Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24334410 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Ignore permission and permission-group in ephemeral apps 

Ephemeral apps should not be defining permissions or groups that can be
seen on impact the rest of the system. They are ignored instead of
treated as an error to allow installed ephemeral apps to include them.

Test: Verified that permissions and permission-groups are ignored for
adb install --ephemeral

Change-Id: If5a3fee09916d12de7f6a1bc153937bf278f0360
parent 32d07dce

services/core/java/com/android/server/pm/PackageManagerService.java

+15 −0
Original line number Original line Diff line number Diff line
@@ -8916,6 +8916,13 @@ public class PackageManagerService extends IPackageManager.Stub { 
                PackageParser.PermissionGroup pg = pkg.permissionGroups.get(i);

                PackageParser.PermissionGroup pg = pkg.permissionGroups.get(i);

                PackageParser.PermissionGroup cur = mPermissionGroups.get(pg.info.name);

                PackageParser.PermissionGroup cur = mPermissionGroups.get(pg.info.name);

                final String curPackageName = cur == null ? null : cur.info.packageName;

                final String curPackageName = cur == null ? null : cur.info.packageName;

                // Dont allow ephemeral apps to define new permission groups.

                if (pkg.applicationInfo.isEphemeralApp()) {

                    Slog.w(TAG, "Permission group " + pg.info.name + " from package "

                            + pg.info.packageName

                            + " ignored: ephemeral apps cannot define new permission groups.");

                    continue;

                }

                final boolean isPackageUpdate = pg.info.packageName.equals(curPackageName);

                final boolean isPackageUpdate = pg.info.packageName.equals(curPackageName);

                if (cur == null || isPackageUpdate) {

                if (cur == null || isPackageUpdate) {

                    mPermissionGroups.put(pg.info.name, pg);

                    mPermissionGroups.put(pg.info.name, pg);
@@ -8954,6 +8961,14 @@ public class PackageManagerService extends IPackageManager.Stub { 
            for (i=0; i<N; i++) {

            for (i=0; i<N; i++) {

                PackageParser.Permission p = pkg.permissions.get(i);

                PackageParser.Permission p = pkg.permissions.get(i);




















                // Dont allow ephemeral apps to define new permissions.














                if (pkg.applicationInfo.isEphemeralApp()) {














                    Slog.w(TAG, "Permission " + p.info.name + " from package "














                            + p.info.packageName














                            + " ignored: ephemeral apps cannot define new permissions.");














                    continue;














                }
























                // Assume by default that we did not install this permission into the system.







                // Assume by default that we did not install this permission into the system.











                p.info.flags &= ~PermissionInfo.FLAG_INSTALLED;







                p.info.flags &= ~PermissionInfo.FLAG_INSTALLED;