From: Todd Kennedy Date: Tue, 10 Oct 2017 16:55:53 +0000 (-0700) Subject: Move mGlobalGids and mSystemPermissions X-Git-Tag: android-x86-9.0-r1~346^2~13^2~1 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=3bc947266638b8d2c2e10a80d1e8eb9348b6dd8a;p=android-x86%2Fframeworks-base.git Move mGlobalGids and mSystemPermissions This is the last tiny move before moving methods to grant/update permissions. Bug: 63539144 Test: Manual. Builds and runs Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PermissionsHostTest Test: cts-tradefed run commandAndExit cts-dev -m CtsPermissionTestCases Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases Test: bit FrameworksServicesTests:com.android.server.pm.PackageManagerSettingsTests Change-Id: Ic2138cf1e442d9d10e8a3ad6dfa24c403aaeca67 --- diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index cb33622fcb95..7fb2ec4601c3 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -753,9 +753,6 @@ public class PackageManagerService extends IPackageManager.Stub PackageManagerInternal.ExternalSourcesPolicy mExternalSourcesPolicy; - // System configuration read by SystemConfig. - final int[] mGlobalGids; - final SparseArray> mSystemPermissions; @GuardedBy("mAvailableFeatures") final ArrayMap mAvailableFeatures; @@ -2430,8 +2427,6 @@ public class PackageManagerService extends IPackageManager.Stub Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "get system config"); SystemConfig systemConfig = SystemConfig.getInstance(); - mGlobalGids = systemConfig.getGlobalGids(); - mSystemPermissions = systemConfig.getSystemPermissions(); mAvailableFeatures = systemConfig.getAvailableFeatures(); Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER); @@ -5112,59 +5107,7 @@ public class PackageManagerService extends IPackageManager.Stub @Override public int checkUidPermission(String permName, int uid) { - final int callingUid = Binder.getCallingUid(); - final int callingUserId = UserHandle.getUserId(callingUid); - final boolean isCallerInstantApp = getInstantAppPackageName(callingUid) != null; - final boolean isUidInstantApp = getInstantAppPackageName(uid) != null; - final int userId = UserHandle.getUserId(uid); - if (!sUserManager.exists(userId)) { - return PackageManager.PERMISSION_DENIED; - } - - synchronized (mPackages) { - Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); - if (obj != null) { - if (obj instanceof SharedUserSetting) { - if (isCallerInstantApp) { - return PackageManager.PERMISSION_DENIED; - } - } else if (obj instanceof PackageSetting) { - final PackageSetting ps = (PackageSetting) obj; - if (filterAppAccessLPr(ps, callingUid, callingUserId)) { - return PackageManager.PERMISSION_DENIED; - } - } - final SettingBase settingBase = (SettingBase) obj; - final PermissionsState permissionsState = settingBase.getPermissionsState(); - if (permissionsState.hasPermission(permName, userId)) { - if (isUidInstantApp) { - if (mSettings.mPermissions.isPermissionInstant(permName)) { - return PackageManager.PERMISSION_GRANTED; - } - } else { - return PackageManager.PERMISSION_GRANTED; - } - } - // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION - if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState - .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { - return PackageManager.PERMISSION_GRANTED; - } - } else { - ArraySet perms = mSystemPermissions.get(uid); - if (perms != null) { - if (perms.contains(permName)) { - return PackageManager.PERMISSION_GRANTED; - } - if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms - .contains(Manifest.permission.ACCESS_FINE_LOCATION)) { - return PackageManager.PERMISSION_GRANTED; - } - } - } - } - - return PackageManager.PERMISSION_DENIED; + return mPermissionManager.checkUidPermission(permName, uid, getCallingUid()); } @Override @@ -12042,7 +11985,7 @@ public class PackageManagerService extends IPackageManager.Stub } } - permissionsState.setGlobalGids(mGlobalGids); + permissionsState.setGlobalGids(mPermissionManager.getGlobalGidsTEMP()); final int N = pkg.requestedPermissions.size(); for (int i=0; i getPermissionIteratorTEMP(); public abstract @Nullable BasePermission getPermissionTEMP(@NonNull String permName); - public abstract void putPermissionTEMP(@NonNull String permName, - @NonNull BasePermission permission); + public abstract @Nullable int[] getGlobalGidsTEMP(); } \ No newline at end of file diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 6b5ec43a2d64..a94a00ac1113 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -18,6 +18,7 @@ package com.android.server.pm.permission; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; +import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; import android.Manifest; import android.annotation.NonNull; @@ -43,6 +44,7 @@ import