Add install option to grant all runtime permissions.

Change-Id: I72ba67a72025646a3d53611621b0353d3a86677c

3 files changed, 48 insertions, 0 deletions

diff --git a/cmds/pm/src/com/android/commands/pm/Pm.java b/cmds/pm/src/com/android/commands/pm/Pm.java
index f38b9e7cab7e..89dd0792cbe3 100644
--- a/cmds/pm/src/com/android/commands/pm/Pm.java
+++ b/cmds/pm/src/com/android/commands/pm/Pm.java
@@ -892,6 +892,8 @@ public final class Pm {
                 installFlags |= PackageManager.INSTALL_INTERNAL;
             } else if (opt.equals("-d")) {
                 installFlags |= PackageManager.INSTALL_ALLOW_DOWNGRADE;
+            } else if (opt.equals("-g")) {
+                installFlags |= PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS;
             } else if (opt.equals("--originating-uri")) {
                 originatingUriString = nextOptionData();
                 if (originatingUriString == null) {
@@ -1878,6 +1880,7 @@ public final class Pm {
         System.err.println("    -f: install application on internal flash");
         System.err.println("    -d: allow version code downgrade");
         System.err.println("    -p: partial application install");
+        System.err.println("    -g: grant all runtime permissions");
         System.err.println("    -S: size in bytes of entire session");
         System.err.println("");
         System.err.println("pm install-write: write a package into existing session; path may");
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 314b0b420551..59a16dab5d72 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -378,6 +378,16 @@ public abstract class PackageManager {
     public static final int INSTALL_ALLOW_DOWNGRADE = 0x00000080;
 
     /**
+     * Flag parameter for {@link #installPackage} to indicate that all runtime
+     * permissions should be granted to the package. If {@link #INSTALL_ALL_USERS}
+     * is set the runtime permissions will be granted to all users, otherwise
+     * only to the owner.
+     *
+     * @hide
+     */
+    public static final int INSTALL_GRANT_RUNTIME_PERMISSIONS = 0x00000100;
+
+    /**
      * Flag parameter for
      * {@link #setComponentEnabledSetting(android.content.ComponentName, int, int)} to indicate
      * that you don't want to kill the app containing the component.  Be careful when you set this
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 5d2052808695..26b29a2f1afc 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -1014,6 +1014,15 @@ public class PackageManagerService extends IPackageManager.Stub {
                             res.removedInfo.sendBroadcast(false, true, false);
                             Bundle extras = new Bundle(1);
                             extras.putInt(Intent.EXTRA_UID, res.uid);
+
+                            // Now that we successfully installed the package, grant runtime
+                            // permissions if requested before broadcasting the install.
+                            if ((args.installFlags
+                                    & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0) {
+                                grantRequestedRuntimePermissions(res.pkg,
+                                        args.user.getIdentifier());
+                            }
+
                             // Determine the set of users who are adding this
                             // package for the first time vs. those who are seeing
                             // an update.
@@ -1234,6 +1243,32 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
     }
 
+    private void grantRequestedRuntimePermissions(PackageParser.Package pkg, int userId) {
+        if (userId >= UserHandle.USER_OWNER) {
+            grantRequestedRuntimePermissionsForUser(pkg, userId);
+        } else if (userId == UserHandle.USER_ALL) {
+            for (int someUserId : UserManagerService.getInstance().getUserIds()) {
+                grantRequestedRuntimePermissionsForUser(pkg, someUserId);
+            }
+        }
+    }
+
+    private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId) {
+        SettingBase sb = (SettingBase) pkg.mExtras;
+        if (sb == null) {
+            return;
+        }
+
+        PermissionsState permissionsState = sb.getPermissionsState();
+
+        for (String permission : pkg.requestedPermissions) {
+            BasePermission bp = mSettings.mPermissions.get(permission);
+            if (bp != null && bp.isRuntime()) {
+                permissionsState.grantRuntimePermission(bp, userId);
+            }
+        }
+    }
+
     Bundle extrasForInstallResult(PackageInstalledInfo res) {
         Bundle extras = null;
         switch (res.returnCode) {