diff options
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java index d34682df3413..8552bba5d608 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java @@ -2516,6 +2516,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt final int[] userIds = filterUserId == UserHandle.USER_ALL ? getAllUserIds() : new int[] { filterUserId }; + boolean installPermissionsChanged = false; boolean runtimePermissionsRevoked = false; int[] updatedUserIds = EMPTY_INT_ARRAY; @@ -2634,7 +2635,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt UidPermissionState origState = uidState; - boolean changedInstallPermission = false; + boolean installPermissionsChangedForUser = false; if (replace) { userState.setInstallPermissionsFixed(ps.getPackageName(), false); @@ -2800,7 +2801,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt && origState.isPermissionGranted(permName))))) { // Grant an install permission. if (uidState.grantPermission(bp)) { - changedInstallPermission = true; + installPermissionsChangedForUser = true; } } else if (bp.isRuntime()) { boolean hardRestricted = bp.isHardRestricted(); @@ -2940,12 +2941,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt } } if (uidState.removePermissionState(bp.getName())) { - changedInstallPermission = true; + installPermissionsChangedForUser = true; } } } - if ((changedInstallPermission || replace) + if ((installPermissionsChangedForUser || replace) && !userState.areInstallPermissionsFixed(ps.getPackageName()) && !ps.isSystem() || ps.getTransientState().isUpdatedSystemApp()) { // This is the first that we have heard about this package, so the @@ -2954,6 +2955,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt userState.setInstallPermissionsFixed(ps.getPackageName(), true); } + if (installPermissionsChangedForUser) { + installPermissionsChanged = true; + if (replace) { + updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId); + } + } updatedUserIds = revokePermissionsNoLongerImplicitLocked(uidState, pkg.getPackageName(), uidImplicitPermissions, uidTargetSdkVersion, userId, updatedUserIds); @@ -2970,8 +2977,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt // Persist the runtime permissions state for users with changes. If permissions // were revoked because no app in the shared user declares them we have to // write synchronously to avoid losing runtime permissions state. + // Also write synchronously if we changed any install permission for an updated app, because + // the install permission state is likely already fixed before update, and if we lose the + // changes here the app won't be reconsidered for newly-added install permissions. if (callback != null) { - callback.onPermissionUpdated(updatedUserIds, runtimePermissionsRevoked); + callback.onPermissionUpdated(updatedUserIds, + (replace && installPermissionsChanged) || runtimePermissionsRevoked); } for (int userId : updatedUserIds) { |