Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 76ad1a3c authored by Nathan Harold's avatar Nathan Harold
Browse files

Add Permissions Grant for TelephonyDataService 

The Telephony Data Service is a privileged service
that provides Data capabilities *to* Telephony. A
data service that provides IWLAN may also use WiFi
as an underlying connection that tunnels Telephony
data services over WiFi using IPsec. The carrier-
config-driven permissions model causes the
framework to bind to an appropriate Telephony Data
Service, for a given carrier, and that Data Service
is responsible for providing Cellular data. Thus,
The TelephonyDataService needs sufficient
permissions to access cellular info necessary for
performing signalling for IWLAN. This includes
Phone state information and location information
such as the current Wifi access points and the
current cell towers. In addition, a Telephony
Data Service may require access to IPsec if the
data service uses the Android API to establish
IPsec, which is optional today.

Bug: 66955045
Test: wip
Merged-In: Ibe4f7806a47e2a50999376ff0a5a07dc5b332953
Change-Id: Ibe4f7806a47e2a50999376ff0a5a07dc5b332953
parent d66b9f3d

core/java/android/content/pm/IPackageManager.aidl

+4 −0
Original line number Diff line number Diff line
@@ -607,6 +607,10 @@ interface IPackageManager { 
    void removeOnPermissionsChangeListener(in IOnPermissionsChangeListener listener);

    void grantDefaultPermissionsToEnabledCarrierApps(in String[] packageNames, int userId);

    void grantDefaultPermissionsToEnabledImsServices(in String[] packageNames, int userId);

    void grantDefaultPermissionsToEnabledTelephonyDataServices(

            in String[] packageNames, int userId);

    void revokeDefaultPermissionsFromDisabledTelephonyDataServices(

            in String[] packageNames, int userId);



    boolean isPermissionRevokedByPolicy(String permission, String packageName, int userId);

services/core/java/com/android/server/pm/PackageManagerService.java

+26 −0
Original line number Diff line number Diff line
@@ -23948,6 +23948,32 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); 
        }

    }













    @Override













    public void grantDefaultPermissionsToEnabledTelephonyDataServices(













            String[] packageNames, int userId) {













        enforceSystemOrPhoneCaller("grantDefaultPermissionsToEnabledTelephonyDataServices");













        synchronized (mPackages) {













            Binder.withCleanCallingIdentity( () -> {













                mDefaultPermissionPolicy.













                        grantDefaultPermissionsToEnabledTelephonyDataServices(













                                packageNames, userId);













            });













        }













    }

























    @Override













    public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(













            String[] packageNames, int userId) {













        enforceSystemOrPhoneCaller("revokeDefaultPermissionsFromDisabledTelephonyDataServices");













        synchronized (mPackages) {













            Binder.withCleanCallingIdentity( () -> {













                mDefaultPermissionPolicy.













                        revokeDefaultPermissionsFromDisabledTelephonyDataServices(













                                packageNames, userId);













            });













        }













    }



























    private static void enforceSystemOrPhoneCaller(String tag) {















        int callingUid = Binder.getCallingUid();















        if (callingUid != Process.PHONE_UID && callingUid != Process.SYSTEM_UID) {

























services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java



+34
−0




























Original line number
Diff line number
Diff line








@@ -980,6 +980,40 @@ public final class DefaultPermissionGrantPolicy {













        }















    }





























    public void grantDefaultPermissionsToEnabledTelephonyDataServices(













            String[] packageNames, int userId) {













        Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);













        if (packageNames == null) {













            return;













        }













        for (String packageName : packageNames) {













            PackageParser.Package dataServicePackage = getSystemPackage(packageName);













            if (dataServicePackage != null













                    && doesPackageSupportRuntimePermissions(dataServicePackage)) {













                // Grant these permissions as system-fixed, so that nobody can accidentally













                // break cellular data.













                grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);













                grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);













            }













        }













    }



























    public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(













            String[] packageNames, int userId) {













        Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);













        if (packageNames == null) {













            return;













        }













        for (String packageName : packageNames) {













            PackageParser.Package dataServicePackage = getSystemPackage(packageName);













            if (dataServicePackage != null













                    && doesPackageSupportRuntimePermissions(dataServicePackage)) {













                revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);













                revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);













            }













        }













    }





























    public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {















        Log.i(TAG, "Granting permissions to default browser for user:" + userId);















        if (packageName == null) {