diff options
| author | Hai Zhang <zhanghai@google.com> | 2020-08-13 01:45:09 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-09-30 00:05:36 +0000 |
| commit | 714dbd9a105bd649b84c53bde757aeb1c9adc4c9 (patch) | |
| tree | b7c62fe6d3fbee2dc67bcd94b556478a90cc0ec8 | |
| parent | fd32de75d5f2ea1e4e9dc8ac0b379b55c73017bc (diff) | |
| download | base-714dbd9a105bd649b84c53bde757aeb1c9adc4c9.tar.gz | |
DO NOT MERGE Don't allow non-instant permissions for instant apps.
Bug: 140256621
Test: atest EphemeralTest
Change-Id: Id07342c0347c0b4d2ccb3f58a4af9fda7a20d6ef
(cherry picked from commit d83e3a350d1a2a6fd317b19ad22ee5647781870e)
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 63c721a5da7b..7a38a4533572 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -4198,13 +4198,9 @@ public class PackageManagerService extends IPackageManager.Stub Iterator<ResolveInfo> iter = matches.iterator(); while (iter.hasNext()) { final ResolveInfo rInfo = iter.next(); - final PackageSetting ps = mSettings.mPackages.get(rInfo.activityInfo.packageName); - if (ps != null) { - final PermissionsState permissionsState = ps.getPermissionsState(); - if (permissionsState.hasPermission(Manifest.permission.INSTALL_PACKAGES, 0) - || Build.IS_ENG) { - continue; - } + if (checkPermission(Manifest.permission.INSTALL_PACKAGES, + rInfo.activityInfo.packageName, 0) == PERMISSION_GRANTED || Build.IS_ENG) { + continue; } iter.remove(); } @@ -4380,8 +4376,24 @@ public class PackageManagerService extends IPackageManager.Stub final int[] gids = (flags & PackageManager.GET_GIDS) == 0 ? EMPTY_INT_ARRAY : permissionsState.computeGids(userId); // Compute granted permissions only if package has requested permissions - final Set<String> permissions = ArrayUtils.isEmpty(p.getRequestedPermissions()) + Set<String> permissions = ArrayUtils.isEmpty(p.getRequestedPermissions()) ? Collections.emptySet() : permissionsState.getPermissions(userId); + if (state.instantApp) { + permissions = new ArraySet<>(permissions); + permissions.removeIf(permissionName -> { + BasePermission permission = mPermissionManager.getPermissionTEMP( + permissionName); + if (permission == null) { + return true; + } + if (!permission.isInstant()) { + EventLog.writeEvent(0x534e4554, "140256621", UserHandle.getUid(userId, + ps.appId), permissionName); + return true; + } + return false; + }); + } PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags, ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps); @@ -8579,10 +8591,9 @@ public class PackageManagerService extends IPackageManager.Stub private void addPackageHoldingPermissions(ArrayList<PackageInfo> list, PackageSetting ps, String[] permissions, boolean[] tmp, int flags, int userId) { int numMatch = 0; - final PermissionsState permissionsState = ps.getPermissionsState(); for (int i=0; i<permissions.length; i++) { final String permission = permissions[i]; - if (permissionsState.hasPermission(permission, userId)) { + if (checkPermission(permission, ps.name, userId) == PERMISSION_GRANTED) { tmp[i] = true; numMatch++; } else { @@ -19185,6 +19196,13 @@ public class PackageManagerService extends IPackageManager.Stub final int flags = action.flags; final boolean systemApp = isSystemApp(ps); + // We need to get the permission state before package state is (potentially) destroyed. + final SparseBooleanArray hadSuspendAppsPermission = new SparseBooleanArray(); + for (int userId : allUserHandles) { + hadSuspendAppsPermission.put(userId, checkPermission(Manifest.permission.SUSPEND_APPS, + packageName, userId) == PERMISSION_GRANTED); + } + final int userId = user == null ? UserHandle.USER_ALL : user.getIdentifier(); if ((!systemApp || (flags & PackageManager.DELETE_SYSTEM_APP) != 0) @@ -19251,8 +19269,7 @@ public class PackageManagerService extends IPackageManager.Stub affectedUserIds = resolveUserIds(userId); } for (final int affectedUserId : affectedUserIds) { - if (ps.getPermissionsState().hasPermission(Manifest.permission.SUSPEND_APPS, - affectedUserId)) { + if (hadSuspendAppsPermission.get(affectedUserId)) { unsuspendForSuspendingPackage(packageName, affectedUserId); removeAllDistractingPackageRestrictions(affectedUserId); } @@ -21017,8 +21034,8 @@ public class PackageManagerService extends IPackageManager.Stub pkgSetting.setEnabled(newState, userId, callingPackage); if ((newState == COMPONENT_ENABLED_STATE_DISABLED_USER || newState == COMPONENT_ENABLED_STATE_DISABLED) - && pkgSetting.getPermissionsState().hasPermission( - Manifest.permission.SUSPEND_APPS, userId)) { + && checkPermission(Manifest.permission.SUSPEND_APPS, packageName, userId) + == PERMISSION_GRANTED) { // This app should not generally be allowed to get disabled by the UI, but if it // ever does, we don't want to end up with some of the user's apps permanently // suspended. |