diff options
author | Philip P. Moltmann <moltmann@google.com> | 2019-10-28 11:49:11 -0700 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-12-18 06:23:26 +0000 |
commit | c9cc92a76c6df049b1f0ed1bbb7306c0fe72afb5 (patch) | |
tree | 3d40700e10b441e8695cb6bf7c5d1475c4041f76 | |
parent | 90527f6b08317dfe9801345abc8a5802f607c3bc (diff) | |
download | base-c9cc92a76c6df049b1f0ed1bbb7306c0fe72afb5.tar.gz |
Revoke granted permission when the permission defining app is removed.
Bug: 67319274
Test: atest android.permission.cts.RemovePermissionTest
Change-Id: I22df546f5cd19e10045131d36dc3f5033f727baa
Merged-In: I20c4c975a1dd41a0a6c3e068988fe60be51dd1b4
(cherry picked from commit bde381848d0d07780710ce36e0c974646ba8f995)
-rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 4c33bec71a14..b844362e69ed 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -48,6 +48,7 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.content.Context; +import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.PermissionWhitelistFlags; import android.content.pm.PackageManagerInternal; @@ -2601,7 +2602,7 @@ public class PermissionManagerService { // Make sure all dynamic permissions have been assigned to a package, // and make sure there are no dangling permissions. - flags = updatePermissions(changingPkgName, changingPkg, flags); + flags = updatePermissions(changingPkgName, changingPkg, flags, callback); synchronized (mLock) { if (mBackgroundPermissions == null) { @@ -2651,7 +2652,8 @@ public class PermissionManagerService { Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); } - private int updatePermissions(String packageName, PackageParser.Package pkg, int flags) { + private int updatePermissions(String packageName, PackageParser.Package pkg, int flags, + @Nullable PermissionCallback callback) { Set<BasePermission> needsUpdate = null; synchronized (mLock) { final Iterator<BasePermission> it = mSettings.mPermissions.values().iterator(); @@ -2665,6 +2667,44 @@ public class PermissionManagerService { && (pkg == null || !hasPermission(pkg, bp.getName()))) { Slog.i(TAG, "Removing old permission tree: " + bp.getName() + " from package " + bp.getSourcePackageName()); + if (bp.isRuntime()) { + final int[] userIds = mUserManagerInt.getUserIds(); + final int numUserIds = userIds.length; + for (int userIdNum = 0; userIdNum < numUserIds; userIdNum++) { + final int userId = userIds[userIdNum]; + + mPackageManagerInt.forEachPackage((Package p) -> { + final String pName = p.packageName; + final ApplicationInfo appInfo = + mPackageManagerInt.getApplicationInfo(pName, 0, + Process.SYSTEM_UID, UserHandle.USER_SYSTEM); + if (appInfo != null + && appInfo.targetSdkVersion < Build.VERSION_CODES.M) { + return; + } + + final String permissionName = bp.getName(); + if (checkPermission(permissionName, pName, Process.SYSTEM_UID, + userId) == PackageManager.PERMISSION_GRANTED) { + try { + revokeRuntimePermission( + permissionName, + pName, + false, + userId, + callback); + } catch (IllegalArgumentException e) { + Slog.e(TAG, + "Failed to revoke " + + permissionName + + " from " + + pName, + e); + } + } + }); + } + } flags |= UPDATE_PERMISSIONS_ALL; it.remove(); } |