Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4518d0be authored by Svet Ganov's avatar Svet Ganov Committed by Griff Hazen
Browse files

DO NOT MERGE: Propagate revoked permissions in permission review mode 

In permission review mode we represent install permissions for legacy
apps as constantly granted runtime ones since we need to keep per
user flags associated with a permission. We were not propagating
a revoked permission for a legacy app when the later is upgraded to
a modern app when permission review is enabled.

Test: CTS test passes and manual testing worked fine

Bug: 34240393
Change-Id: I32b8ffee89cc034661f8eb5a172dbe2349ea4a18
(cherry picked from commit fe0253b3)
parent 7a6c5412

services/core/java/com/android/server/pm/PackageManagerService.java

+21 −3
Original line number Diff line number Diff line
@@ -10108,12 +10108,30 @@ public class PackageManagerService extends IPackageManager.Stub { 
                            int flags = permissionState != null

                                    ? permissionState.getFlags() : 0;

                            if (origPermissions.hasRuntimePermission(bp.name, userId)) {

                                // Don't propagate the permission in a permission review mode if

                                // the former was revoked, i.e. marked to not propagate on upgrade.

                                // Note that in a permission review mode install permissions are

                                // represented as constantly granted runtime ones since we need to

                                // keep a per user state associated with the permission. Also the

                                // revoke on upgrade flag is no longer applicable and is reset.

                                final boolean revokeOnUpgrade = (flags & PackageManager

                                        .FLAG_PERMISSION_REVOKE_ON_UPGRADE) != 0;

                                if (revokeOnUpgrade) {

                                    flags &= ~PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE;

                                    // Since we changed the flags, we have to write.

                                    changedRuntimePermissionUserIds = ArrayUtils.appendInt(

                                            changedRuntimePermissionUserIds, userId);

                                }

                                if (!mPermissionReviewRequired || !revokeOnUpgrade) {

                                    if (permissionsState.grantRuntimePermission(bp, userId) ==

                                            PermissionsState.PERMISSION_OPERATION_FAILURE) {

                                    // If we cannot put the permission as it was, we have to write.

                                        // If we cannot put the permission as it was,

                                        // we have to write.

                                        changedRuntimePermissionUserIds = ArrayUtils.appendInt(

                                                changedRuntimePermissionUserIds, userId);

                                    }

                                }















                                // If the app supports runtime permissions no need for a review.















                                if ((mPermissionReviewRequired || Build.PERMISSIONS_REVIEW_REQUIRED)















                                        && appSupportsRuntimePermissions