Allow only system signed apps to grant permissions at install (805b63e2) · Commits · e / os / android_frameworks_base

core/res/AndroidManifest.xml

+6 −0

Original line number	Diff line number	Diff line
		@@ -3017,6 +3017,12 @@
		android:description="@string/permdesc_accessVoiceInteractionService"
		android:label="@string/permlab_accessVoiceInteractionService" />

		<!-- Allows an app that has this permission and a permissions to install packages
		to request all runtime permissions to be granted at installation.
		@hide -->
		<permission android:name="android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS"
		android:protectionLevel="signature" />

		<!-- The system process is explicitly the only one allowed to launch the
		confirmation UI for full backup/restore -->
		<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>

+1 −0

Original line number	Diff line number	Diff line
		@@ -93,6 +93,7 @@
		<uses-permission android:name="android.permission.BIND_APPWIDGET" />
		<uses-permission android:name="android.permission.UPDATE_APP_OPS_STATS" />
		<uses-permission android:name="android.permission.MODIFY_APPWIDGET_BIND_PERMISSIONS"/>
		<uses-permission android:name="android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS" />

		<application android:label="@string/app_label">
		<provider

+10 −0

Original line number	Diff line number	Diff line
		@@ -30,6 +30,7 @@ import static com.android.internal.util.XmlUtils.writeUriAttribute;
		import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT;
		import static org.xmlpull.v1.XmlPullParser.START_TAG;

		import android.Manifest;
		import android.app.ActivityManager;
		import android.app.AppGlobals;
		import android.app.AppOpsManager;
		@@ -528,6 +529,15 @@ public class PackageInstallerService extends IPackageInstaller.Stub {
		params.installFlags \|= PackageManager.INSTALL_REPLACE_EXISTING;
		}

		// Only system components can circumvent runtime permissions when installing.
		if ((params.installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0
		&& mContext.checkCallingOrSelfPermission(Manifest.permission
		.INSTALL_GRANT_RUNTIME_PERMISSIONS) == PackageManager.PERMISSION_DENIED) {
		throw new SecurityException("You need the "
		+ "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS permission "
		+ "to use the PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS flag");
		}

		// Defensively resize giant app icons
		if (params.appIcon != null) {
		final ActivityManager am = (ActivityManager) mContext.getSystemService(

+9 −1

Original line number	Diff line number	Diff line
		@@ -8528,6 +8528,15 @@ public class PackageManagerService extends IPackageManager.Stub {
		user = new UserHandle(userId);
		}

		// Only system components can circumvent runtime permissions when installing.
		if ((installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0
		&& mContext.checkCallingOrSelfPermission(Manifest.permission
		.INSTALL_GRANT_RUNTIME_PERMISSIONS) == PackageManager.PERMISSION_DENIED) {
		throw new SecurityException("You need the "
		+ "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS permission "
		+ "to use the PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS flag");
		}

		verificationParams.setInstallerUid(callingUid);

		final File originFile = new File(originPath);
		@@ -8685,7 +8694,6 @@ public class PackageManagerService extends IPackageManager.Stub {
		long callingId = Binder.clearCallingIdentity();
		try {
		boolean sendAdded = false;
		Bundle extras = new Bundle(1);

		// writer
		synchronized (mPackages) {