Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2f30a63b authored by Nate Myren's avatar Nate Myren
Browse files

RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag 

If a permission has the "pre23" flag, and an app is upgrading past api
23, then we should not assume that a "development" permission remains
granted

Fixes: 259458532
Test: atest RevokeSawPermissionTest
Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
parent f90ec68d

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+9 −2
Original line number Diff line number Diff line
@@ -2347,7 +2347,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
        final PackageSetting ps = (PackageSetting)

                mPackageManagerInt.getPackageSetting(newPackage.getPackageName());

        if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw,

                ps.getPermissionsState())) {

                ps.getPermissionsState(), true)) {

            return;

        }

        for (int userId : mUserManagerInt.getUserIds()) {
@@ -3588,6 +3588,13 @@ public class PermissionManagerService extends IPermissionManager.Stub { 


    private boolean grantSignaturePermission(String perm, AndroidPackage pkg,

            PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions) {

        return grantSignaturePermission(perm, pkg, pkgSetting, bp, origPermissions, false);

    }





    private boolean grantSignaturePermission(String perm, AndroidPackage pkg,

            PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions,

            boolean isApi23Upgrade) {

        boolean oemPermission = bp.isOEM();

        boolean vendorPrivilegedPermission = bp.isVendorPrivileged();

        boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged();
@@ -3762,7 +3769,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                // Any pre-installed system app is allowed to get this permission.

                allowed = true;

            }

            if (!allowed && bp.isDevelopment()) {

            if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) {

                // For development permissions, a development permission

                // is granted only if it was already granted.

                allowed = origPermissions.hasInstallPermission(perm);