DO NOT MERGE Don't allow non-instant permissions for instant apps. am: a710a30 am: ea36a0c

zhanghai · android-build-merge-worker-robot · commit 043a322e4d19 · 2020-08-29T01:21:46.000Z
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12366889 Change-Id: Id791215e99e121b996892c5c06d9a54a5b7f691d
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3631,12 +3631,9 @@ public boolean isUpgrade() {
         Iterator<ResolveInfo> iter = matches.iterator();
         while (iter.hasNext()) {
             final ResolveInfo rInfo = iter.next();
-            final PackageSetting ps = mSettings.mPackages.get(rInfo.activityInfo.packageName);
-            if (ps != null) {
-                final PermissionsState permissionsState = ps.getPermissionsState();
-                if (permissionsState.hasPermission(Manifest.permission.INSTALL_PACKAGES, 0)) {
-                    continue;
-                }
+            if (checkPermission(Manifest.permission.INSTALL_PACKAGES,
+                    rInfo.activityInfo.packageName, 0) == PERMISSION_GRANTED) {
+                continue;
             }
             iter.remove();
         }
@@ -3884,9 +3881,24 @@ private PackageInfo generatePackageInfo(PackageSetting ps, int flags, int userId
         final int[] gids = (flags & PackageManager.GET_GIDS) == 0
                 ? EMPTY_INT_ARRAY : permissionsState.computeGids(userId);
         // Compute granted permissions only if package has requested permissions
-        final Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
+        Set<String> permissions = ArrayUtils.isEmpty(p.requestedPermissions)
                 ? Collections.<String>emptySet() : permissionsState.getPermissions(userId);
         final PackageUserState state = ps.readUserState(userId);
+        if (state.instantApp) {
+            permissions = new ArraySet<>(permissions);
+            permissions.removeIf(permissionName -> {
+                BasePermission permission = mSettings.mPermissions.get(permissionName);
+                if (permission == null) {
+                    return true;
+                }
+                if (!permission.isInstant()) {
+                    EventLog.writeEvent(0x534e4554, "140256621", UserHandle.getUid(userId,
+                            ps.appId), permissionName);
+                    return true;
+                }
+                return false;
+            });
+        }
 
         if ((flags & MATCH_UNINSTALLED_PACKAGES) != 0
                 && ps.isSystem()) {
@@ -8702,10 +8714,9 @@ public ParceledListSlice<PackageInfo> getInstalledPackages(int flags, int userId
     private void addPackageHoldingPermissions(ArrayList<PackageInfo> list, PackageSetting ps,
             String[] permissions, boolean[] tmp, int flags, int userId) {
         int numMatch = 0;
-        final PermissionsState permissionsState = ps.getPermissionsState();
         for (int i=0; i<permissions.length; i++) {
             final String permission = permissions[i];
-            if (permissionsState.hasPermission(permission, userId)) {
+            if (checkPermission(permission, ps.name, userId) == PERMISSION_GRANTED) {
                 tmp[i] = true;
                 numMatch++;
             } else {
