Persist permission state for updated apps synchronously.
Because if we lose the changes, an updated app won't be reconsidered for
new install permissions.
Bug: 221899913
Test: presubmit
Change-Id: Ib82189b07cf4dfd132be37fb19843d770e871f8c
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index d34682d..8552bba 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -2516,6 +2516,7 @@
final int[] userIds = filterUserId == UserHandle.USER_ALL ? getAllUserIds()
: new int[] { filterUserId };
+ boolean installPermissionsChanged = false;
boolean runtimePermissionsRevoked = false;
int[] updatedUserIds = EMPTY_INT_ARRAY;
@@ -2634,7 +2635,7 @@
UidPermissionState origState = uidState;
- boolean changedInstallPermission = false;
+ boolean installPermissionsChangedForUser = false;
if (replace) {
userState.setInstallPermissionsFixed(ps.getPackageName(), false);
@@ -2800,7 +2801,7 @@
&& origState.isPermissionGranted(permName))))) {
// Grant an install permission.
if (uidState.grantPermission(bp)) {
- changedInstallPermission = true;
+ installPermissionsChangedForUser = true;
}
} else if (bp.isRuntime()) {
boolean hardRestricted = bp.isHardRestricted();
@@ -2940,12 +2941,12 @@
}
}
if (uidState.removePermissionState(bp.getName())) {
- changedInstallPermission = true;
+ installPermissionsChangedForUser = true;
}
}
}
- if ((changedInstallPermission || replace)
+ if ((installPermissionsChangedForUser || replace)
&& !userState.areInstallPermissionsFixed(ps.getPackageName())
&& !ps.isSystem() || ps.getTransientState().isUpdatedSystemApp()) {
// This is the first that we have heard about this package, so the
@@ -2954,6 +2955,12 @@
userState.setInstallPermissionsFixed(ps.getPackageName(), true);
}
+ if (installPermissionsChangedForUser) {
+ installPermissionsChanged = true;
+ if (replace) {
+ updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId);
+ }
+ }
updatedUserIds = revokePermissionsNoLongerImplicitLocked(uidState,
pkg.getPackageName(), uidImplicitPermissions, uidTargetSdkVersion, userId,
updatedUserIds);
@@ -2970,8 +2977,12 @@
// Persist the runtime permissions state for users with changes. If permissions
// were revoked because no app in the shared user declares them we have to
// write synchronously to avoid losing runtime permissions state.
+ // Also write synchronously if we changed any install permission for an updated app, because
+ // the install permission state is likely already fixed before update, and if we lose the
+ // changes here the app won't be reconsidered for newly-added install permissions.
if (callback != null) {
- callback.onPermissionUpdated(updatedUserIds, runtimePermissionsRevoked);
+ callback.onPermissionUpdated(updatedUserIds,
+ (replace && installPermissionsChanged) || runtimePermissionsRevoked);
}
for (int userId : updatedUserIds) {