summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerService.java83
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java9
2 files changed, 63 insertions, 29 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 226adc8acc74..b39b897b14ef 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -793,62 +793,68 @@ public class PermissionManagerService extends IPermissionManager.Stub {
final CheckPermissionDelegate checkPermissionDelegate;
synchronized (mLock) {
- if (mCheckPermissionDelegate == null) {
- return checkPermissionImpl(permName, pkgName, userId);
- }
checkPermissionDelegate = mCheckPermissionDelegate;
}
+ if (checkPermissionDelegate == null) {
+ return checkPermissionImpl(permName, pkgName, userId);
+ }
return checkPermissionDelegate.checkPermission(permName, pkgName, userId,
- PermissionManagerService.this::checkPermissionImpl);
+ this::checkPermissionImpl);
}
- private int checkPermissionImpl(String permName, String pkgName, int userId) {
- final PackageParser.Package pkg = mPackageManagerInt.getPackage(pkgName);
+ private int checkPermissionImpl(@NonNull String permissionName, @NonNull String packageName,
+ @UserIdInt int userId) {
+ final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
if (pkg == null) {
return PackageManager.PERMISSION_DENIED;
}
- return checkPermissionInternal(pkg, true, permName, userId);
+ return checkPermissionInternal(pkg, true, permissionName, true, userId)
+ ? PackageManager.PERMISSION_GRANTED : PackageManager.PERMISSION_DENIED;
}
- private int checkPermissionInternal(@NonNull Package pkg, boolean isPackageExplicit,
- @NonNull String permissionName, @UserIdInt int userId) {
+ private boolean checkPermissionInternal(@NonNull Package pkg, boolean isPackageExplicit,
+ @NonNull String permissionName, boolean useRequestedPermissionsForLegacyApps,
+ @UserIdInt int userId) {
final int callingUid = getCallingUid();
if (isPackageExplicit || pkg.mSharedUserId == null) {
if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
- return PackageManager.PERMISSION_DENIED;
+ return false;
}
} else {
if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) {
- return PackageManager.PERMISSION_DENIED;
+ return false;
}
}
final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
final PackageSetting ps = (PackageSetting) pkg.mExtras;
if (ps == null) {
- return PackageManager.PERMISSION_DENIED;
+ return false;
}
final PermissionsState permissionsState = ps.getPermissionsState();
- if (checkSinglePermissionInternal(uid, permissionsState, permissionName)) {
- return PackageManager.PERMISSION_GRANTED;
+ if (checkSinglePermissionInternal(uid, permissionsState, permissionName,
+ useRequestedPermissionsForLegacyApps)) {
+ return true;
}
final String fullerPermissionName = FULLER_PERMISSION_MAP.get(permissionName);
- if (fullerPermissionName != null
- && checkSinglePermissionInternal(uid, permissionsState, fullerPermissionName)) {
- return PackageManager.PERMISSION_GRANTED;
+ if (fullerPermissionName != null && checkSinglePermissionInternal(uid, permissionsState,
+ fullerPermissionName, useRequestedPermissionsForLegacyApps)) {
+ return true;
}
- return PackageManager.PERMISSION_DENIED;
+ return false;
}
private boolean checkSinglePermissionInternal(int uid,
- @NonNull PermissionsState permissionsState, @NonNull String permissionName) {
+ @NonNull PermissionsState permissionsState, @NonNull String permissionName,
+ boolean useRequestedPermissionsForLegacyApps) {
boolean hasPermission = permissionsState.hasPermission(permissionName,
UserHandle.getUserId(uid));
- if (!hasPermission && mSettings.isPermissionRuntime(permissionName)) {
+ if (!hasPermission && useRequestedPermissionsForLegacyApps
+ && mSettings.isPermissionRuntime(permissionName)) {
final String[] packageNames = mContext.getPackageManager().getPackagesForUid(uid);
