Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 69b645ff authored by Philip P. Moltmann's avatar Philip P. Moltmann
Browse files

Check flags for user in SoftRestrictedPermPolicy 

As the context might not be for the right user.

Test: Granted storage permission to app only installed in secondary user
Fixes: 135268081
Change-Id: I62569c812511509b60c4272042f949e547cb304b
parent 1ed4ce01

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -2128,7 +2128,7 @@ public class PermissionManagerService { 
        }



        if (bp.isSoftRestricted() && !SoftRestrictedPermissionPolicy.forPermission(mContext,

                pkg.applicationInfo, permName).canBeGranted()) {

                pkg.applicationInfo, UserHandle.of(userId), permName).canBeGranted()) {

            Log.e(TAG, "Cannot grant soft restricted permission " + permName + " for package "

                    + packageName);

            return;

services/core/java/com/android/server/policy/PermissionPolicyService.java

+1 −1
Original line number Diff line number Diff line
@@ -414,7 +414,7 @@ public final class PermissionPolicyService extends SystemService { 
            } else if (permissionInfo.isSoftRestricted()) {

                final SoftRestrictedPermissionPolicy policy =

                        SoftRestrictedPermissionPolicy.forPermission(mContext, pkg.applicationInfo,

                                permission);

                                mContext.getUser(), permission);



                if (opCode != OP_NONE) {

                    if (policy.canBeGranted()) {

services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java

+5 −2
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ import android.app.AppOpsManager; 
import android.content.Context;

import android.content.pm.ApplicationInfo;

import android.os.Build;

import android.os.UserHandle;



/**

 * The behavior of soft restricted permissions is different for each permission. This class collects
@@ -75,12 +76,14 @@ public abstract class SoftRestrictedPermissionPolicy { 
     *

     * @param context A context to use

     * @param appInfo The application the permission belongs to

     * @param user The user the app belongs to

     * @param permission The name of the permission

     *

     * @return The policy for this permission

     */

    public static @NonNull SoftRestrictedPermissionPolicy forPermission(@NonNull Context context,

            @NonNull ApplicationInfo appInfo, @NonNull String permission) {

            @NonNull ApplicationInfo appInfo, @NonNull UserHandle user,

            @NonNull String permission) {

        switch (permission) {

            // Storage uses a special app op to decide the mount state and supports soft restriction

            // where the restricted state allows the permission but only for accessing the medial
@@ -88,7 +91,7 @@ public abstract class SoftRestrictedPermissionPolicy { 
            case READ_EXTERNAL_STORAGE:

            case WRITE_EXTERNAL_STORAGE: {

                int flags = context.getPackageManager().getPermissionFlags(

                        permission, appInfo.packageName, context.getUser());

                        permission, appInfo.packageName, user);

                boolean applyRestriction = (flags & FLAG_PERMISSION_APPLY_RESTRICTION) != 0;

                boolean isWhiteListed = (flags & FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0;

                boolean hasRequestedLegacyExternalStorage =