Merge "Resolve allowlisting "TODO" on package install"

author: Manjeet Rulhania <mrulhania@google.com> 2023-02-15 16:29:34 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-02-15 16:29:34 +0000
commit: a9d150be1b377d53accf45ce9a283433896c97f5 (patch)
tree: 589b03fce44e52b0081dadd535e0b3bae944d6e5 /services/permission/java
parent: 6f12009ce44a10d50c7de8a2e558d30b2a2fbebd (diff)
parent: 54b5219c23e8141f7b763bad6c8d1ddfdb0f5219 (diff)
1 files changed, 28 insertions, 7 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 8ceac798c06b..de7dc3b53752 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -1394,6 +1394,22 @@ class PermissionService(
         return false
     }
 
+    private fun addAllowlistedRestrictedPermissionsUnchecked(
+        androidPackage: AndroidPackage,
+        appId: Int,
+        permissionNames: List<String>,
+        userId: Int
+    ) {
+        val newPermissionNames = getAllowlistedRestrictedPermissionsUnchecked(appId,
+            PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER, userId
+        )?.let {
+            IndexedSet(permissionNames).apply { this += it }.toList()
+        } ?: permissionNames
+
+        setAllowlistedRestrictedPermissionsUnchecked(androidPackage, appId, newPermissionNames,
+            PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER, userId)
+    }
+
     override fun removeAllowlistedRestrictedPermission(
         packageName: String,
         permissionName: String,
@@ -1445,7 +1461,7 @@ class PermissionService(
 
     private fun setAllowlistedRestrictedPermissions(
         packageName: String,
-        allowlistedPermissions: List<String>,
+        permissionNames: List<String>,
         allowlistedFlags: Int,
         userId: Int,
         isAddingPermission: Boolean
@@ -1480,7 +1496,7 @@ class PermissionService(
         }
 
         setAllowlistedRestrictedPermissionsUnchecked(
-            androidPackage, packageState.appId, allowlistedPermissions, allowlistedFlags, userId
+            androidPackage, packageState.appId, permissionNames, allowlistedFlags, userId
         )
 
         return true
@@ -1493,7 +1509,7 @@ class PermissionService(
     private fun setAllowlistedRestrictedPermissionsUnchecked(
         androidPackage: AndroidPackage,
         appId: Int,
-        allowlistedPermissions: List<String>,
+        permissionNames: List<String>,
         allowlistedFlags: Int,
         userId: Int
     ) {
@@ -1522,7 +1538,7 @@ class PermissionService(
                             PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM -> {
                                 mask = mask or PermissionFlags.SYSTEM_EXEMPT
                                 newFlags =
-                                    if (allowlistedPermissions.contains(requestedPermission)) {
+                                    if (permissionNames.contains(requestedPermission)) {
                                         newFlags or PermissionFlags.SYSTEM_EXEMPT
                                     } else {
                                         newFlags andInv PermissionFlags.SYSTEM_EXEMPT
@@ -1531,7 +1547,7 @@ class PermissionService(
                             PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE -> {
                                 mask = mask or PermissionFlags.UPGRADE_EXEMPT
                                 newFlags =
-                                    if (allowlistedPermissions.contains(requestedPermission)) {
+                                    if (permissionNames.contains(requestedPermission)) {
                                         newFlags or PermissionFlags.UPGRADE_EXEMPT
                                     } else {
                                         newFlags andInv PermissionFlags.UPGRADE_EXEMPT
@@ -1540,7 +1556,7 @@ class PermissionService(
                             PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER -> {
                                 mask = mask or PermissionFlags.INSTALLER_EXEMPT
                                 newFlags =
-                                    if (allowlistedPermissions.contains(requestedPermission)) {
+                                    if (permissionNames.contains(requestedPermission)) {
                                         newFlags or PermissionFlags.INSTALLER_EXEMPT
                                     } else {
                                         newFlags andInv PermissionFlags.INSTALLER_EXEMPT
@@ -1856,10 +1872,15 @@ class PermissionService(
         @Suppress("NAME_SHADOWING")
         userIds.forEach { userId ->
             service.onPackageInstalled(androidPackage.packageName, userId)
+        }
+
+        @Suppress("NAME_SHADOWING")
+        userIds.forEach { userId ->
             // TODO: Remove when this callback receives packageState directly.
             val packageState =
                 packageManagerInternal.getPackageStateInternal(androidPackage.packageName)!!
-            // TODO: Add allowlisting
+            addAllowlistedRestrictedPermissionsUnchecked(androidPackage, packageState.appId,
+                params.allowlistedRestrictedPermissions, userId)
             setRequestedPermissionStates(packageState, userId, params.permissionStates)
         }
     }
author	Manjeet Rulhania <mrulhania@google.com>	2023-02-15 16:29:34 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-02-15 16:29:34 +0000
commit	a9d150be1b377d53accf45ce9a283433896c97f5 (patch)
tree	589b03fce44e52b0081dadd535e0b3bae944d6e5 /services/permission/java
parent	6f12009ce44a10d50c7de8a2e558d30b2a2fbebd (diff)
parent	54b5219c23e8141f7b763bad6c8d1ddfdb0f5219 (diff)