Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63debb8a authored by Christopher Tate's avatar Christopher Tate Committed by The Android Automerger
Browse files

Fix permission privilege w.r.t. updated system apps 

Note that it is *intentional* that even a privileged app cannot
add new privileged permissions via unbundled update.  The set of
privileged permissions granted is strictly limited to those used
by the apk file installed as privileged.

Bug 10027033

Change-Id: I974bae0671c1962e4526d51dd9a0c53bcd27323e
parent 2ae5999e

services/java/com/android/server/pm/PackageManagerService.java

+6 −2
Original line number Diff line number Diff line
@@ -5383,7 +5383,7 @@ public class PackageManagerService extends IPackageManager.Stub { 
                        == PackageManager.SIGNATURE_MATCH);

        if (!allowed && (bp.protectionLevel

                & PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) {

            if (isPrivilegedApp(pkg)) {

            if (isSystemApp(pkg)) {

                // For updated system applications, a system permission

                // is granted only if it had been defined by the original application.

                if (isUpdatedSystemApp(pkg)) {
@@ -5391,7 +5391,11 @@ public class PackageManagerService extends IPackageManager.Stub { 
                            .getDisabledSystemPkgLPr(pkg.packageName);

                    final GrantedPermissions origGp = sysPs.sharedUser != null

                            ? sysPs.sharedUser : sysPs;



                    if (origGp.grantedPermissions.contains(perm)) {

                        // If the original was granted this permission, we take

                        // that grant decision as read and propagate it to the

                        // update.

                        allowed = true;

                    } else {

                        // The system apk may have been updated with an older
@@ -5413,7 +5417,7 @@ public class PackageManagerService extends IPackageManager.Stub { 
                        }

                    }

                } else {

                    allowed = true;

                    allowed = isPrivilegedApp(pkg);

                }

            }

        }