diff --git a/core/modules/rest/tests/src/Functional/Update/EntityResourcePermissionsUpdateTest.php b/core/modules/rest/tests/src/Functional/Update/EntityResourcePermissionsUpdateTest.php
index 739089a9..7cef6b26 100644
--- a/core/modules/rest/tests/src/Functional/Update/EntityResourcePermissionsUpdateTest.php
+++ b/core/modules/rest/tests/src/Functional/Update/EntityResourcePermissionsUpdateTest.php
@@ -33,8 +33,6 @@ public function setDatabaseDumpFiles() {
    * Tests rest_update_8203().
    */
   public function testBcEntityResourcePermissionSettingAdded() {
-    $permission_handler = $this->container->get('user.permissions');
-
     $is_rest_resource_permission = function ($permission) {
       return $permission['provider'] === 'rest' && (string) $permission['title'] !== 'Administer REST resource configuration';
     };
@@ -42,15 +40,18 @@ public function testBcEntityResourcePermissionSettingAdded() {
     // Make sure we have the expected values before the update.
     $rest_settings = $this->config('rest.settings');
     $this->assertFalse(array_key_exists('bc_entity_resource_permissions', $rest_settings->getRawData()));
-    $this->assertEqual([], array_filter($permission_handler->getPermissions(), $is_rest_resource_permission));
+    $this->assertEqual([], array_filter($this->container->get('user.permissions')->getPermissions(), $is_rest_resource_permission));
 
     $this->runUpdates();
+    // Running updates changes the available permissions, clear the static
+    // cache.
+    $this->container->set('user.permissions', NULL);
 
     // Make sure we have the expected values after the update.
     $rest_settings = $this->config('rest.settings');
     $this->assertTrue(array_key_exists('bc_entity_resource_permissions', $rest_settings->getRawData()));
     $this->assertTrue($rest_settings->get('bc_entity_resource_permissions'));
-    $rest_permissions = array_keys(array_filter($permission_handler->getPermissions(), $is_rest_resource_permission));
+    $rest_permissions = array_keys(array_filter($this->container->get('user.permissions')->getPermissions(), $is_rest_resource_permission));
     $this->assertEqual(['restful delete entity:node', 'restful get entity:node', 'restful patch entity:node', 'restful post entity:node'], $rest_permissions);
   }
 
diff --git a/core/modules/user/src/PermissionHandler.php b/core/modules/user/src/PermissionHandler.php
index 1f07b25d..a7ea7b07 100644
--- a/core/modules/user/src/PermissionHandler.php
+++ b/core/modules/user/src/PermissionHandler.php
@@ -70,6 +70,13 @@ class PermissionHandler implements PermissionHandlerInterface {
    */
   protected $controllerResolver;
 
+  /**
+   * List of permissions.
+   *
+   * @var array
+   */
+  protected $allPermissions = [];
+
   /**
    * Constructs a new PermissionHandler.
    *
@@ -105,17 +112,18 @@ protected function getYamlDiscovery() {
    * {@inheritdoc}
    */
   public function getPermissions() {
-    $all_permissions = $this->buildPermissionsYaml();
-
-    return $this->sortPermissions($all_permissions);
+    if (empty($this->allPermissions)) {
+      $this->allPermissions = $this->sortPermissions($this->buildPermissionsYaml());
+      // Invoke hook_permissions_alter().
+      $this->moduleHandler->alter('permissions', $this->allPermissions);
+    }
+    return $this->allPermissions;
   }
 
   /**
    * {@inheritdoc}
    */
   public function moduleProvidesPermissions($module_name) {
-    // @TODO Static cache this information, see
-    // https://www.drupal.org/node/2339487
     $permissions = $this->getPermissions();
 
     foreach ($permissions as $permission) {
diff --git a/core/modules/user/tests/src/Traits/UserCreationTrait.php b/core/modules/user/tests/src/Traits/UserCreationTrait.php
index 11c4d9b0..fc7b569d 100644
--- a/core/modules/user/tests/src/Traits/UserCreationTrait.php
+++ b/core/modules/user/tests/src/Traits/UserCreationTrait.php
@@ -307,6 +307,9 @@ protected function createRole(array $permissions, $rid = NULL, $name = NULL, $we
    *   TRUE if the permissions are valid, FALSE otherwise.
    */
   protected function checkPermissions(array $permissions) {
+    // Reset the user.permissions service to reset statically cached
+    // permissions.
+    \Drupal::getContainer()->set('user.permissions', NULL);
     $available = array_keys(\Drupal::service('user.permissions')->getPermissions());
     $valid = TRUE;
     foreach ($permissions as $permission) {
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 0cc211c4..5bb36806 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -1293,12 +1293,24 @@ function user_form_process_password_confirm($element) {
   return $element;
 }
 
+/**
+ * Implements hook_modules_installed().
+ */
+function user_modules_installed($modules) {
+  // Reset the user.permissions service to reset statically cached
+  // permissions.
+  \Drupal::getContainer()->set('user.permissions', NULL);
+}
+
 /**
  * Implements hook_modules_uninstalled().
  */
 function user_modules_uninstalled($modules) {
   // Remove any potentially orphan module data stored for users.
   \Drupal::service('user.data')->delete($modules);
+  // Reset the user.permissions service to reset statically cached
+  // permissions.
+  \Drupal::getContainer()->set('user.permissions', NULL);
 }
 
 /**