0000