Revoke permissions defined in a to-be removed package.

author Hongming Jin <hongmingjin@google.com>

Tue, 19 Jun 2018 19:35:37 +0000 (12:35 -0700)

committer Hongming Jin <hongmingjin@google.com>

Tue, 17 Jul 2018 18:36:56 +0000 (11:36 -0700)
author Hongming Jin <hongmingjin@google.com>
Tue, 19 Jun 2018 19:35:37 +0000 (12:35 -0700)
committer Hongming Jin <hongmingjin@google.com>
Tue, 17 Jul 2018 18:36:56 +0000 (11:36 -0700)
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java

index f63bc64..f4a0e13 100644 (file)
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -12408,7 +12408,8 @@ public class PackageManagerService extends IPackageManager.Stub
              if (DEBUG_REMOVE) Log.d(TAG, "  Activities: " + r);
          }
  
-        mPermissionManager.removeAllPermissions(pkg, chatty);
+        final ArrayList<String> allPackageNames = new ArrayList<>(mPackages.keySet());
+        mPermissionManager.removeAllPermissions(pkg, allPackageNames, mPermissionCallback, chatty);
  
          N = pkg.instrumentation.size();
          r = null;
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerInternal.java

index ec15c16..80a5fbb 100644 (file)
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerInternal.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerInternal.java
@@ -107,7 +107,11 @@ public abstract class PermissionManagerInternal {
       */
      public abstract void addAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty);
      public abstract void addAllPermissionGroups(@NonNull PackageParser.Package pkg, boolean chatty);
-    public abstract void removeAllPermissions(@NonNull PackageParser.Package pkg, boolean chatty);
+    public abstract void removeAllPermissions(
+            @NonNull PackageParser.Package pkg,
+            @NonNull List<String> allPackageNames,
+            @Nullable PermissionCallback permissionCallback,
+            boolean chatty);
      public abstract boolean addDynamicPermission(@NonNull PermissionInfo info, boolean async,
              int callingUid, @Nullable PermissionCallback callback);
      public abstract void removeDynamicPermission(@NonNull String permName, int callingUid,
@@ -181,4 +185,4 @@ public abstract class PermissionManagerInternal {
  
      /** HACK HACK methods to allow for partial migration of data to the PermissionManager class */
      public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName);
-}
-\ No newline at end of file
+}
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java

index 7f2d5c3..8aed957 100644 (file)
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -31,6 +31,7 @@ import android.Manifest;
  import android.annotation.NonNull;
  import android.annotation.Nullable;
  import android.content.Context;
+import android.content.pm.ApplicationInfo;
  import android.content.pm.PackageManager;
  import android.content.pm.PackageManagerInternal;
  import android.content.pm.PackageParser;
@@ -38,6 +39,7 @@ import android.content.pm.PackageParser.Package;
  import android.content.pm.PermissionGroupInfo;
  import android.content.pm.PermissionInfo;
  import android.metrics.LogMaker;
+import android.os.AsyncTask;
  import android.os.Binder;
  import android.os.Build;
  import android.os.Handler;
@@ -476,8 +478,9 @@ public class PermissionManagerService {
                                          " to " + newPermissionGroupName);
  
                                  try {
-                                    revokeRuntimePermission(permissionName, packageName, false,
-                                            Process.SYSTEM_UID, userId, permissionCallback);
+                                    revokeRuntimePermission(permissionName, packageName,
+                                            mSettings.getPermission(permissionName), false,
+                                            Process.SYSTEM_UID, userId, permissionCallback, false);
                                  } catch (IllegalArgumentException e) {
                                      Slog.e(TAG, "Could not revoke " + permissionName + " from "
                                              + packageName, e);
@@ -570,9 +573,59 @@ public class PermissionManagerService {
  
