Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 54c51cee authored by Hai Zhang's avatar Hai Zhang
Browse files

Make runtime permission check return granted for pre-M apps 

... if they have requested it, of course.

Pre-M apps would never expect the permission to be revoked, and we
rely on app op for the final decision. This change allows us to use
the actual permission state to store/derive the app op state.

Bug: 136503238
Test: atest CtsAppSecurityHostTestCases CtsPermissionTestCases
Change-Id: I9473a265a5eadef994d8bddb0700c08ad10ba654
parent 72fcdcde

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+17 −1
Original line number Diff line number Diff line
@@ -843,7 +843,23 @@ public class PermissionManagerService extends IPermissionManager.Stub { 


    private boolean checkSinglePermissionInternal(int uid,

            @NonNull PermissionsState permissionsState, @NonNull String permissionName) {

        if (!permissionsState.hasPermission(permissionName, UserHandle.getUserId(uid))) {

        boolean hasPermission = permissionsState.hasPermission(permissionName,

                UserHandle.getUserId(uid));



        if (!hasPermission && mSettings.isPermissionRuntime(permissionName)) {

            final String[] packageNames = mContext.getPackageManager().getPackagesForUid(uid);

            final int packageNamesSize = packageNames != null ? packageNames.length : 0;

            for (int i = 0; i < packageNamesSize; i++) {

                final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageNames[i]);

                if (pkg != null && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M

                        && pkg.requestedPermissions.contains(permissionName)) {

                    hasPermission = true;

                    break;

                }

            }

        }



        if (!hasPermission) {

            return false;

        }

services/core/java/com/android/server/pm/permission/PermissionSettings.java

+12 −3
Original line number Diff line number Diff line
@@ -18,13 +18,11 @@ package com.android.server.pm.permission; 


import android.annotation.NonNull;

import android.annotation.Nullable;

import android.content.Context;

import android.content.pm.PackageParser;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.Log;



import com.android.internal.R;

import com.android.internal.annotations.GuardedBy;

import com.android.internal.util.XmlUtils;

import com.android.server.pm.DumpState;
@@ -37,7 +35,6 @@ import org.xmlpull.v1.XmlSerializer; 
import java.io.IOException;

import java.io.PrintWriter;

import java.util.Collection;

import java.util.Set;



/**

 * Permissions and other related data. This class is not meant for
@@ -249,6 +246,18 @@ public class PermissionSettings { 
        }

    }



    /**

     * Check whether a permission is runtime.

     *

     * @see BasePermission#isRuntime()

     */

    public boolean isPermissionRuntime(@NonNull String permName) {

        synchronized (mLock) {

            final BasePermission bp = mPermissions.get(permName);

            return (bp != null && bp.isRuntime());

        }

    }



    public boolean isPermissionInstant(String permName) {

        synchronized (mLock) {

            final BasePermission bp = mPermissions.get(permName);