summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java4
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerService.java58
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java31
3 files changed, 57 insertions, 36 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 6b06de3da929..99b64274f85c 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -12322,9 +12322,7 @@ public class PackageManagerService extends IPackageManager.Stub
AsyncTask.execute(() -> {
if (hasOldPkg) {
- mPermissionManager.revokeRuntimePermissionsIfGroupChanged(pkg, oldPkg,
- allPackageNames, mPermissionCallback);
- mPermissionManager.revokeStoragePermissionsIfScopeExpanded(pkg, oldPkg,
+ mPermissionManager.onPackageUpdated(pkg, oldPkg, allPackageNames,
mPermissionCallback);
}
if (hasPermissionDefinitionChanges) {
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 8e0652f750c1..3acf3594ca4c 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -647,6 +647,45 @@ public class PermissionManagerService {
}
/**
+ * If the package was below api 23, got the SYSTEM_ALERT_WINDOW permission automatically, and
+ * then updated past api 23, and the app does not satisfy any of the other SAW permission flags,
+ * the permission should be revoked.
+ *
+ * @param newPackage The new package that was installed
+ * @param oldPackage The old package that was updated
+ */
+ private void revokeSystemAlertWindowIfUpgradedPast23(
+ @NonNull PackageParser.Package newPackage,
+ @NonNull PackageParser.Package oldPackage,
+ @NonNull PermissionCallback permissionCallback) {
+ if (oldPackage.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M
+ || newPackage.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
+ || !newPackage.requestedPermissions
+ .contains(Manifest.permission.SYSTEM_ALERT_WINDOW)) {
+ return;
+ }
+
+ BasePermission saw;
+ synchronized (mLock) {
+ saw = mSettings.getPermissionLocked(Manifest.permission.SYSTEM_ALERT_WINDOW);
+ }
+ final PackageSetting ps = (PackageSetting) newPackage.mExtras;
+ if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, saw,
+ ps.getPermissionsState())) {
+ return;
+ }
+ for (int userId: mUserManagerInt.getUserIds()) {
+ try {
+ revokeRuntimePermission(Manifest.permission.SYSTEM_ALERT_WINDOW,
+ newPackage.packageName, false, userId, permissionCallback);
+ } catch (IllegalStateException | SecurityException e) {
+ Log.e(TAG, "unable to revoke SYSTEM_ALERT_WINDOW for "
+ + newPackage.packageName + " user " + userId, e);
+ }
+ }
+ }
+
+ /**
* We might auto-grant permissions if any permission of the group is already granted. Hence if
* the group of a granted permission changes we need to revoke it to avoid having permissions of
* the new group auto-granted.
@@ -3170,25 +3209,22 @@ public class PermissionManagerService {
}
/**
- * If the app is updated, and has scoped storage permissions, then it is possible that the
- * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
+ * If the app is updated, then some checks need to be performed to ensure the
+ * package is not attempting to expoit permission changes across API boundaries.
* @param newPackage The new package that was installed
* @param oldPackage The old package that was updated
+ * @param allPackageNames The current packages in the system
+ * @param permissionCallback Callback for permission changed
*/
- public void revokeStoragePermissionsIfScopeExpanded(
+ public void onPackageUpdated(
@NonNull PackageParser.Package newPackage,
@NonNull PackageParser.Package oldPackage,
+ @NonNull ArrayList<String> allPackageNames,
@NonNull PermissionCallback permissionCallback) {
PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,
oldPackage, permissionCallback);
- }
-
- @Override
- public void revokeRuntimePermissionsIfGroupChanged(
- @NonNull PackageParser.Package newPackage,
- @NonNull PackageParser.Package oldPackage,
- @NonNull ArrayList<String> allPackageNames,
- @NonNull PermissionCallback permissionCallback) {
+ PermissionManagerService.this.revokeSystemAlertWindowIfUpgradedPast23(newPackage,
+ oldPackage, permissionCallback);
PermissionManagerService.this.revokeRuntimePermissionsIfGroupChanged(newPackage,
oldPackage, allPackageNames, permissionCallback);
}
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
index 46fa4ffdbd45..a2f64eafe151 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
@@ -97,17 +97,15 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
public abstract void updateAllPermissions(@Nullable String volumeUuid, boolean sdkUpdate,
@NonNull Collection<PackageParser.Package> allPacakges, PermissionCallback callback);
- /**
- * We might auto-grant permissions if any permission of the group is already granted. Hence if
- * the group of a granted permission changes we need to revoke it to avoid having permissions of
- * the new group auto-granted.
- *
- * @param newPackage The new package that was installed
- * @param oldPackage The old package that was updated
- * @param allPackageNames All packages
- * @param permissionCallback Callback for permission changed
- */
- public abstract void revokeRuntimePermissionsIfGroupChanged(
+ /**
+ * If the app is updated, then some checks need to be performed to ensure the package is not
+ * attempting to expoit permission changes across API boundaries.
+ * @param newPackage The new package that was installed
+ * @param oldPackage The old package that was updated
+ * @param allPackageNames The current packages in the system
+ * @param permissionCallback Callback for permission changed
+ */
+ public abstract void onPackageUpdated(
@NonNull PackageParser.Package newPackage,
@NonNull PackageParser.Package oldPackage,
@NonNull ArrayList<String> allPackageNames,
@@ -127,17 +125,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
@NonNull PermissionCallback permissionCallback);
/**
- * If the app is updated, and has scoped storage permissions, then it is possible that the
- * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
- * @param newPackage The new package that was installed
- * @param oldPackage The old package that was updated
- */
- public abstract void revokeStoragePermissionsIfScopeExpanded(
- @NonNull PackageParser.Package newPackage,
- @NonNull PackageParser.Package oldPackage,
- @NonNull PermissionCallback permissionCallback);
-
- /**
* Add all permissions in the given package.
* <p>
* NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-09 12:44:05 +0000