Ensure storage permission revoke happens for all users

Nate Myren · android-build-team Robot · commit dd4cd2c00341 · 2021-05-14T21:56:38.000Z
When revoking storage permissions due to storage escalation, ensure the
revoke happens for all users

Fixes: 186034260
Bug: 171430330
Test: atest --user-type secondary_user StorageEscalationTest
Merged-In: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
Change-Id: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
(cherry picked from commit 37acd7ee52a732c9e9cf839611677195430fafe9)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2293,23 +2293,30 @@ private void revokeStoragePermissionsIfScopeExpanded(
         }
 
         final int callingUid = Binder.getCallingUid();
-        final int userId = UserHandle.getUserId(newPackage.getUid());
-        int numRequestedPermissions = newPackage.getRequestedPermissions().size();
-        for (int i = 0; i < numRequestedPermissions; i++) {
-            PermissionInfo permInfo = getPermissionInfo(newPackage.getRequestedPermissions().get(i),
-                    newPackage.getPackageName(), 0);
-            if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
-                continue;
-            }
+        for (int userId: mUserManagerInt.getUserIds()) {
+            int numRequestedPermissions = newPackage.getRequestedPermissions().size();
+            for (int i = 0; i < numRequestedPermissions; i++) {
+                PermissionInfo permInfo = getPermissionInfo(
+                        newPackage.getRequestedPermissions().get(i),
+                        newPackage.getPackageName(), 0);
+                if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
+                    continue;
+                }
 
-            EventLog.writeEvent(0x534e4554, "171430330", newPackage.getUid(),
-                    "Revoking permission " + permInfo.name + " from package "
-                            + newPackage.getPackageName() + " as either the sdk downgraded "
-                            + downgradedSdk + " or newly requested legacy full storage "
-                            + newlyRequestsLegacy);
+                EventLog.writeEvent(0x534e4554, "171430330", newPackage.getUid(),
+                        "Revoking permission " + permInfo.name + " from package "
+                                + newPackage.getPackageName() + " as either the sdk downgraded "
+                                + downgradedSdk + " or newly requested legacy full storage "
+                                + newlyRequestsLegacy);
 
-            revokeRuntimePermissionInternal(permInfo.name, newPackage.getPackageName(),
-                    false, callingUid, userId, null, permissionCallback);
+                try {
+                    revokeRuntimePermissionInternal(permInfo.name, newPackage.getPackageName(),
+                            false, callingUid, userId, null, permissionCallback);
+                } catch (IllegalStateException | SecurityException e) {
+                    Log.e(TAG, "unable to revoke " + permInfo.name + " for "
+                            + newPackage.getPackageName() + " user " + userId, e);
+                }
+            }
         }
 
     }