final int packageNamesSize = packageNames != null ? packageNames.length : 0;
for (int i = 0; i < packageNamesSize; i++) {
@@ -891,12 +897,13 @@ public class PermissionManagerService extends IPermissionManager.Stub {
checkPermissionDelegate = mCheckPermissionDelegate;
}
return checkPermissionDelegate.checkUidPermission(permName, uid,
- PermissionManagerService.this::checkUidPermissionImpl);
+ this::checkUidPermissionImpl);
}
- private int checkUidPermissionImpl(String permName, int uid) {
+ private int checkUidPermissionImpl(@NonNull String permissionName, int uid) {
final PackageParser.Package pkg = mPackageManagerInt.getPackage(uid);
- return checkUidPermissionInternal(pkg, uid, permName);
+ return checkUidPermissionInternal(uid, pkg, permissionName, true)
+ ? PackageManager.PERMISSION_GRANTED : PackageManager.PERMISSION_DENIED;
}
/**
@@ -906,24 +913,25 @@ public class PermissionManagerService extends IPermissionManager.Stub {
*
* @see SystemConfig#getSystemPermissions()
*/
- private int checkUidPermissionInternal(@Nullable Package pkg, int uid,
- @NonNull String permissionName) {
+ private boolean checkUidPermissionInternal(int uid, @Nullable Package pkg,
+ @NonNull String permissionName, boolean useRequestedPermissionsForLegacyApps) {
if (pkg != null) {
final int userId = UserHandle.getUserId(uid);
- return checkPermissionInternal(pkg, false, permissionName, userId);
+ return checkPermissionInternal(pkg, false, permissionName,
+ useRequestedPermissionsForLegacyApps, userId);
}
if (checkSingleUidPermissionInternal(uid, permissionName)) {
- return PackageManager.PERMISSION_GRANTED;
+ return true;
}
final String fullerPermissionName = FULLER_PERMISSION_MAP.get(permissionName);
if (fullerPermissionName != null
&& checkSingleUidPermissionInternal(uid, fullerPermissionName)) {
- return PackageManager.PERMISSION_GRANTED;
+ return true;
}
- return PackageManager.PERMISSION_DENIED;
+ return false;
}
private boolean checkSingleUidPermissionInternal(int uid, @NonNull String permissionName) {
@@ -933,6 +941,17 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
+ private int computeRuntimePermissionAppOpMode(int uid, @NonNull String permissionName) {
+ boolean granted = isUidPermissionGranted(uid, permissionName);
+ // TODO: Foreground permissions.
+ return granted ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED;
+ }
+
+ private boolean isUidPermissionGranted(int uid, @NonNull String permissionName) {
+ final PackageParser.Package pkg = mPackageManagerInt.getPackage(uid);
+ return checkUidPermissionInternal(uid, pkg, permissionName, false);
+ }
+
@Override
public void addOnPermissionsChangeListener(IOnPermissionsChangeListener listener) {
mContext.enforceCallingOrSelfPermission(
@@ -4447,6 +4466,12 @@ public class PermissionManagerService extends IPermissionManager.Stub {
StorageManager.UUID_PRIVATE_INTERNAL, true, mDefaultPermissionCallback);
}
}
+
+ @Override
+ public int computeRuntimePermissionAppOpMode(int uid, @NonNull String permissionName) {
+ return PermissionManagerService.this.computeRuntimePermissionAppOpMode(uid,
+ permissionName);
+ }
}
private static final class OnPermissionChangeListeners extends Handler {
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
index 04ec5ba04bb6..8f22f9245a53 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
@@ -445,4 +445,13 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
/** Called when a new user has been created. */
public abstract void onNewUserCreated(@UserIdInt int userId);
+
+ /**
+ * Compute an app op mode based on its runtime permission state.
+ *
+ * @param uid the uid for the app op
+ * @param permissionName the permission name for the app op
+ * @return the computed mode
+ */
+ public abstract int computeRuntimePermissionAppOpMode(int uid, @NonNull String permissionName);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-27 10:14:38 +0000