Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 695b2a1b authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Filter package visibility in... 

Merge "Filter package visibility in checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission()." into sc-dev am: 4c2c1530

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/14390030

Change-Id: I0df024e71ed61c84c7df3130628d524ba68b0367
parents 0946f87c 4c2c1530

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+11 −0
Original line number Original line Diff line number Diff line
@@ -1215,6 +1215,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 




    private boolean checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission(

    private boolean checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission(

            @NonNull String permName) {

            @NonNull String permName) {

        final String permissionPackageName;

        final boolean isImmutablyRestrictedPermission;

        final boolean isImmutablyRestrictedPermission;

        synchronized (mLock) {

        synchronized (mLock) {

            final Permission bp = mRegistry.getPermission(permName);

            final Permission bp = mRegistry.getPermission(permName);
@@ -1222,15 +1223,25 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                Slog.w(TAG, "No such permissions: " + permName);

                Slog.w(TAG, "No such permissions: " + permName);

                return false;

                return false;

            }

            }

            permissionPackageName = bp.getPackageName();

            isImmutablyRestrictedPermission = bp.isHardOrSoftRestricted()

            isImmutablyRestrictedPermission = bp.isHardOrSoftRestricted()

                    && bp.isImmutablyRestricted();

                    && bp.isImmutablyRestricted();

        }

        }



        final int callingUid = getCallingUid();

        final int callingUserId = UserHandle.getUserId(callingUid);

        if (mPackageManagerInt.filterAppAccess(permissionPackageName, callingUid, callingUserId)) {

            EventLog.writeEvent(0x534e4554, "186404356", callingUid, permName);

            return false;

        }



        if (isImmutablyRestrictedPermission && mContext.checkCallingOrSelfPermission(

        if (isImmutablyRestrictedPermission && mContext.checkCallingOrSelfPermission(

                Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS)

                Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS)

                != PackageManager.PERMISSION_GRANTED) {

                != PackageManager.PERMISSION_GRANTED) {

            throw new SecurityException("Cannot modify allowlisting of an immutably "

            throw new SecurityException("Cannot modify allowlisting of an immutably "

                    + "restricted permission: " + permName);

                    + "restricted permission: " + permName);

        }

        }



        return true;

        return true;

    }

    }