Remove AndroidPackage#is_ partition APIs

These are moved to PackageState so that they can be queried in a single location regardless of whether the physical APKs are available on device (getAndroidPackage would be null in that case). This also means any existing framework callers have to be migrated to PackageState, but that ended up being fairly simple for all methods except isSystem, which has a lot of usages. That will be addressed in a follow-up. This CL does not move the physical data storage of these booleans to PackageState, but that should be done in the future, so that the underlying fields can be removed fro, PackageImpl. That will likely have to be done with a full install refactor, as there's no PackageSetting available at some points where the flags are queried, and so no holder for the fields without some messy temporary objects. This also removes the SettingsFlag set(Private)Flags mask restrictor, since that legacy subset flag behavior isn't worth keeping. API-Coverage-Bug: 262593427 Test: atest AndroidPackageTest Test: atest OverlayActorEnforcerTests Test: atest SELinuxMMACTest Change-Id: I2a915e55f609992729e082815d78fd2d73cb79fd
author: Winson Chiu <chiuwinson@google.com> 2022-11-02 21:19:05 +0000
committer: Winson <chiuwinson@google.com> 2022-12-19 14:47:59 -0800
commit: d4c21606ba0374518db0caeada6be521ab32d4b9 (patch)
tree: cf6bd31b141764d4c35cc71f073911b5af5ba1a4 /services/permission/java
parent: 392a8cb434eebbecc45f2e5b481def776eea061c (diff)
1 files changed, 18 insertions, 18 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt
index 49759c05489a..99e751688bd1 100644
--- a/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/UidPermissionPolicy.kt
@@ -784,14 +784,13 @@ class UidPermissionPolicy : SchemePolicy() {
         if (packageState.packageName == PLATFORM_PACKAGE_NAME) {
             return true
         }
-        val androidPackage = packageState.androidPackage!!
-        if (!androidPackage.isPrivileged) {
+        if (!packageState.isPrivileged) {
             return true
         }
         if (permission.packageName !in newState.systemState.privilegedPermissionAllowlistPackages) {
             return true
         }
-        val allowlistState = getPrivilegedPermissionAllowlistState(androidPackage, permission.name)
+        val allowlistState = getPrivilegedPermissionAllowlistState(packageState, permission.name)
         if (allowlistState != null) {
             return allowlistState
         }
@@ -808,23 +807,23 @@ class UidPermissionPolicy : SchemePolicy() {
      * allowlist, or `null` if it's not in the allowlist.
      */
     private fun MutateStateScope.getPrivilegedPermissionAllowlistState(
-        androidPackage: AndroidPackage,
+        packageState: PackageState,
         permissionName: String
     ): Boolean? {
         val permissionAllowlist = newState.systemState.permissionAllowlist
         // TODO(b/261913353): STOPSHIP: Add AndroidPackage.apexModuleName. The below is only for
         //  passing compilation but won't actually work.
         // val apexModuleName = androidPackage.apexModuleName
-        val apexModuleName = androidPackage.packageName
-        val packageName = androidPackage.packageName
+        val apexModuleName = packageState.packageName
+        val packageName = packageState.packageName
         return when {
-            androidPackage.isVendor -> permissionAllowlist.getVendorPrivilegedAppAllowlistState(
+            packageState.isVendor -> permissionAllowlist.getVendorPrivilegedAppAllowlistState(
                 packageName, permissionName
             )
-            androidPackage.isProduct -> permissionAllowlist.getProductPrivilegedAppAllowlistState(
+            packageState.isProduct -> permissionAllowlist.getProductPrivilegedAppAllowlistState(
                 packageName, permissionName
             )
-            androidPackage.isSystemExt ->
+            packageState.isSystemExt ->
                 permissionAllowlist.getSystemExtPrivilegedAppAllowlistState(
                     packageName, permissionName
                 )
@@ -898,13 +897,14 @@ class UidPermissionPolicy : SchemePolicy() {
             val shouldGrant = if (packageState.isUpdatedSystemApp) {
                 // For updated system applications, a privileged/oem permission
                 // is granted only if it had been defined by the original application.
-                val disabledSystemPackage = newState.systemState
-                    .disabledSystemPackageStates[packageState.packageName]?.androidPackage
+                val disabledSystemPackageState = newState.systemState
+                    .disabledSystemPackageStates[packageState.packageName]
+                val disabledSystemPackage = disabledSystemPackageState?.androidPackage
                 disabledSystemPackage != null &&
                     permission.name in disabledSystemPackage.requestedPermissions &&
-                    shouldGrantPrivilegedOrOemPermission(disabledSystemPackage, permission)
+                    shouldGrantPrivilegedOrOemPermission(disabledSystemPackageState, permission)
             } else {
-                shouldGrantPrivilegedOrOemPermission(androidPackage, permission)
+                shouldGrantPrivilegedOrOemPermission(packageState, permission)
             }
             if (shouldGrant) {
                 return true
@@ -989,18 +989,18 @@ class UidPermissionPolicy : SchemePolicy() {
     }
 
     private fun MutateStateScope.shouldGrantPrivilegedOrOemPermission(
-        androidPackage: AndroidPackage,
+        packageState: PackageState,
         permission: Permission
     ): Boolean {
         val permissionName = permission.name
-        val packageName = androidPackage.packageName
+        val packageName = packageState.packageName
         when {
             permission.isPrivileged -> {
-                if (androidPackage.isPrivileged) {
+                if (packageState.isPrivileged) {
                     // In any case, don't grant a privileged permission to privileged vendor apps,
                     // if the permission's protectionLevel does not have the extra vendorPrivileged
                     // flag.
-                    if (androidPackage.isVendor && !permission.isVendorPrivileged) {
+                    if (packageState.isVendor && !permission.isVendorPrivileged) {
                         Log.w(
                             LOG_TAG, "Permission $permissionName cannot be granted to privileged" +
                             " vendor app $packageName because it isn't a vendorPrivileged" +
@@ -1012,7 +1012,7 @@ class UidPermissionPolicy : SchemePolicy() {
                 }
             }
             permission.isOem -> {
-                if (androidPackage.isOem) {
+                if (packageState.isOem) {
                     val allowlistState = newState.systemState.permissionAllowlist
                         .getOemAppAllowlistState(packageName, permissionName)
                     checkNotNull(allowlistState) {
author	Winson Chiu <chiuwinson@google.com>	2022-11-02 21:19:05 +0000
committer	Winson <chiuwinson@google.com>	2022-12-19 14:47:59 -0800
commit	d4c21606ba0374518db0caeada6be521ab32d4b9 (patch)
tree	cf6bd31b141764d4c35cc71f073911b5af5ba1a4 /services/permission/java
parent	392a8cb434eebbecc45f2e5b481def776eea061c (diff)