Preserve flags for non-runtime permissions upon package update. am: 4ebd48959c
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/23327545
Change-Id: I21ad978f52676868aa880ac7c62a6883799bb95b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index b559a96..5eff14f 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -2783,29 +2783,55 @@
+ pkg.getPackageName());
}
- if ((bp.isNormal() && shouldGrantNormalPermission)
- || (bp.isSignature()
- && (!bp.isPrivileged() || CollectionUtils.contains(
- isPrivilegedPermissionAllowlisted, permName))
- && (CollectionUtils.contains(shouldGrantSignaturePermission,
- permName)
- || (((bp.isPrivileged() && CollectionUtils.contains(
- shouldGrantPrivilegedPermissionIfWasGranted,
- permName)) || bp.isDevelopment() || bp.isRole())
- && origState.isPermissionGranted(permName))))
- || (bp.isInternal()
- && (!bp.isPrivileged() || CollectionUtils.contains(
- isPrivilegedPermissionAllowlisted, permName))
- && (CollectionUtils.contains(shouldGrantInternalPermission,
- permName)
- || (((bp.isPrivileged() && CollectionUtils.contains(
- shouldGrantPrivilegedPermissionIfWasGranted,
- permName)) || bp.isDevelopment() || bp.isRole())
- && origState.isPermissionGranted(permName))))) {
- // Grant an install permission.
- if (uidState.grantPermission(bp)) {
- changedInstallPermission = true;
+ if (bp.isNormal() || bp.isSignature() || bp.isInternal()) {
+ if ((bp.isNormal() && shouldGrantNormalPermission)
+ || (bp.isSignature()
+ && (!bp.isPrivileged() || CollectionUtils.contains(
+ isPrivilegedPermissionAllowlisted, permName))
+ && (CollectionUtils.contains(shouldGrantSignaturePermission,
+ permName)
+ || (((bp.isPrivileged() && CollectionUtils.contains(
+ shouldGrantPrivilegedPermissionIfWasGranted,
+ permName)) || bp.isDevelopment()
+ || bp.isRole())
+ && origState.isPermissionGranted(
+ permName))))
+ || (bp.isInternal()
+ && (!bp.isPrivileged() || CollectionUtils.contains(
+ isPrivilegedPermissionAllowlisted, permName))
+ && (CollectionUtils.contains(shouldGrantInternalPermission,
+ permName)
+ || (((bp.isPrivileged() && CollectionUtils.contains(
+ shouldGrantPrivilegedPermissionIfWasGranted,
+ permName)) || bp.isDevelopment()
+ || bp.isRole())
+ && origState.isPermissionGranted(
+ permName))))) {
+ // Grant an install permission.
+ if (uidState.grantPermission(bp)) {
+ changedInstallPermission = true;
+ }
+ } else {
+ if (DEBUG_PERMISSIONS) {
+ boolean wasGranted = uidState.isPermissionGranted(bp.getName());
+ if (wasGranted || bp.isAppOp()) {
+ Slog.i(TAG, (wasGranted ? "Un-granting" : "Not granting")
+ + " permission " + perm
+ + " from package " + friendlyName
+ + " (protectionLevel=" + bp.getProtectionLevel()
+ + " flags=0x"
+ + Integer.toHexString(PackageInfoUtils.appInfoFlags(pkg,
+ ps))
+ + ")");
+ }
+ }
+ if (uidState.revokePermission(bp)) {
+ changedInstallPermission = true;
+ }
}
+ PermissionState origPermState = origState.getPermissionState(perm);
+ int flags = origPermState != null ? origPermState.getFlags() : 0;
+ uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, flags);
} else if (bp.isRuntime()) {
boolean hardRestricted = bp.isHardRestricted();
boolean softRestricted = bp.isSoftRestricted();
@@ -2929,22 +2955,8 @@
uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL,
flags);
} else {
- if (DEBUG_PERMISSIONS) {
- boolean wasGranted = uidState.isPermissionGranted(bp.getName());
- if (wasGranted || bp.isAppOp()) {
- Slog.i(TAG, (wasGranted ? "Un-granting" : "Not granting")
- + " permission " + perm
- + " from package " + friendlyName
- + " (protectionLevel=" + bp.getProtectionLevel()
- + " flags=0x"
- + Integer.toHexString(PackageInfoUtils.appInfoFlags(pkg,
- ps))
- + ")");
- }
- }
- if (uidState.removePermissionState(bp.getName())) {
- changedInstallPermission = true;
- }
+ Slog.wtf(LOG_TAG, "Unknown permission protection " + bp.getProtection()
+ + " for permission " + bp.getName());
}
}