      }
  
-    private void removeAllPermissions(PackageParser.Package pkg, boolean chatty) {
+    private void revokeAllPermissions(
+            @NonNull List<BasePermission> bps,
+            @NonNull List<String> allPackageNames,
+            @Nullable PermissionCallback permissionCallback) {
+        AsyncTask.execute(() -> {
+            final int numRemovedPermissions = bps.size();
+            for (int permissionNum = 0; permissionNum < numRemovedPermissions; permissionNum++) {
+                final int[] userIds = mUserManagerInt.getUserIds();
+                final int numUserIds = userIds.length;
+
+                final int numPackages = allPackageNames.size();
+                for (int packageNum = 0; packageNum < numPackages; packageNum++) {
+                    final String packageName = allPackageNames.get(packageNum);
+                    final ApplicationInfo applicationInfo = mPackageManagerInt.getApplicationInfo(
+                            packageName, 0, Process.SYSTEM_UID, UserHandle.USER_SYSTEM);
+                    if (applicationInfo != null
+                            && applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+                        continue;
+                    }
+                    for (int userIdNum = 0; userIdNum < numUserIds; userIdNum++) {
+                        final int userId = userIds[userIdNum];
+                        final String permissionName = bps.get(permissionNum).getName();
+                        if (checkPermission(permissionName, packageName, UserHandle.USER_SYSTEM,
+                                userId) == PackageManager.PERMISSION_GRANTED) {
+                            try {
+                                revokeRuntimePermission(
+                                        permissionName,
+                                        packageName,
+                                        bps.get(permissionNum),
+                                        false,
+                                        Process.SYSTEM_UID,
+                                        userId,
+                                        permissionCallback,
+                                        true);
+                            } catch (IllegalArgumentException e) {
+                                Slog.e(TAG, "Could not revoke " + permissionName + " from "
+                                        + packageName, e);
+                            }
+                        }
+                    }
+                }
+            }
+        });
+    }
+
+    private void removeAllPermissions(
+            @NonNull PackageParser.Package pkg,
+            @NonNull List<String> allPackageNames,
+            @Nullable PermissionCallback permissionCallback,
+            boolean chatty) {
          synchronized (mLock) {
              int N = pkg.permissions.size();
+            List<BasePermission> bps = new ArrayList<BasePermission>(N);
              StringBuilder r = null;
              for (int i=0; i<N; i++) {
                  PackageParser.Permission p = pkg.permissions.get(i);
@@ -581,6 +634,9 @@ public class PermissionManagerService {
                      bp = mSettings.mPermissionTrees.get(p.info.name);
                  }
                  if (bp != null && bp.isPermission(p)) {
+                    if ((p.info.getProtection() & PermissionInfo.PROTECTION_DANGEROUS) != 0) {
+                        bps.add(bp);
+                    }
                      bp.setPermission(null);
                      if (DEBUG_REMOVE && chatty) {
                          if (r == null) {
@@ -599,6 +655,7 @@ public class PermissionManagerService {
                      }
                  }
              }
+            revokeAllPermissions(bps, allPackageNames, permissionCallback);
              if (r != null) {
                  if (DEBUG_REMOVE) Log.d(TAG, "  Permissions: " + r);
              }
@@ -1511,9 +1568,10 @@ public class PermissionManagerService {
          }
  
      }
-
-    private void revokeRuntimePermission(String permName, String packageName,
-            boolean overridePolicy, int callingUid, int userId, PermissionCallback callback) {
+    
+    private void revokeRuntimePermission(String permName, String packageName, BasePermission bp,
+            boolean overridePolicy, int callingUid, int userId, PermissionCallback callback,
+            boolean permissionRemoved) {
          if (!mUserManagerInt.exists(userId)) {
              Log.e(TAG, "No such user:" + userId);
              return;
@@ -1538,7 +1596,7 @@ public class PermissionManagerService {
          if (mPackageManagerInt.filterAppAccess(pkg, Binder.getCallingUid(), userId)) {
              throw new IllegalArgumentException("Unknown package: " + packageName);
          }
-        final BasePermission bp = mSettings.getPermissionLocked(permName);
+
          if (bp == null) {
              throw new IllegalArgumentException("Unknown permission: " + permName);
          }
@@ -2094,8 +2152,10 @@ public class PermissionManagerService {
              PermissionManagerService.this.addAllPermissionGroups(pkg, chatty);
          }
          @Override
-        public void removeAllPermissions(Package pkg, boolean chatty) {
-            PermissionManagerService.this.removeAllPermissions(pkg, chatty);
+        public void removeAllPermissions(Package pkg, List<String> allPackageNames,
+                PermissionCallback permissionCallback, boolean chatty) {
+            PermissionManagerService.this.removeAllPermissions(
+                    pkg, allPackageNames, permissionCallback, chatty);
          }
          @Override
          public boolean addDynamicPermission(PermissionInfo info, boolean async, int callingUid,
@@ -2131,7 +2191,8 @@ public class PermissionManagerService {
                  boolean overridePolicy, int callingUid, int userId,
                  PermissionCallback callback) {
              PermissionManagerService.this.revokeRuntimePermission(permName, packageName,
-                    overridePolicy, callingUid, userId, callback);
+                    mSettings.getPermission(permName), overridePolicy, callingUid, userId,
+                    callback, false);
          }
          @Override
          public void updatePermissions(String packageName, Package pkg, boolean replaceGrant,
author	Hongming Jin <hongmingjin@google.com>
	Tue, 19 Jun 2018 19:35:37 +0000 (12:35 -0700)
committer	Hongming Jin <hongmingjin@google.com>
	Tue, 17 Jul 2018 18:36:56 +0000 (11:36 -0700)
services/core/java/com/android/server/pm/PackageManagerService.java		patch \| blob \| history
services/core/java/com/android/server/pm/permission/PermissionManagerInternal.java		patch \| blob \| history
services/core/java/com/android/server/pm/permission/PermissionManagerService.java		patch \| blob \| history