commit 0eb9738d1708d9aa7846782046e6828ffc9fe901
author Todd Kennedy <toddke@google.com> Tue Oct 03 16:57:22 2017 -0700
committer Todd Kennedy <toddke@google.com> Thu Oct 05 07:18:10 2017 -0700
tree b69244eb3a2ccd9ff80cfcea23e85b7c88b743f0
parent 82b0842051a93764e96a68072da1a220f00c2c27

Move mPermissions from package settings

Create a settings class only for use with permissions. It's
subservient [and should only be accessed directly by] package
settings or the permission manager. The rest of the permission
related data needs to be moved to permission settings. At
which point we can start pulling the permission methods out of
the package manager service and into the permission manager.

We still have a somewhat tight relationship between package
manager and the permission manager. It's unclear how far we need
to separate them and if relying entirely on an internal
interface is sufficient.

Bug: 63539144
Test: Manual. Builds and runs
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PermissionsHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermissionTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases
Test: bit FrameworksServicesTests:com.android.server.pm.PackageManagerSettingsTests
Change-Id: I616184fa2135a11687e4ce615884f861466fdebe

core/java/android/content/pm/PackageManagerInternal.java

diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java
index 658100f..be7f921 100644
--- a/core/java/android/content/pm/PackageManagerInternal.java
+++ b/core/java/android/content/pm/PackageManagerInternal.java
@@ -436,16 +436,37 @@
     public abstract @Nullable String getKnownPackageName(
             @KnownPackage int knownPackage, int userId);
 
+    /**
+     * Returns whether the package is an instant app.
+     */
+    public abstract boolean isInstantApp(String packageName, int userId);
+
+    /**
+     * Returns whether the package is an instant app.
+     */
+    public abstract @Nullable String getInstantAppPackageName(int uid);
+
+    /**
+     * Returns whether or not access to the application should be filtered.
+     * <p>
+     * Access may be limited based upon whether the calling or target applications
+     * are instant applications.
+     *
+     * @see #canAccessInstantApps(int)
+     */
+    public abstract boolean filterAppAccess(
+            @Nullable PackageParser.Package pkg, int callingUid, int userId);
+
     /*
      * NOTE: The following methods are temporary until permissions are extracted from
      * the package manager into a component specifically for handling permissions.
      */
-    /** Returns a permission object for the given permission name. */
-    public abstract @Nullable Object getPermissionTEMP(@NonNull String permName);
     /** Returns the flags for the given permission. */
     public abstract @Nullable int getPermissionFlagsTEMP(@NonNull String permName,
             @NonNull String packageName, int userId);
     /** Updates the flags for the given permission. */
     public abstract void updatePermissionFlagsTEMP(@NonNull String permName,
             @NonNull String packageName, int flagMask, int flagValues, int userId);
+    /** temporary until mPermissionTrees is moved to PermissionManager */
+    public abstract Object enforcePermissionTreeTEMP(@NonNull String permName, int callingUid);
 }