diff options
3 files changed, 93 insertions, 94 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index b11abde5021d..b880ada9143e 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -103,7 +103,6 @@ import static android.os.incremental.IncrementalManager.isIncrementalPath; import static android.os.storage.StorageManager.FLAG_STORAGE_CE; import static android.os.storage.StorageManager.FLAG_STORAGE_DE; import static android.os.storage.StorageManager.FLAG_STORAGE_EXTERNAL; -import static android.permission.PermissionManager.KILL_APP_REASON_GIDS_CHANGED; import static com.android.internal.annotations.VisibleForTesting.Visibility; import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_MANAGED_PROFILE; @@ -12961,7 +12960,7 @@ public class PackageManagerService extends IPackageManager.Stub } } - void removePackageLI(String packageName, boolean chatty) { + private void removePackageLI(String packageName, boolean chatty) { if (DEBUG_INSTALL) { if (chatty) Log.d(TAG, "Removing package " + packageName); @@ -12976,9 +12975,9 @@ public class PackageManagerService extends IPackageManager.Stub } } - void cleanPackageDataStructuresLILPw(AndroidPackage pkg, boolean chatty) { + private void cleanPackageDataStructuresLILPw(AndroidPackage pkg, boolean chatty) { mComponentResolver.removeAllComponents(pkg, chatty); - mPermissionManager.removeAllPermissions(pkg, chatty); + mPermissionManager.onPackageRemoved(pkg); final int instrumentationSize = ArrayUtils.size(pkg.getInstrumentations()); StringBuilder r = null; @@ -19476,33 +19475,13 @@ public class PackageManagerService extends IPackageManager.Stub if (outInfo != null) { outInfo.removedAppId = removedAppId; } - if ((deletedPs.sharedUser == null || deletedPs.sharedUser.packages.size() == 0) - && !isUpdatedSystemApp(deletedPs)) { - mPermissionManager.removeAppIdStateTEMP(removedAppId); - } - mPermissionManager.updatePermissions(deletedPs.name, null); - if (deletedPs.sharedUser != null) { - // Remove permissions associated with package. Since runtime - // permissions are per user we have to kill the removed package - // or packages running under the shared user of the removed - // package if revoking the permissions requested only by the removed - // package is successful and this causes a change in gids. - boolean shouldKill = false; - for (int userId : UserManagerService.getInstance().getUserIds()) { - final int userIdToKill = mPermissionManager - .revokeSharedUserPermissionsForDeletedPackageTEMP(deletedPs, - userId); - shouldKill |= userIdToKill != UserHandle.USER_NULL; - } - // If gids changed, kill all affected packages. - if (shouldKill) { - mHandler.post(() -> { - // This has to happen with no lock held. - killApplication(deletedPs.name, deletedPs.appId, - KILL_APP_REASON_GIDS_CHANGED); - }); - } + final SharedUserSetting sus = deletedPs.getSharedUser(); + List<AndroidPackage> sharedUserPkgs = sus != null ? sus.getPackages() : null; + if (sharedUserPkgs == null) { + sharedUserPkgs = Collections.emptyList(); } + mPermissionManager.onPackageStateRemoved(packageName, deletedPs.appId, + deletedPs.pkg, sharedUserPkgs); clearPackagePreferredActivitiesLPw( deletedPs.name, changedUsers, UserHandle.USER_ALL); } diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 092167d09a79..1b35d29f0d6b 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -147,7 +147,6 @@ import com.android.server.Watchdog; import com.android.server.pm.ApexManager; import com.android.server.pm.PackageManagerServiceUtils; import com.android.server.pm.PackageSetting; -import com.android.server.pm.SharedUserSetting; import com.android.server.pm.UserManagerInternal; import com.android.server.pm.UserManagerService; import com.android.server.pm.parsing.PackageInfoUtils; @@ -2587,7 +2586,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { } } - private void removeAllPermissions(AndroidPackage pkg, boolean chatty) { + private void removeAllPermissionsInternal(@NonNull AndroidPackage pkg) { synchronized (mLock) { int N = ArrayUtils.size(pkg.getPermissions()); StringBuilder r = null; @@ -2599,7 +2598,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { } if (bp != null && bp.isPermission(p)) { bp.setPermissionInfo(null); - if (DEBUG_REMOVE && chatty) { + if (DEBUG_REMOVE) { if (r == null) { r = new StringBuilder(256); } else { @@ -3977,34 +3976,30 