Ensure storage permission revoke happens for all users
When revoking storage permissions due to storage escalation, ensure the
revoke happens for all users
Fixes: 186034260
Bug: 171430330
Test: atest --user-type secondary_user StorageEscalationTest
Merged-In: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
Change-Id: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
(cherry picked from commit 8a1085bdcbdabbd4b5f2fd549afa4e3612b83a0d)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index b500e16..8d2363b 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2293,23 +2293,30 @@
}
final int callingUid = Binder.getCallingUid();
- final int userId = UserHandle.getUserId(newPackage.getUid());
- int numRequestedPermissions = newPackage.getRequestedPermissions().size();
- for (int i = 0; i < numRequestedPermissions; i++) {
- PermissionInfo permInfo = getPermissionInfo(newPackage.getRequestedPermissions().get(i),
- newPackage.getPackageName(), 0);
- if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
- continue;
+ for (int userId: mUserManagerInt.getUserIds()) {
+ int numRequestedPermissions = newPackage.getRequestedPermissions().size();
+ for (int i = 0; i < numRequestedPermissions; i++) {
+ PermissionInfo permInfo = getPermissionInfo(
+ newPackage.getRequestedPermissions().get(i),
+ newPackage.getPackageName(), 0);
+ if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
+ continue;
+ }
+
+ EventLog.writeEvent(0x534e4554, "171430330", newPackage.getUid(),
+ "Revoking permission " + permInfo.name + " from package "
+ + newPackage.getPackageName() + " as either the sdk downgraded "
+ + downgradedSdk + " or newly requested legacy full storage "
+ + newlyRequestsLegacy);
+
+ try {
+ revokeRuntimePermissionInternal(permInfo.name, newPackage.getPackageName(),
+ false, callingUid, userId, null, permissionCallback);
+ } catch (IllegalStateException | SecurityException e) {
+ Log.e(TAG, "unable to revoke " + permInfo.name + " for "
+ + newPackage.getPackageName() + " user " + userId, e);
+ }
}
-
- EventLog.writeEvent(0x534e4554, "171430330", newPackage.getUid(),
- "Revoking permission " + permInfo.name + " from package "
- + newPackage.getPackageName() + " as either the sdk downgraded "
- + downgradedSdk + " or newly requested legacy full storage "
- + newlyRequestsLegacy);
-
- revokeRuntimePermissionInternal(permInfo.name, newPackage.getPackageName(),
- false, callingUid, userId, null, permissionCallback);
}
}