Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a94e300 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Preserve implicit split-permissions on clear. 

The platform implicitly issues a grant for new runtime permissions
which have been split from non-runtime permissions, but we discovered
that clearing data on an app will remove this implicit grant.

This change fixes that bug by preserving any implicit grants
during a resetRuntimePermissions() as long as the app being cleared
is still targeting an older SDK.

Bug: 183203469
Test: csuite-tradefed run commandAndExit csuite-app-launch --enable-module-dynamic-download --dynamic-download-args com.android.csuite.config.AppRemoteFileResolver:uri-template=/tmp/csuite-apk/{package} -l verbose --package com.skype.raider
Change-Id: I4afd59d6cc32cdd8916be1ceba5e01fd07832d1a
parent 2c8f0f02

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+28 −3
Original line number Diff line number Diff line
@@ -1798,9 +1798,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                // PermissionPolicyService will handle the app op for runtime permissions later.

                grantRuntimePermissionInternal(packageName, permName, false,

                        Process.SYSTEM_UID, userId, delayingPermCallback);

            // If permission review is enabled the permissions for a legacy apps

            // are represented as constantly granted runtime ones, so don't revoke.

            } else if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) {

            // In certain cases we should leave the state unchanged:

            // -- If permission review is enabled the permissions for a legacy apps

            // are represented as constantly granted runtime ones

            // -- If the permission was split from a non-runtime permission

            } else if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0

                    && !isPermissionSplitFromNonRuntime(permName, targetSdk)) {

                // Otherwise, reset the permission.

                revokeRuntimePermissionInternal(packageName, permName, false, Process.SYSTEM_UID,

                        userId, null, delayingPermCallback);
@@ -1832,6 +1835,28 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
        mPackageManagerInt.writePermissionSettings(asyncUpdatedUsers.toArray(), true);

    }



    /**

     * Determine if the given permission should be treated as split from a

     * non-runtime permission for an application targeting the given SDK level.

     */

    private boolean isPermissionSplitFromNonRuntime(String permName, int targetSdk) {

        final List<PermissionManager.SplitPermissionInfo> splitPerms = getSplitPermissionInfos();

        final int size = splitPerms.size();

        for (int i = 0; i < size; i++) {

            final PermissionManager.SplitPermissionInfo splitPerm = splitPerms.get(i);

            if (targetSdk < splitPerm.getTargetSdk()

                    && splitPerm.getNewPermissions().contains(permName)) {

                synchronized (mLock) {

                    final Permission perm =

                            mRegistry.getPermission(splitPerm.getSplitPermission());

                    return perm != null && perm.getType() != Permission.TYPE_CONFIG

                            && !perm.isRuntime();

                }

            }

        }

        return false;

    }



    /**

     * This change makes it so that apps are told to show rationale for asking for background

     * location access every time they request.