Java Code Examples for android.content.pm.PackageManager#FLAG_PERMISSION_POLICY_FIXED
The following examples show how to use
android.content.pm.PackageManager#FLAG_PERMISSION_POLICY_FIXED .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultPermissionGrantPolicy.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, int userId) { if (pkg.requestedPermissions.isEmpty()) { return; } Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions); for (String permission : permissions) { // We can't revoke what wasn't requested. if (!revokablePermissions.contains(permission)) { continue; } final int flags = mServiceInternal.getPermissionFlagsTEMP( permission, pkg.packageName, userId); // We didn't get this through the default grant policy. Move along. if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) { continue; } // We aren't going to clobber device policy with a DefaultGrant. if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { continue; } // Do not revoke system fixed permissions unless caller set them that way; // there is no refcount for the number of sources of this, so there // should be at most one grantor doing SYSTEM_FIXED for any given package. if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) { continue; } mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false); if (DEBUG) { Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ") + permission + " to " + pkg.packageName); } // Remove the GRANTED_BY_DEFAULT flag without touching the others. // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains // sticky once set. mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId); } }
Example 2
Source File: PermissionManagerService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId, String[] grantedPermissions, int callingUid, PermissionCallback callback) { PackageSetting ps = (PackageSetting) pkg.mExtras; if (ps == null) { return; } PermissionsState permissionsState = ps.getPermissionsState(); final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED | PackageManager.FLAG_PERMISSION_POLICY_FIXED; final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M; final boolean instantApp = mPackageManagerInt.isInstantApp(pkg.packageName, userId); for (String permission : pkg.requestedPermissions) { final BasePermission bp; synchronized (mLock) { bp = mSettings.getPermissionLocked(permission); } if (bp != null && (bp.isRuntime() || bp.isDevelopment()) && (!instantApp || bp.isInstant()) && (supportsRuntimePermissions || !bp.isRuntimeOnly()) && (grantedPermissions == null || ArrayUtils.contains(grantedPermissions, permission))) { final int flags = permissionsState.getPermissionFlags(permission, userId); if (supportsRuntimePermissions) { // Installer cannot change immutable permissions. if ((flags & immutableFlags) == 0) { grantRuntimePermission(permission, pkg.packageName, false, callingUid, userId, callback); } } else if (mSettings.mPermissionReviewRequired) { // In permission review mode we clear the review flag when we // are asked to install the app with all permissions granted. if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) { updatePermissionFlags(permission, pkg.packageName, PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0, callingUid, userId, callback); } } } } }
Example 3
Source File: PermissionManagerService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
private void revokeRuntimePermission(String permName, String packageName, boolean overridePolicy, int callingUid, int userId, PermissionCallback callback) { if (!mUserManagerInt.exists(userId)) { Log.e(TAG, "No such user:" + userId); return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS, "revokeRuntimePermission"); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, // requireFullPermission true, // checkShell false, // requirePermissionWhenSameUser "revokeRuntimePermission"); final int appId; final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName); if (pkg == null || pkg.mExtras == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } if (mPackageManagerInt.filterAppAccess(pkg, Binder.getCallingUid(), userId)) { throw new IllegalArgumentException("Unknown package: " + packageName); } final BasePermission bp = mSettings.getPermissionLocked(permName); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + permName); } bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg); // If a permission review is required for legacy apps we represent // their permissions as always granted runtime ones since we need // to keep the review required permission flag per user while an // install permission's state is shared across all users. if (mSettings.mPermissionReviewRequired && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M && bp.isRuntime()) { return; } final PackageSetting ps = (PackageSetting) pkg.mExtras; final PermissionsState permissionsState = ps.getPermissionsState(); final int flags = permissionsState.getPermissionFlags(permName, userId); // Only the system may revoke SYSTEM_FIXED permissions. if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && UserHandle.getCallingAppId() != Process.SYSTEM_UID) { throw new SecurityException("Non-System UID cannot revoke system fixed permission " + permName + " for package " + packageName); } if (!overridePolicy && (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { throw new SecurityException("Cannot revoke policy fixed permission " + permName + " for package " + packageName); } if (bp.isDevelopment()) { // Development permissions must be handled specially, since they are not // normal runtime permissions. For now they apply to all users. if (permissionsState.revokeInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE) { if (callback != null) { callback.onInstallPermissionRevoked(); } } return; } if (permissionsState.revokeRuntimePermission(bp, userId) == PermissionsState.PERMISSION_OPERATION_FAILURE) { return; } if (bp.isRuntime()) { logPermission(MetricsEvent.ACTION_PERMISSION_REVOKED, permName, packageName); } if (callback != null) { final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid); callback.onPermissionRevoked(pkg.applicationInfo.uid, userId); } }