Java Code Examples for android.content.pm.PackageManager#FLAG_PERMISSION_SYSTEM_FIXED

The following examples show how to use android.content.pm.PackageManager#FLAG_PERMISSION_SYSTEM_FIXED . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PermissionManagerService.java    From android_9.0.0_r45 with Apache License 2.0 5 votes vote down vote up
private boolean updatePermissionFlagsForAllApps(int flagMask, int flagValues, int callingUid,
        int userId, Collection<Package> packages, PermissionCallback callback) {
    if (!mUserManagerInt.exists(userId)) {
        return false;
    }

    enforceGrantRevokeRuntimePermissionPermissions(
            "updatePermissionFlagsForAllApps");
    enforceCrossUserPermission(callingUid, userId,
            true,  // requireFullPermission
            true,  // checkShell
            false, // requirePermissionWhenSameUser
            "updatePermissionFlagsForAllApps");

    // Only the system can change system fixed flags.
    if (callingUid != Process.SYSTEM_UID) {
        flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
        flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
    }

    boolean changed = false;
    for (PackageParser.Package pkg : packages) {
        final PackageSetting ps = (PackageSetting) pkg.mExtras;
        if (ps == null) {
            continue;
        }
        PermissionsState permissionsState = ps.getPermissionsState();
        changed |= permissionsState.updatePermissionFlagsForAllPermissions(
                userId, flagMask, flagValues);
    }
    return changed;
}
 
Example 2
Source File: DefaultPermissionGrantPolicy.java    From android_9.0.0_r45 with Apache License 2.0 4 votes vote down vote up
private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
        boolean systemFixed, int userId) {
    if (pkg.requestedPermissions.isEmpty()) {
        return;
    }
    Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions);

    for (String permission : permissions) {
        // We can't revoke what wasn't requested.
        if (!revokablePermissions.contains(permission)) {
            continue;
        }

        final int flags = mServiceInternal.getPermissionFlagsTEMP(
                permission, pkg.packageName, userId);

        // We didn't get this through the default grant policy. Move along.
        if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
            continue;
        }
        // We aren't going to clobber device policy with a DefaultGrant.
        if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
            continue;
        }
        // Do not revoke system fixed permissions unless caller set them that way;
        // there is no refcount for the number of sources of this, so there
        // should be at most one grantor doing SYSTEM_FIXED for any given package.
        if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
            continue;
        }
        mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false);

        if (DEBUG) {
            Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
                    + permission + " to " + pkg.packageName);
        }

        // Remove the GRANTED_BY_DEFAULT flag without touching the others.
        // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
        // sticky once set.
        mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
                PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId);
    }
}
 
Example 3
Source File: PermissionManagerService.java    From android_9.0.0_r45 with Apache License 2.0 4 votes vote down vote up
private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId,
        String[] grantedPermissions, int callingUid, PermissionCallback callback) {
    PackageSetting ps = (PackageSetting) pkg.mExtras;
    if (ps == null) {
        return;
    }

    PermissionsState permissionsState = ps.getPermissionsState();

    final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
            | PackageManager.FLAG_PERMISSION_POLICY_FIXED;

    final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion
            >= Build.VERSION_CODES.M;

    final boolean instantApp = mPackageManagerInt.isInstantApp(pkg.packageName, userId);

    for (String permission : pkg.requestedPermissions) {
        final BasePermission bp;
        synchronized (mLock) {
            bp = mSettings.getPermissionLocked(permission);
        }
        if (bp != null && (bp.isRuntime() || bp.isDevelopment())
                && (!instantApp || bp.isInstant())
                && (supportsRuntimePermissions || !bp.isRuntimeOnly())
                && (grantedPermissions == null
                       || ArrayUtils.contains(grantedPermissions, permission))) {
            final int flags = permissionsState.getPermissionFlags(permission, userId);
            if (supportsRuntimePermissions) {
                // Installer cannot change immutable permissions.
                if ((flags & immutableFlags) == 0) {
                    grantRuntimePermission(permission, pkg.packageName, false, callingUid,
                            userId, callback);
                }
            } else if (mSettings.mPermissionReviewRequired) {
                // In permission review mode we clear the review flag when we
                // are asked to install the app with all permissions granted.
                if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) {
                    updatePermissionFlags(permission, pkg.packageName,
                            PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0, callingUid,
                            userId, callback);
                }
            }
        }
    }
}
 
