Small issues with FLAG_PERMISSION_USER_SENSITIVE_*
Add them to the "all flags" mask. We cannot change the value of a
constant in the API, hence need to deprecate it. This change does
not create a new API with the new value to not have the same problem
again.
Register the flag type in the IntDef and toString methods.
Test: Set permission flags, rebooted and verified that flags get
restored.
Bug: 124317989
Change-Id: Ia68053a937be7dc47af6e313e66e87f3228a2d14
diff --git a/api/system-current.txt b/api/system-current.txt
index 1dad3a2..1ce3863 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -1689,7 +1689,7 @@
field public static final int INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED = 0; // 0x0
field public static final int INTENT_FILTER_VERIFICATION_FAILURE = -1; // 0xffffffff
field public static final int INTENT_FILTER_VERIFICATION_SUCCESS = 1; // 0x1
- field public static final int MASK_PERMISSION_FLAGS = 255; // 0xff
+ field @Deprecated public static final int MASK_PERMISSION_FLAGS = 255; // 0xff
field public static final int MATCH_ANY_USER = 4194304; // 0x400000
field public static final int MATCH_FACTORY_ONLY = 2097152; // 0x200000
field public static final int MATCH_INSTANT = 8388608; // 0x800000
@@ -1707,7 +1707,7 @@
method public void onPermissionsChanged(int);
}
- @IntDef(prefix={"FLAG_PERMISSION_"}, value={android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET, android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED, android.content.pm.PackageManager.FLAG_PERMISSION_POLICY_FIXED, android.content.pm.PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE, android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, android.content.pm.PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, android.content.pm.PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED}) @java.lang.annotation.Retention(java.lang.annotation.RetentionPolicy.SOURCE) public static @interface PackageManager.PermissionFlags {
+ @IntDef(prefix={"FLAG_PERMISSION_"}, value={android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET, android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED, android.content.pm.PackageManager.FLAG_PERMISSION_POLICY_FIXED, android.content.pm.PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE, android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, android.content.pm.PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, android.content.pm.PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED, android.content.pm.PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_DENIED}) @java.lang.annotation.Retention(java.lang.annotation.RetentionPolicy.SOURCE) public static @interface PackageManager.PermissionFlags {
}
public class PermissionGroupInfo extends android.content.pm.PackageItemInfo implements android.os.Parcelable {
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index ef01264..02272e5 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -3059,12 +3059,24 @@
public static final int FLAG_PERMISSION_USER_SENSITIVE_WHEN_DENIED = 1 << 9;
/**
+ * Mask for all permission flags present in Android P
+ *
+ * @deprecated This constant does not contain useful information and should never have been
+ * exposed. When checking permission flags always flag each flag explicitly and ignore all
+ * flags that do not matter for this particular code.
+ *
+ * @hide
+ */
+ @Deprecated
+ @SystemApi
+ public static final int MASK_PERMISSION_FLAGS = 0xFF;
+
+ /**
* Mask for all permission flags.
*
* @hide
*/
- @SystemApi
- public static final int MASK_PERMISSION_FLAGS = 0xFF;
+ public static final int MASK_PERMISSION_FLAGS_ALL = 0x3FF;
/**
* Injected activity in app that forwards user to setting activity of that app.
@@ -3774,6 +3786,7 @@
FLAG_PERMISSION_SYSTEM_FIXED,
FLAG_PERMISSION_GRANTED_BY_DEFAULT,
FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED,
+ FLAG_PERMISSION_USER_SENSITIVE_WHEN_DENIED,
/*
FLAG_PERMISSION_REVOKE_WHEN_REQUESED
*/
@@ -6561,7 +6574,8 @@
case FLAG_PERMISSION_USER_FIXED: return "USER_FIXED";
case FLAG_PERMISSION_REVIEW_REQUIRED: return "REVIEW_REQUIRED";
case FLAG_PERMISSION_REVOKE_WHEN_REQUESTED: return "REVOKE_WHEN_REQUESTED";
- case FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED: return "USER_SENSITIVE";
+ case FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED: return "USER_SENSITIVE_WHEN_GRANTED";
+ case FLAG_PERMISSION_USER_SENSITIVE_WHEN_DENIED: return "USER_SENSITIVE_WHEN_DENIED";
default: return Integer.toString(flag);
}
}
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 59e5d77..aced1a2 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -979,7 +979,7 @@
// Try to revoke as an install permission which is for all users.
