Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83a3a4a9 authored by Svet Ganov's avatar Svet Ganov
Browse files

Restricted permission whitelisted by default 

To ensure existing installers would work without a change the
default state of installing a package is now that all restricted
permissions are whitelisted. If the installer specifies another
whitelist at install time, it determines the install state. In
addition to this we now enable the restricted permission checks
as a prebuilt installer is no longer required.

Test: atest CtsPermission2TestCases
Test: atest CtsPermissionTestCases
Test: atest CtsAppSecurityTestCases:android.appsecurity.cts.PermissionsHostTest

bug:132160728

Change-Id: I705e341faebe62fc2d88fd37ad8870b98e1b71b1
parent dd82c451

api/test-current.txt

+0 −1
Original line number Diff line number Diff line
@@ -725,7 +725,6 @@ package android.content.pm { 
    field public static final int FLAG_PERMISSION_USER_SET = 1; // 0x1

    field public static final int MATCH_FACTORY_ONLY = 2097152; // 0x200000

    field public static final int MATCH_KNOWN_PACKAGES = 4202496; // 0x402000

    field public static boolean RESTRICTED_PERMISSIONS_ENABLED;

    field public static final String SYSTEM_SHARED_LIBRARY_SERVICES = "android.ext.services";

    field public static final String SYSTEM_SHARED_LIBRARY_SHARED = "android.ext.shared";

  }

core/java/android/content/pm/PackageInstaller.java

+8 −5
Original line number Diff line number Diff line
@@ -1278,7 +1278,7 @@ public class PackageInstaller { 
        public int mode = MODE_INVALID;

        /** {@hide} */

        @UnsupportedAppUsage

        public int installFlags;

        public int installFlags = PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS;

        /** {@hide} */

        public int installLocation = PackageInfo.INSTALL_LOCATION_INTERNAL_ONLY;

        /** {@hide} */
@@ -1513,18 +1513,21 @@ public class PackageInstaller { 
         * state of the permission can be determined only at install time and cannot be

         * changed on updated or at a later point via the package manager APIs.

         *

         * <p>Initially, all restricted permissions are whitelisted but you can change

         * which ones are whitelisted by calling this method or the corresponding ones

         * on the {@link PackageManager}.

         *

         * @see PackageManager#addWhitelistedRestrictedPermission(String, String, int)

         * @see PackageManager#removeWhitelistedRestrictedPermission(String, String, int)

         */

        public void setWhitelistedRestrictedPermissions(@Nullable Set<String> permissions) {

            if (permissions == RESTRICTED_PERMISSIONS_ALL) {

                installFlags |= PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS;

            }

            if (permissions != null) {

                this.whitelistedRestrictedPermissions = new ArrayList<>(permissions);

                whitelistedRestrictedPermissions = null;

            } else {

                installFlags &= ~PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS;

                this.whitelistedRestrictedPermissions = null;

                whitelistedRestrictedPermissions = (permissions != null)

                        ? new ArrayList<>(permissions) : null;

            }

        }

core/java/android/content/pm/PackageManager.java

+0 −5
Original line number Diff line number Diff line
@@ -86,11 +86,6 @@ public abstract class PackageManager { 
    /** {@hide} */

    public static final boolean APPLY_DEFAULT_TO_DEVICE_PROTECTED_STORAGE = true;



    /** {@hide} */

    @TestApi

    // STOPSHIP: Remove this once we get a Play prebuilt.

    public static boolean RESTRICTED_PERMISSIONS_ENABLED = false;



    /**

     * This exception is thrown when a given package, application, or component

     * name cannot be found.

services/core/java/com/android/server/pm/PackageInstallerService.java

+0 −10
Original line number Diff line number Diff line
@@ -531,16 +531,6 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
                        + "to use the PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS flag");

            }



            // Only system components can circumvent restricted whitelisting when installing.

            if ((params.installFlags

                    & PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS) != 0

                    && mContext.checkCallingOrSelfPermission(Manifest.permission

                    .WHITELIST_RESTRICTED_PERMISSIONS) == PackageManager.PERMISSION_DENIED) {

                throw new SecurityException("You need the "

                        + "android.permission.WHITELIST_RESTRICTED_PERMISSIONS permission to"

                        + " use the PackageManager.INSTALL_WHITELIST_RESTRICTED_PERMISSIONS flag");

            }



            // Defensively resize giant app icons

            if (params.appIcon != null) {

                final ActivityManager am = (ActivityManager) mContext.getSystemService(

services/core/java/com/android/server/pm/PackageManagerShellCommand.java

+5 −4
Original line number Diff line number Diff line
@@ -2351,9 +2351,10 @@ class PackageManagerShellCommand extends ShellCommand { 
                    break;

                case "-g":

                    sessionParams.installFlags |= PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS;

                case "-w":

                    sessionParams.installFlags |=

                            PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS;

                    break;

                case "--restrict-permissions":

                    sessionParams.installFlags &=

                            ~PackageManager.INSTALL_ALL_WHITELIST_RESTRICTED_PERMISSIONS;

                    break;

                case "--dont-kill":

                    sessionParams.installFlags |= PackageManager.INSTALL_DONT_KILL_APP;
@@ -3004,10 +3005,10 @@ class PackageManagerShellCommand extends ShellCommand { 
        pw.println("      -d: allow version code downgrade (debuggable packages only)");

        pw.println("      -p: partial application install (new split on top of existing pkg)");

        pw.println("      -g: grant all runtime permissions");

        pw.println("      -w: whitelist all restricted permissions");

        pw.println("      -S: size in bytes of package, required for stdin");

        pw.println("      --user: install under the given user.");

        pw.println("      --dont-kill: installing a new feature split, don't kill running app");

        pw.println("      --restrict-permissions: don't whitelist restricted permissions at install");

        pw.println("      --originating-uri: set URI where app was downloaded from");

        pw.println("      --referrer: set URI that instigated the install of the app");

        pw.println("      --pkg: specify expected package name of app being installed");