Example 4
Source File: PermissionManagerService.java    From android_9.0.0_r45 with Apache License 2.0 4 votes vote down vote up
private void revokeRuntimePermission(String permName, String packageName,
        boolean overridePolicy, int callingUid, int userId, PermissionCallback callback) {
    if (!mUserManagerInt.exists(userId)) {
        Log.e(TAG, "No such user:" + userId);
        return;
    }

    mContext.enforceCallingOrSelfPermission(
            android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS,
            "revokeRuntimePermission");

    enforceCrossUserPermission(Binder.getCallingUid(), userId,
            true,  // requireFullPermission
            true,  // checkShell
            false, // requirePermissionWhenSameUser
            "revokeRuntimePermission");

    final int appId;

    final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
    if (pkg == null || pkg.mExtras == null) {
        throw new IllegalArgumentException("Unknown package: " + packageName);
    }
    if (mPackageManagerInt.filterAppAccess(pkg, Binder.getCallingUid(), userId)) {
        throw new IllegalArgumentException("Unknown package: " + packageName);
    }
    final BasePermission bp = mSettings.getPermissionLocked(permName);
    if (bp == null) {
        throw new IllegalArgumentException("Unknown permission: " + permName);
    }

    bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg);

    // If a permission review is required for legacy apps we represent
    // their permissions as always granted runtime ones since we need
    // to keep the review required permission flag per user while an
    // install permission's state is shared across all users.
    if (mSettings.mPermissionReviewRequired
            && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
            && bp.isRuntime()) {
        return;
    }

    final PackageSetting ps = (PackageSetting) pkg.mExtras;
    final PermissionsState permissionsState = ps.getPermissionsState();

    final int flags = permissionsState.getPermissionFlags(permName, userId);
    // Only the system may revoke SYSTEM_FIXED permissions.
    if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
            && UserHandle.getCallingAppId() != Process.SYSTEM_UID) {
        throw new SecurityException("Non-System UID cannot revoke system fixed permission "
                + permName + " for package " + packageName);
    }
    if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
        throw new SecurityException("Cannot revoke policy fixed permission "
                + permName + " for package " + packageName);
    }

    if (bp.isDevelopment()) {
        // Development permissions must be handled specially, since they are not
        // normal runtime permissions.  For now they apply to all users.
        if (permissionsState.revokeInstallPermission(bp) !=
                PermissionsState.PERMISSION_OPERATION_FAILURE) {
            if (callback != null) {
                callback.onInstallPermissionRevoked();
            }
        }
        return;
    }

    if (permissionsState.revokeRuntimePermission(bp, userId) ==
            PermissionsState.PERMISSION_OPERATION_FAILURE) {
        return;
    }

    if (bp.isRuntime()) {
        logPermission(MetricsEvent.ACTION_PERMISSION_REVOKED, permName, packageName);
    }

    if (callback != null) {
        final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
        callback.onPermissionRevoked(pkg.applicationInfo.uid, userId);
    }
}
 
Example 5
Source File: PermissionManagerService.java    From android_9.0.0_r45 with Apache License 2.0 4 votes vote down vote up
private void updatePermissionFlags(String permName, String packageName, int flagMask,
        int flagValues, int callingUid, int userId, PermissionCallback callback) {
    if (!mUserManagerInt.exists(userId)) {
        return;
    }

    enforceGrantRevokeRuntimePermissionPermissions("updatePermissionFlags");

    enforceCrossUserPermission(callingUid, userId,
            true,  // requireFullPermission
            true,  // checkShell
            false, // requirePermissionWhenSameUser
            "updatePermissionFlags");

    // Only the system can change these flags and nothing else.
    if (callingUid != Process.SYSTEM_UID) {
        flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
        flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
        flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
        flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
        flagValues &= ~PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
    }

    final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
    if (pkg == null || pkg.mExtras == null) {
        throw new IllegalArgumentException("Unknown package: " + packageName);
    }
    if (mPackageManagerInt.filterAppAccess(pkg, callingUid, userId)) {
        throw new IllegalArgumentException("Unknown package: " + packageName);
    }

    final BasePermission bp;
    synchronized (mLock) {
        bp = mSettings.getPermissionLocked(permName);
    }
    if (bp == null) {
        throw new IllegalArgumentException("Unknown permission: " + permName);
    }

    final PackageSetting ps = (PackageSetting) pkg.mExtras;
    final PermissionsState permissionsState = ps.getPermissionsState();
    final boolean hadState =
            permissionsState.getRuntimePermissionState(permName, userId) != null;
    final boolean permissionUpdated =
            permissionsState.updatePermissionFlags(bp, userId, flagMask, flagValues);
    if (permissionUpdated && callback != null) {
        // Install and runtime permissions are stored in different places,
        // so figure out what permission changed and persist the change.
        if (permissionsState.getInstallPermissionState(permName) != null) {
            callback.onInstallPermissionUpdated();
        } else if (permissionsState.getRuntimePermissionState(permName, userId) != null
                || hadState) {
            callback.onPermissionUpdated(new int[] { userId }, false);
        }
    }
}