diff options
2 files changed, 47 insertions, 4 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt index bb68bc5c791d..44609acf7894 100644 --- a/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt +++ b/services/permission/java/com/android/server/permission/access/permission/DevicePermissionPolicy.kt @@ -61,6 +61,38 @@ class DevicePermissionPolicy : SchemePolicy() { } } + fun MutateStateScope.removeInactiveDevicesPermission(activePersistentDeviceIds: Set<String>) { + newState.userStates.forEachIndexed { _, userId, userState -> + userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ -> + val appIdDevicePermissionFlags = + newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags() + val devicePermissionFlags = + appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed + + val removePersistentDeviceIds = mutableSetOf<String>() + devicePermissionFlags.forEachIndexed { _, deviceId, _ -> + if (!activePersistentDeviceIds.contains(deviceId)) { + removePersistentDeviceIds.add(deviceId) + } + } + + removePersistentDeviceIds.forEach { deviceId -> devicePermissionFlags -= deviceId } + } + } + } + + fun MutateStateScope.onDeviceIdRemoved(deviceId: String) { + newState.userStates.forEachIndexed { _, userId, userState -> + userState.appIdDevicePermissionFlags.forEachReversedIndexed { _, appId, _ -> + val appIdDevicePermissionFlags = + newState.mutateUserState(userId)!!.mutateAppIdDevicePermissionFlags() + val devicePermissionFlags = + appIdDevicePermissionFlags.mutate(appId) ?: return@forEachReversedIndexed + devicePermissionFlags -= deviceId + } + } + } + override fun MutateStateScope.onStorageVolumeMounted( volumeUuid: String?, packageNames: List<String>, diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt index 7c539502461b..a7d32492d6e2 100644 --- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt +++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt @@ -2314,6 +2314,18 @@ class PermissionService(private val service: AccessCheckingService) : service.onSystemReady() virtualDeviceManagerInternal = LocalServices.getService(VirtualDeviceManagerInternal::class.java) + + virtualDeviceManagerInternal?.allPersistentDeviceIds?.let { persistentDeviceIds -> + service.mutateState { + with(devicePolicy) { removeInactiveDevicesPermission(persistentDeviceIds) } + } + } + + // trim permission states for the external devices, when they are removed. + virtualDeviceManagerInternal?.registerPersistentDeviceIdRemovedListener { persistentDeviceId + -> + service.mutateState { with(devicePolicy) { onDeviceIdRemoved(persistentDeviceId) } } + } permissionControllerManager = PermissionControllerManager(context, PermissionThread.getHandler()) } @@ -2681,8 +2693,8 @@ class PermissionService(private val service: AccessCheckingService) : permissionName in NOTIFICATIONS_PERMISSIONS && runtimePermissionRevokedUids.get(uid, true) } - runtimePermissionChangedUidDevices - .getOrPut(uid) { mutableSetOf() } += persistentDeviceId + runtimePermissionChangedUidDevices.getOrPut(uid) { mutableSetOf() } += + persistentDeviceId } if (permission.hasGids && !wasPermissionGranted && isPermissionGranted) { @@ -2799,8 +2811,7 @@ class PermissionService(private val service: AccessCheckingService) : fun onPermissionsChanged(uid: Int, persistentDeviceId: String) { if (listeners.registeredCallbackCount > 0) { - obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0, persistentDeviceId) - .sendToTarget() + obtainMessage(MSG_ON_PERMISSIONS_CHANGED, uid, 0, persistentDeviceId).sendToTarget() } } |