Revoke granted permission when the permission defining app is removed.

Bug: 67319274 Test: atest android.permission.cts.RemovePermissionTest Change-Id: I20c4c975a1dd41a0a6c3e068988fe60be51dd1b4
author: Hongming Jin <hongmingjin@google.com> 2019-08-16 14:28:30 -0700
committer: Hongming Jin <hongmingjin@google.com> 2019-09-05 17:39:29 -0700
commit: bc4d010e101fe126d2c1f77d230336f5c8c467cd (patch)
tree: c2cec5e1bd1a3500d78390c519004c68cdd91eb5
parent: 904f1897080126575068e7d510ead3d994a56007 (diff)
1 files changed, 43 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 83aa07d446e8..a9e3f046e425 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -57,6 +57,7 @@ import android.app.AppOpsManager;
 import android.app.ApplicationPackageManager;
 import android.app.IActivityManager;
 import android.content.Context;
+import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.PermissionGroupInfoFlags;
 import android.content.pm.PackageManager.PermissionInfoFlags;
@@ -3750,7 +3751,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
         // Make sure all dynamic permissions have been assigned to a package,
         // and make sure there are no dangling permissions.
         boolean permissionSourcePackageChanged = updatePermissionSourcePackage(changingPkgName,
-                changingPkg);
+                changingPkg, callback);
 
         if (permissionTreesSourcePackageChanged | permissionSourcePackageChanged) {
             // Permission ownership has changed. This e.g. changes which packages can get signature
@@ -3803,7 +3804,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
      * @return {@code true} if a permission source package might have changed
      */
     private boolean updatePermissionSourcePackage(@Nullable String packageName,
-            @Nullable PackageParser.Package pkg) {
+            @Nullable PackageParser.Package pkg,
+            final @Nullable PermissionCallback callback) {
         boolean changed = false;
 
         Set<BasePermission> needsUpdate = null;
@@ -3819,6 +3821,45 @@ public class PermissionManagerService extends IPermissionManager.Stub {
                         && (pkg == null || !hasPermission(pkg, bp.getName()))) {
                         Slog.i(TAG, "Removing permission " + bp.getName()
                                 + " that used to be declared by " + bp.getSourcePackageName());
+                        if (bp.isRuntime()) {
+                            final int[] userIds = mUserManagerInt.getUserIds();
+                            final int numUserIds = userIds.length;
+                            for (int userIdNum = 0; userIdNum < numUserIds; userIdNum++) {
+                                final int userId = userIds[userIdNum];
+
+                                mPackageManagerInt.forEachPackage((Package p) -> {
+                                    final String pName = p.packageName;
+                                    final ApplicationInfo appInfo =
+                                            mPackageManagerInt.getApplicationInfo(pName, 0,
+                                                    Process.SYSTEM_UID, UserHandle.USER_SYSTEM);
+                                    if (appInfo != null
+                                            && appInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+                                        return;
+                                    }
+
+                                    final String permissionName = bp.getName();
+                                    if (checkPermissionImpl(permissionName, pName, userId)
+                                            == PackageManager.PERMISSION_GRANTED) {
+                                        try {
+                                            revokeRuntimePermissionInternal(
+                                                    permissionName,
+                                                    pName,
+                                                    false,
+                                                    Process.SYSTEM_UID,
+                                                    userId,
+                                                    callback);
+                                        } catch (IllegalArgumentException e) {
+                                            Slog.e(TAG,
+                                                    "Failed to revoke "
+                                                            + permissionName
+                                                            + " from "
+                                                            + pName,
+                                                    e);
+                                        }
+                                    }
+                                });
+                            }
+                        }
                         changed = true;
                         it.remove();
                     }
author	Hongming Jin <hongmingjin@google.com>	2019-08-16 14:28:30 -0700
committer	Hongming Jin <hongmingjin@google.com>	2019-09-05 17:39:29 -0700
commit	bc4d010e101fe126d2c1f77d230336f5c8c467cd (patch)
tree	c2cec5e1bd1a3500d78390c519004c68cdd91eb5
parent	904f1897080126575068e7d510ead3d994a56007 (diff)