// The package is gone - no need to keep flags for applying policy.
permissionsState.updatePermissionFlags(bp, userId,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, 0);
if (permissionsState.revokeInstallPermission(bp) ==
PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED) {
@@ -2165,7 +2165,7 @@
XmlUtils.skipCurrentTag(parser);
} else {
permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
- PackageManager.MASK_PERMISSION_FLAGS, flags);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
}
} else {
if (permissionsState.revokeInstallPermission(bp) ==
@@ -2174,7 +2174,7 @@
XmlUtils.skipCurrentTag(parser);
} else {
permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
- PackageManager.MASK_PERMISSION_FLAGS, flags);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
}
}
} else {
@@ -5240,7 +5240,7 @@
if (bp != null) {
permissionsState.revokeRuntimePermission(bp, userId);
permissionsState.updatePermissionFlags(bp, userId,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, 0);
}
}
}
@@ -5354,10 +5354,10 @@
if (granted) {
permissionsState.grantRuntimePermission(bp, userId);
permissionsState.updatePermissionFlags(bp, userId,
- PackageManager.MASK_PERMISSION_FLAGS, flags);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
} else {
permissionsState.updatePermissionFlags(bp, userId,
- PackageManager.MASK_PERMISSION_FLAGS, flags);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, flags);
}
} break;
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index ac7338e..a37c0bb 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -32,7 +32,7 @@
import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_FIXED;
import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;
-import static android.content.pm.PackageManager.MASK_PERMISSION_FLAGS;
+import static android.content.pm.PackageManager.MASK_PERMISSION_FLAGS_ALL;
import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER;
import static android.os.UserHandle.getAppId;
import static android.os.UserHandle.getUid;
@@ -980,7 +980,7 @@
// Revoke the runtime permission and clear the flags.
origPermissions.revokeRuntimePermission(bp, userId);
origPermissions.updatePermissionFlags(bp, userId,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ PackageManager.MASK_PERMISSION_FLAGS_ALL, 0);
// If we revoked a permission permission, we have to write.
updatedUserIds = ArrayUtils.appendInt(
updatedUserIds, userId);
@@ -1043,7 +1043,7 @@
}
permissionsState.updatePermissionFlags(bp, userId,
- MASK_PERMISSION_FLAGS, flags);
+ MASK_PERMISSION_FLAGS_ALL, flags);
}
} break;
@@ -1058,7 +1058,7 @@
if (origPermissions.revokeInstallPermission(bp)
!= PERMISSION_OPERATION_FAILURE) {
origPermissions.updatePermissionFlags(bp, UserHandle.USER_ALL,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ MASK_PERMISSION_FLAGS_ALL, 0);
changedInstallPermission = true;
}
@@ -1094,7 +1094,7 @@
}
permissionsState.updatePermissionFlags(bp, userId,
- MASK_PERMISSION_FLAGS, flags);
+ MASK_PERMISSION_FLAGS_ALL, flags);
}
} break;
@@ -1114,7 +1114,7 @@
PERMISSION_OPERATION_FAILURE) {
// Also drop the permission flags.
permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ MASK_PERMISSION_FLAGS_ALL, 0);
changedInstallPermission = true;
Slog.i(TAG, "Un-granting permission " + perm
+ " from package " + pkg.packageName
@@ -2180,7 +2180,7 @@
if (bp != null) {
permissionsState.revokeInstallPermission(bp);
permissionsState.updatePermissionFlags(bp, UserHandle.USER_ALL,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ MASK_PERMISSION_FLAGS_ALL, 0);
}
}
}
@@ -2199,7 +2199,7 @@
if (bp != null) {
permissionsState.revokeRuntimePermission(bp, userId);
permissionsState.updatePermissionFlags(bp, userId,
- PackageManager.MASK_PERMISSION_FLAGS, 0);
+ MASK_PERMISSION_FLAGS_ALL, 0);
runtimePermissionChangedUserIds = ArrayUtils.appendInt(
runtimePermissionChangedUserIds, userId);
}