summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNate Myren <ntmyren@google.com>2022-09-23 12:04:57 -0700
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2022-11-11 21:37:02 +0000
commiteb66408d941bd8a1f9ddc5b6ac73230a436bc79e (patch)
treec2fc3b23f72b8453acf45ff84db39536a5069523
parentdccf3b514d536c4c056f0dd1f16a4e96b9257d3c (diff)
downloadbase-eb66408d941bd8a1f9ddc5b6ac73230a436bc79e.tar.gz
RESTRICT AUTOMERGE Revoke SYSTEM_ALERT_WINDOW on upgrade past api 23
Bug: 221040577 Test: atest PermissionTest23#testPre23AppsWithSystemAlertWindowGetDeniedOnUpgrade Change-Id: I4b4605aaae107875811070dea6d031c5d9f25c96 (cherry picked from commit 14551ab6d2c754d83d6b504549aabb40018d9c6a) Merged-In: I4b4605aaae107875811070dea6d031c5d9f25c96
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java4
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerService.java60
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java29
3 files changed, 57 insertions, 36 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 362a8cf03aaa..f546a3b04236 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -12522,9 +12522,7 @@ public class PackageManagerService extends IPackageManager.Stub
AsyncTask.execute(() -> {
if (hasOldPkg) {
- mPermissionManager.revokeRuntimePermissionsIfGroupChanged(pkg, oldPkg,
- allPackageNames);
- mPermissionManager.revokeStoragePermissionsIfScopeExpanded(pkg, oldPkg);
+ mPermissionManager.onPackageUpdated(pkg, oldPkg, allPackageNames);
}
if (hasPermissionDefinitionChanges) {
mPermissionManager.revokeRuntimePermissionsIfPermissionDefinitionChanged(
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 48f39267a59f..575208933658 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2322,6 +2322,46 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
/**
+ * If the package was below api 23, got the SYSTEM_ALERT_WINDOW permission automatically, and
+ * then updated past api 23, and the app does not satisfy any of the other SAW permission flags,
+ * the permission should be revoked.
+ *
+ * @param newPackage The new package that was installed
+ * @param oldPackage The old package that was updated
+ */
+ private void revokeSystemAlertWindowIfUpgradedPast23(
+ @NonNull AndroidPackage newPackage,
+ @NonNull AndroidPackage oldPackage,
+ @NonNull PermissionCallback permissionCallback) {
+ if (oldPackage.getTargetSdkVersion() >= Build.VERSION_CODES.M
+ || newPackage.getTargetSdkVersion() < Build.VERSION_CODES.M
+ || !newPackage.getRequestedPermissions()
+ .contains(Manifest.permission.SYSTEM_ALERT_WINDOW)) {
+ return;
+ }
+
+ BasePermission saw;
+ synchronized (mLock) {
+ saw = mSettings.getPermissionLocked(Manifest.permission.SYSTEM_ALERT_WINDOW);
+ }
+ final PackageSetting ps = (PackageSetting)
+ mPackageManagerInt.getPackageSetting(newPackage.getPackageName());
+ if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw,
+ ps.getPermissionsState())) {
+ return;
+ }
+ for (int userId : mUserManagerInt.getUserIds()) {
+ try {
+ revokePermissionFromPackageForUser(newPackage.getPackageName(),
+ Manifest.permission.SYSTEM_ALERT_WINDOW, false, userId, permissionCallback);
+ } catch (IllegalStateException | SecurityException e) {
+ Log.e(TAG, "unable to revoke SYSTEM_ALERT_WINDOW for "
+ + newPackage.getPackageName() + " user " + userId, e);
+ }
+ }
+ }
+
+ /**
* We might auto-grant permissions if any permission of the group is already granted. Hence if
* the group of a granted permission changes we need to revoke it to avoid having permissions of
* the new group auto-granted.
@@ -4798,24 +4838,20 @@ public class PermissionManagerService extends IPermissionManager.Stub {
return PermissionManagerService.this.isPermissionsReviewRequired(pkg, userId);
}
/**
- * If the app is updated, and has scoped storage permissions, then it is possible that the
- * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
+ * If the app is updated, then some checks need to be performed to ensure the
+ * package is not attempting to expoit permission changes across API boundaries.
* @param newPackage The new package that was installed
* @param oldPackage The old package that was updated
+ * @param allPackageNames The current packages in the system
*/
- public void revokeStoragePermissionsIfScopeExpanded(
- @NonNull AndroidPackage newPackage,
- @NonNull AndroidPackage oldPackage
- ) {
- PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,
- oldPackage, mDefaultPermissionCallback);
- }
-
- @Override
- public void revokeRuntimePermissionsIfGroupChanged(
+ public void onPackageUpdated(
@NonNull AndroidPackage newPackage,
@NonNull AndroidPackage oldPackage,
@NonNull ArrayList<String> allPackageNames) {
+ PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,
+ oldPackage, mDefaultPermissionCallback);
+ PermissionManagerService.this.revokeSystemAlertWindowIfUpgradedPast23(newPackage,
+ oldPackage, mDefaultPermissionCallback);
PermissionManagerService.this.revokeRuntimePermissionsIfGroupChanged(newPackage,
oldPackage, allPackageNames, mDefaultPermissionCallback);
}
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
index df0edfa16924..7003c7a2027e 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java
@@ -239,16 +239,14 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
public abstract void resetRuntimePermissions(@NonNull AndroidPackage pkg,
@UserIdInt int userId);
- /**
- * We might auto-grant permissions if any permission of the group is already granted. Hence if
- * the group of a granted permission changes we need to revoke it to avoid having permissions of
- * the new group auto-granted.
- *
- * @param newPackage The new package that was installed
- * @param oldPackage The old package that was updated
- * @param allPackageNames All packages
- */
- public abstract void revokeRuntimePermissionsIfGroupChanged(
+ /**
+ * If the app is updated, then some checks need to be performed to ensure the package is not
+ * attempting to expoit permission changes across API boundaries.
+ * @param newPackage The new package that was installed
+ * @param oldPackage The old package that was updated
+ * @param allPackageNames The current packages in the system
+ */
+ public abstract void onPackageUpdated(
@NonNull AndroidPackage newPackage,
@NonNull AndroidPackage oldPackage,
@NonNull ArrayList<String> allPackageNames);
@@ -266,17 +264,6 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager
@NonNull ArrayList<String> allPackageNames);
/**
- * If the app is updated, and has scoped storage permissions, then it is possible that the
- * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.
- * @param newPackage The new package that was installed
- * @param oldPackage The old package that was updated
- */
- public abstract void revokeStoragePermissionsIfScopeExpanded(
- @NonNull AndroidPackage newPackage,
- @NonNull AndroidPackage oldPackage
- );
-
- /**
* Add all permissions in the given package.
* <p>
* NOTE: argument {@code groupTEMP} is temporary until mPermissionGroups is moved to
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 22:53:33 +0000