Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d92f4ea authored by Svet Ganov's avatar Svet Ganov
Browse files

Only platform defined permissions need a review. 

The only permissions a user can control for a legacy app in
runtime style without crashing the app are the ones defined
by the platform because we have app ops only for these and
also we contorl the access to data guarded by them.

bug:27102458

Change-Id: Ifd1350d056b4fe29739ab8fdc5cbea89fa2e4037
parent fc1a21d9

services/core/java/com/android/server/pm/PackageManagerService.java

+20 −5
Original line number Diff line number Diff line
@@ -437,6 +437,8 @@ public class PackageManagerService extends IPackageManager.Stub { 
     */

    private static final int DEFAULT_VERIFICATION_RESPONSE = PackageManager.VERIFICATION_ALLOW;













    static final String PLATFORM_PACKAGE_NAME = "android";



























    static final String DEFAULT_CONTAINER_PACKAGE = "com.android.defcontainer";





























    static final ComponentName DEFAULT_CONTAINER_COMPONENT = new ComponentName(










@@ -9744,7 +9746,9 @@ public class PackageManagerService extends IPackageManager.Stub {













                switch (grant) {















                    case GRANT_INSTALL: {















                        // Revoke this as runtime permission to handle the case of













                        // a runtime permission being downgraded to an install one. Also in permission review mode we keep dangerous permissions for legacy apps













                        // a runtime permission being downgraded to an install one.













                        // Also in permission review mode we keep dangerous permissions













                        // for legacy apps















                        for (int userId : UserManagerService.getInstance().getUserIds()) {















                            if (origPermissions.getRuntimePermissionState(















                                    bp.name, userId) != null) {










@@ -9792,10 +9796,21 @@ public class PackageManagerService extends IPackageManager.Stub {













                                    && !appSupportsRuntimePermissions) {















                                // For legacy apps that need a permission review, every new















                                // runtime permission is granted but it is pending a review.













                                // We also need to review only platform defined runtime













                                // permissions as these are the only ones the platform knows













                                // how to disable the API to simulate revocation as legacy













                                // apps don't expect to run with revoked permissions.













                                if (PLATFORM_PACKAGE_NAME.equals(bp.sourcePackage)) {















                                    if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) {













                                    permissionsState.grantRuntimePermission(bp, userId);















                                        flags |= FLAG_PERMISSION_REVIEW_REQUIRED;













                                    // We changed the permission and flags, hence have to write.













                                        // We changed the flags, hence have to write.













                                        changedRuntimePermissionUserIds = ArrayUtils.appendInt(













                                                changedRuntimePermissionUserIds, userId);













                                    }













                                }













                                if (permissionsState.grantRuntimePermission(bp, userId)













                                        != PermissionsState.PERMISSION_OPERATION_FAILURE) {













                                    // We changed the permission, hence have to write.















                                    changedRuntimePermissionUserIds = ArrayUtils.appendInt(















                                            changedRuntimePermissionUserIds, userId);















                                }