summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java58
-rw-r--r--services/core/java/com/android/server/pm/Settings.java11
2 files changed, 64 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index d4760b516e6b..c7606c3faa65 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -604,6 +604,8 @@ public class PackageManagerService extends IPackageManager.Stub
*/
private static final boolean DEFAULT_PACKAGE_PARSER_CACHE_ENABLED = true;
+ private static final int PROTECTION_MASK_BASE = 0xf;
+
final ServiceThread mHandlerThread;
final PackageHandler mHandler;
@@ -5485,11 +5487,12 @@ public class PackageManagerService extends IPackageManager.Stub
@Override
public void revokeRuntimePermission(String packageName, String name, int userId) {
- revokeRuntimePermission(packageName, name, userId, false /* Only if not fixed by policy */);
+ revokeRuntimePermission(packageName, name, userId, false /* Only if not fixed by policy */,
+ mSettings.getPermission(name));
}
private void revokeRuntimePermission(String packageName, String name, int userId,
- boolean overridePolicy) {
+ boolean overridePolicy, BasePermission bp) {
if (!sUserManager.exists(userId)) {
Log.e(TAG, "No such user:" + userId);
return;
@@ -5515,7 +5518,6 @@ public class PackageManagerService extends IPackageManager.Stub
|| filterAppAccessLPr(ps, Binder.getCallingUid(), userId)) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
- final BasePermission bp = mSettings.mPermissions.get(name);
if (bp == null) {
throw new IllegalArgumentException("Unknown permission: " + name);
}
@@ -5637,7 +5639,7 @@ public class PackageManagerService extends IPackageManager.Stub
try {
revokeRuntimePermission(packageName, permissionName, userId,
- false);
+ false, mSettings.getPermission(permissionName));
} catch (IllegalArgumentException e) {
Slog.e(TAG, "Could not revoke " + permissionName + " from "
+ packageName, e);
@@ -12320,7 +12322,10 @@ public class PackageManagerService extends IPackageManager.Stub
if (DEBUG_REMOVE) Log.d(TAG, " Activities: " + r);
}
+ final ArrayList<String> allPackageNames = new ArrayList<>(mPackages.keySet());
+
N = pkg.permissions.size();
+ List<BasePermission> bps = new ArrayList<BasePermission>(N);
r = null;
for (i=0; i<N; i++) {
PackageParser.Permission p = pkg.permissions.get(i);
@@ -12329,6 +12334,10 @@ public class PackageManagerService extends IPackageManager.Stub
bp = mSettings.mPermissionTrees.get(p.info.name);
}
if (bp != null && bp.perm == p) {
+ if (((p.info.protectionLevel & PROTECTION_MASK_BASE) &
+ PermissionInfo.PROTECTION_DANGEROUS) != 0) {
+ bps.add(bp);
+ }
bp.perm = null;
if (DEBUG_REMOVE && chatty) {
if (r == null) {
@@ -12346,6 +12355,45 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
}
+
+ AsyncTask.execute(() -> {
+ final int numRemovedPermissions = bps.size();
+ for (int permissionNum = 0; permissionNum < numRemovedPermissions; permissionNum++) {
+ final int[] userIds = mUserManagerInternal.getUserIds();
+ final int numUserIds = userIds.length;
+
+ final int numPackages = allPackageNames.size();
+ for (int packageNum = 0; packageNum < numPackages; packageNum++) {
+ final String packageName = allPackageNames.get(packageNum);
+ final PackageManagerInternal packageManagerInt =
+ LocalServices.getService(PackageManagerInternal.class);
+ final ApplicationInfo applicationInfo = packageManagerInt.getApplicationInfo(
+ packageName, 0, Process.SYSTEM_UID, UserHandle.USER_SYSTEM);
+ if (applicationInfo != null
+ && applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+ continue;
+ }
+ for (int userIdNum = 0; userIdNum < numUserIds; userIdNum++) {
+ final int userId = userIds[userIdNum];
+ final String permissionName = bps.get(permissionNum).name;
+ if (checkPermission(permissionName, packageName,
+ userId) == PackageManager.PERMISSION_GRANTED) {
+ try {
+ revokeRuntimePermission(packageName,
+ permissionName,
+ userId,
+ false,
+ bps.get(permissionNum));
+ } catch (IllegalArgumentException e) {
+ Slog.e(TAG, "Could not revoke " + permissionName + " from "
+ + packageName, e);
+ }
+ }
+ }
+ }
+ }
+ });
+
if (r != null) {
if (DEBUG_REMOVE) Log.d(TAG, " Permissions: " + r);
}
@@ -24764,7 +24812,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
public void revokeRuntimePermission(String packageName, String name, int userId,
boolean overridePolicy) {
PackageManagerService.this.revokeRuntimePermission(packageName, name, userId,
- overridePolicy);
+ overridePolicy, mSettings.getPermission(name));
}
@Override
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 45d0c585627b..1f8990bd39e7 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -448,6 +448,17 @@ final class Settings {
mBackupStoppedPackagesFilename = new File(mSystemDir, "packages-stopped-backup.xml");
}
+ public @Nullable BasePermission getPermission(@NonNull String permName) {
+ synchronized (mLock) {
+ return getPermissionLocked(permName);
+ }
+ }
+
+ @GuardedBy("mLock")
+ @Nullable BasePermission getPermissionLocked(@NonNull String permName) {
+ return mPermissions.get(permName);
+ }
+
PackageSetting getPackageLPr(String pkgName) {
return mPackages.get(pkgName);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-28 15:00:46 +0000