From 8277ab6fb2bb975f7d9982d64c2a929cb01e2b8a Mon Sep 17 00:00:00 2001 From: "Philip P. Moltmann" Date: Thu, 21 Feb 2019 14:08:30 -0800 Subject: Do not revoke pre-M perms on upgrade ... just remove the REVOKE_ON_UPGRADE flag. Pre-M apps do not know how to ask for permissions. Hence only the user can revoke permissions as this is likely to break apps. Test: atest CtsPermissionTestCases:SplitPermissionsTest Change-Id: I4f7634985cb655f6b8f98ecf4261e1afcb4519de --- .../pm/permission/PermissionManagerService.java | 31 ++++++++++------------ 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 6b449ff7750f..f9ba6da3f2a5 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -1201,29 +1201,23 @@ public class PermissionManagerService { if ((flags & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0) { BasePermission bp = mSettings.getPermissionLocked(permission); - ps.updatePermissionFlags(bp, userId, - FLAG_PERMISSION_REVOKE_WHEN_REQUESTED - | FLAG_PERMISSION_USER_FIXED | FLAG_PERMISSION_USER_SET, - 0); - updatedUserIds = ArrayUtils.appendInt(updatedUserIds, - userId); + int flagsToRemove = FLAG_PERMISSION_REVOKE_WHEN_REQUESTED; if ((flags & (FLAG_PERMISSION_GRANTED_BY_DEFAULT | FLAG_PERMISSION_POLICY_FIXED | FLAG_PERMISSION_SYSTEM_FIXED)) - == 0) { - if (supportsRuntimePermissions) { - int revokeResult = ps.revokeRuntimePermission(bp, userId); - if (revokeResult != PERMISSION_OPERATION_FAILURE) { - if (DEBUG_PERMISSIONS) { - Slog.i(TAG, "Revoking runtime permission " - + permission + " for " + pkgName - + " as it is now requested"); - } + == 0 && supportsRuntimePermissions) { + int revokeResult = ps.revokeRuntimePermission(bp, userId); + if (revokeResult != PERMISSION_OPERATION_FAILURE) { + if (DEBUG_PERMISSIONS) { + Slog.i(TAG, "Revoking runtime permission " + + permission + " for " + pkgName + + " as it is now requested"); } - } else { - setAppOpMode(permission, pkg, userId, MODE_IGNORED); } + flagsToRemove |= + FLAG_PERMISSION_USER_FIXED | FLAG_PERMISSION_USER_SET; + List fgPerms = mBackgroundPermissions.get(permission); if (fgPerms != null) { int numFgPerms = fgPerms.size(); @@ -1241,6 +1235,9 @@ public class PermissionManagerService { } } } + + ps.updatePermissionFlags(bp, userId, flagsToRemove, 0); + updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId); } } } -- cgit v1.2.3-59-g8ed1b