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @UserIdInt - private int revokeSharedUserPermissionsForDeletedPackage(@NonNull PackageSetting deletedPs, + private int revokeSharedUserPermissionsForDeletedPackageInternal( + @Nullable AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs, @UserIdInt int userId) { - if ((deletedPs == null) || (deletedPs.pkg == null)) { + if (pkg == null) { Slog.i(TAG, "Trying to update info for null package. Just ignoring"); return UserHandle.USER_NULL; } - SharedUserSetting sus = deletedPs.getSharedUser(); - - // No sharedUserId - if (sus == null) { + // No shared user packages + if (sharedUserPkgs.isEmpty()) { return UserHandle.USER_NULL; } int affectedUserId = UserHandle.USER_NULL; // Update permissions - for (String eachPerm : deletedPs.pkg.getRequestedPermissions()) { + for (String eachPerm : pkg.getRequestedPermissions()) { // Check if another package in the shared user needs the permission. boolean used = false; - final List<AndroidPackage> pkgs = sus.getPackages(); - if (pkgs != null) { - for (AndroidPackage pkg : pkgs) { - if (pkg != null - && !pkg.getPackageName().equals(deletedPs.pkg.getPackageName()) - && pkg.getRequestedPermissions().contains(eachPerm)) { - used = true; - break; - } + for (AndroidPackage sharedUserpkg : sharedUserPkgs) { + if (sharedUserpkg != null + && !sharedUserpkg.getPackageName().equals(pkg.getPackageName()) + && sharedUserpkg.getRequestedPermissions().contains(eachPerm)) { + used = true; + break; } } if (used) { @@ -4012,7 +4007,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { } PackageSetting disabledPs = mPackageManagerInt.getDisabledSystemPackage( - deletedPs.pkg.getPackageName()); + pkg.getPackageName()); // If the package is shadowing is a disabled system package, // do not drop permissions that the shadowed package requests. @@ -4030,9 +4025,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { } synchronized (mLock) { - UidPermissionState uidState = getUidStateLocked(deletedPs.pkg, userId); + UidPermissionState uidState = getUidStateLocked(pkg, userId); if (uidState == null) { - Slog.e(TAG, "Missing permissions state for " + deletedPs.pkg.getPackageName() + Slog.e(TAG, "Missing permissions state for " + pkg.getPackageName() + " and user " + userId); continue; } @@ -4912,6 +4907,39 @@ public class PermissionManagerService extends IPermissionManager.Stub { return true; } + private void onPackageRemovedInternal(@NonNull AndroidPackage pkg) { + removeAllPermissionsInternal(pkg); + } + + private void onPackageStateRemovedInternal(@NonNull String packageName, int appId, + @Nullable AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs) { + if (sharedUserPkgs.isEmpty() + && mPackageManagerInt.getDisabledSystemPackage(packageName) == null) { + removeAppIdState(appId); + } + updatePermissions(packageName, null, mDefaultPermissionCallback); + if (!sharedUserPkgs.isEmpty()) { + // Remove permissions associated with package. Since runtime + // permissions are per user we have to kill the removed package + // or packages running under the shared user of the removed + // package if revoking the permissions requested only by the removed + // package is successful and this causes a change in gids. + boolean shouldKill = false; + for (int userId : UserManagerService.getInstance().getUserIds()) { + final int userIdToKill = revokeSharedUserPermissionsForDeletedPackageInternal(pkg, + sharedUserPkgs, userId); + shouldKill |= userIdToKill != UserHandle.USER_NULL; + } + // If gids changed, kill all affected packages. + if (shouldKill) { + mHandler.post(() -> { + // This has to happen with no lock held. + killUid(appId, UserHandle.USER_ALL, KILL_APP_REASON_GIDS_CHANGED); + }); + } + } + } + private boolean canPropagatePermissionToInstantApp(@NonNull String permissionName) { synchronized (mLock) { final Permission bp = mRegistry.getPermission(permissionName); @@ -5012,10 +5040,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @Override - public void removeAllPermissions(AndroidPackage pkg, boolean chatty) { - PermissionManagerService.this.removeAllPermissions(pkg, chatty); - } - @Override public void readLegacyPermissionStateTEMP() { PermissionManagerService.this.readLegacyPermissionState(); } @@ -5027,17 +5051,6 @@ public class PermissionManagerService extends IPermissionManager.Stub { public void onUserRemoved(@UserIdInt int