Merge "AppIdPermissionPolicy: Move package update permission revoke to after package evaluation." into main

author: Justin Lannin <jlannin@google.com> 2025-03-21 16:52:19 -0700
committer: Android (Google) Code Review <android-gerrit@google.com> 2025-03-21 16:52:19 -0700
commit: cc4e6d13f30e124ab8d6c56aba93e30a6a22538a (patch)
tree: fc4e17833f56cbb91f2e937fb65aa0398d7d35e7
parent: da47f1d52ddaea9d78afe9ea0b33afd7e45c8931 (diff)
parent: 05bbc74ec1b827110a423fddd36c0801fe58f327 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
index cfaf31743a78..f3ab0e33d026 100644
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
@@ -112,7 +112,6 @@ class AppIdPermissionPolicy : SchemePolicy() {
             addPermissions(packageState, changedPermissionNames)
             trimPermissions(packageState.packageName, changedPermissionNames)
             trimPermissionStates(packageState.appId)
-            revokePermissionsOnPackageUpdate(packageState.appId)
         }
         changedPermissionNames.forEachIndexed { _, permissionName ->
             evaluatePermissionStateForAllPackages(permissionName, null)
@@ -130,6 +129,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
             newState.externalState.userIds.forEachIndexed { _, userId ->
                 inheritImplicitPermissionStates(packageState.appId, userId)
             }
+            revokePermissionsOnPackageUpdate(packageState.appId)
         }
     }
 
@@ -140,7 +140,6 @@ class AppIdPermissionPolicy : SchemePolicy() {
         addPermissions(packageState, changedPermissionNames)
         trimPermissions(packageState.packageName, changedPermissionNames)
         trimPermissionStates(packageState.appId)
-        revokePermissionsOnPackageUpdate(packageState.appId)
         changedPermissionNames.forEachIndexed { _, permissionName ->
             evaluatePermissionStateForAllPackages(permissionName, null)
         }
@@ -148,6 +147,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
         newState.externalState.userIds.forEachIndexed { _, userId ->
             inheritImplicitPermissionStates(packageState.appId, userId)
         }
+        revokePermissionsOnPackageUpdate(packageState.appId)
     }
 
     override fun MutateStateScope.onPackageRemoved(packageName: String, appId: Int) {
@@ -700,6 +700,10 @@ class AppIdPermissionPolicy : SchemePolicy() {
     }
 
     private fun MutateStateScope.revokePermissionsOnPackageUpdate(appId: Int) {
+        revokeStorageAndMediaPermissionsOnPackageUpdate(appId)
+    }
+
+    private fun MutateStateScope.revokeStorageAndMediaPermissionsOnPackageUpdate(appId: Int) {
         val hasOldPackage =
             appId in oldState.externalState.appIdPackageNames &&
                 anyPackageInAppId(appId, oldState) { true }
author	Justin Lannin <jlannin@google.com>	2025-03-21 16:52:19 -0700
committer	Android (Google) Code Review <android-gerrit@google.com>	2025-03-21 16:52:19 -0700
commit	cc4e6d13f30e124ab8d6c56aba93e30a6a22538a (patch)
tree	fc4e17833f56cbb91f2e937fb65aa0398d7d35e7
parent	da47f1d52ddaea9d78afe9ea0b33afd7e45c8931 (diff)
parent	05bbc74ec1b827110a423fddd36c0801fe58f327 (diff)