android.util.ArrayMap; import android.util.ArraySet; import android.util.Log; import android.util.Slog; +import android.util.SparseArray; import com.android.internal.R; import com.android.internal.logging.MetricsLogger; @@ -58,6 +60,7 @@ import com.android.server.pm.PackageManagerServiceUtils; import com.android.server.pm.PackageSetting; import com.android.server.pm.ProcessLoggingHandler; import com.android.server.pm.SharedUserSetting; +import com.android.server.pm.UserManagerService; import com.android.server.pm.permission.DefaultPermissionGrantPolicy.DefaultPermissionGrantedCallback; import com.android.server.pm.permission.PermissionManagerInternal.PermissionCallback; import com.android.server.pm.permission.PermissionsState.PermissionState; @@ -122,6 +125,10 @@ public class PermissionManagerService { /** Default permission policy to provide proper behaviour out-of-the-box */ private final DefaultPermissionGrantPolicy mDefaultPermissionGrantPolicy; + // System configuration read by SystemConfig. + private final SparseArray> mSystemPermissions; + private final int[] mGlobalGids; + /** Internal storage for permissions and related settings */ private final PermissionSettings mSettings; @@ -146,6 +153,9 @@ public class PermissionManagerService { mDefaultPermissionGrantPolicy = new DefaultPermissionGrantPolicy( context, mHandlerThread.getLooper(), defaultGrantCallback, this); + SystemConfig systemConfig = SystemConfig.getInstance(); + mSystemPermissions = systemConfig.getSystemPermissions(); + mGlobalGids = systemConfig.getGlobalGids(); // propagate permission configuration final ArrayMap permConfig = @@ -230,6 +240,60 @@ public class PermissionManagerService { return PackageManager.PERMISSION_DENIED; } + private int checkUidPermission(String permName, int uid, int callingUid) { + final int callingUserId = UserHandle.getUserId(callingUid); + final boolean isCallerInstantApp = + mPackageManagerInt.getInstantAppPackageName(callingUid) != null; + final boolean isUidInstantApp = + mPackageManagerInt.getInstantAppPackageName(uid) != null; + final int userId = UserHandle.getUserId(uid); + if (!mUserManagerInt.exists(userId)) { + return PackageManager.PERMISSION_DENIED; + } + + final String[] packages = mContext.getPackageManager().getPackagesForUid(uid); + if (packages != null && packages.length > 0) { + final PackageParser.Package pkg = mPackageManagerInt.getPackage(packages[0]); + if (pkg.mSharedUserId != null) { + if (isCallerInstantApp) { + return PackageManager.PERMISSION_DENIED; + } + } else { + if (mPackageManagerInt.filterAppAccess(pkg, callingUid, callingUserId)) { + return PackageManager.PERMISSION_DENIED; + } + } + final PermissionsState permissionsState = + ((PackageSetting) pkg.mExtras).getPermissionsState(); + if (permissionsState.hasPermission(permName, userId)) { + if (isUidInstantApp) { + if (mSettings.isPermissionInstant(permName)) { + return PackageManager.PERMISSION_GRANTED; + } + } else { + return PackageManager.PERMISSION_GRANTED; + } + } + // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION + if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState + .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) { + return PackageManager.PERMISSION_GRANTED; + } + } else { + ArraySet perms = mSystemPermissions.get(uid); + if (perms != null) { + if (perms.contains(permName)) { + return PackageManager.PERMISSION_GRANTED; + } + if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms + .contains(Manifest.permission.ACCESS_FINE_LOCATION)) { + return PackageManager.PERMISSION_GRANTED; + } + } + } + return PackageManager.PERMISSION_DENIED; + } + private PermissionGroupInfo getPermissionGroupInfo(String groupName, int flags, int callingUid) { if (mPackageManagerInt.getInstantAppPackageName(callingUid) != null) { @@ -1320,6 +1384,10 @@ public class PermissionManagerService { permName, packageName, callingUid, userId); } @Override + public int checkUidPermission(String permName, int uid, int callingUid) { + return PermissionManagerService.this.checkUidPermission(permName, uid, callingUid); + } + @Override public PermissionGroupInfo getPermissionGroupInfo(String groupName, int flags, int callingUid) { return PermissionManagerService.this.getPermissionGroupInfo( @@ -1355,15 +1423,9 @@ public class PermissionManagerService { } } @Override - public void putPermissionTEMP(String permName, BasePermission permission) { - synchronized (PermissionManagerService.this.mLock) { - mSettings.putPermissionLocked(permName, (BasePermission) permission); - } - } - @Override - public Iterator getPermissionIteratorTEMP() { + public int[] getGlobalGidsTEMP() { synchronized (PermissionManagerService.this.mLock) { - return mSettings.getAllPermissionsLocked().iterator(); + return mGlobalGids; } } }