userId) { PermissionManagerService.this.onUserRemoved(userId); } - @Override - public void removeAppIdStateTEMP(@AppIdInt int appId) { - PermissionManagerService.this.removeAppIdState(appId); - } - @Override - @UserIdInt - public int revokeSharedUserPermissionsForDeletedPackageTEMP( - @NonNull PackageSetting deletedPs, @UserIdInt int userId) { - return PermissionManagerService.this.revokeSharedUserPermissionsForDeletedPackage( - deletedPs, userId); - } @NonNull @Override public Set<String> getGrantedPermissions(@NonNull String packageName, @@ -5352,6 +5365,20 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @Override + public void onPackageRemoved(@NonNull AndroidPackage pkg) { + Objects.requireNonNull(pkg); + onPackageRemovedInternal(pkg); + } + + @Override + public void onPackageStateRemoved(@NonNull String packageName, int appId, + @Nullable AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs) { + Objects.requireNonNull(packageName); + Objects.requireNonNull(sharedUserPkgs); + onPackageStateRemovedInternal(packageName, appId, pkg, sharedUserPkgs); + } + + @Override public boolean canPropagatePermissionToInstantApp(@NonNull String permissionName) { return PermissionManagerService.this.canPropagatePermissionToInstantApp(permissionName); } diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java index 11b6f311b9f0..1becbedc29fb 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java @@ -24,7 +24,6 @@ import android.content.pm.PackageManager; import android.content.pm.PermissionInfo; import android.permission.PermissionManagerInternal; -import com.android.server.pm.PackageSetting; import com.android.server.pm.parsing.pkg.AndroidPackage; import java.util.ArrayList; @@ -276,8 +275,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public abstract void resetAllRuntimePermissions(@UserIdInt int userId); - public abstract void removeAllPermissions(@NonNull AndroidPackage pkg, boolean chatty); - /** * Read legacy permission state from package settings. * @@ -301,30 +298,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager public abstract void onUserRemoved(@UserIdInt int userId); /** - * Remove the permission state associated with an app ID, called the same time as the - * removal of a {@code PackageSetitng}. - * - * TODO(zhanghai): This is a temporary method before we figure out a way to get notified of app - * ID removal via API. - */ - public abstract void removeAppIdStateTEMP(@AppIdInt int appId); - - /** - * Update the shared user setting when a package with a shared user id is removed. The gids - * associated with each permission of the deleted package are removed from the shared user' - * gid list only if its not in use by other permissions of packages in the shared user setting. - * - * TODO(zhanghai): We should not need this when permission no longer sees an incomplete package - * state where the updated system package is uninstalled but the disabled system package is yet - * to be installed. Then we should handle this in restorePermissionState(). - * - * @return the affected user id, may be a real user ID, USER_ALL, or USER_NULL when none. - */ - @UserIdInt - public abstract int revokeSharedUserPermissionsForDeletedPackageTEMP( - @NonNull PackageSetting deletedPs, @UserIdInt int userId); - - /** * Get all the permissions granted to a package. * * @param packageName the name of the package @@ -553,6 +526,26 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager @Nullable AndroidPackage oldPkg); /** + * Callback when a package has been removed. + * + * @param pkg the removed package + */ + //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) + public abstract void onPackageRemoved(@NonNull AndroidPackage pkg); + + /** + * Callback when the state for a package has been removed. + * + * @param packageName the name of the removed package + * @param appId the app ID of the removed package + * @param pkg the removed package, or {@code null} if unavailable + * @param sharedUserPkgs the packages that are in the same shared user + */ + //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) + public abstract void onPackageStateRemoved(@NonNull String packageName, int appId, + @Nullable AndroidPackage pkg, @NonNull List<AndroidPackage> sharedUserPkgs); + + /** * Check whether a permission can be propagated to instant app. * * @param permissionName the name of the permission |