Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8f1fb118 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Do not call noteOp if checkPermission fails 

This causes an access to be logged for runtime permissions even if the
permission is denied, which is incorrect.

Fixes: 127297477
Bug: 116258458
Test: Verified using steps in b/127297477
Change-Id: I8306aa273b7d4dfab40a2a6d8d1ef6f4d8cc2c54
parent 1dbd55b6

telephony/java/android/telephony/LocationAccessPolicy.java

+15 −15
Original line number Diff line number Diff line
@@ -174,23 +174,23 @@ public final class LocationAccessPolicy { 
        boolean hasManifestPermission = checkManifestPermission(context, query.callingPid,

                query.callingUid, permissionToCheck);



        if (hasManifestPermission) {

            // Only check the app op if the app has the permission.

            int appOpMode = context.getSystemService(AppOpsManager.class)

                    .noteOpNoThrow(AppOpsManager.permissionToOpCode(permissionToCheck),

                            query.callingUid, query.callingPackage);



        if (hasManifestPermission && appOpMode == AppOpsManager.MODE_ALLOWED) {

            if (appOpMode == AppOpsManager.MODE_ALLOWED) {

                // If the app did everything right, return without logging.

                return LocationPermissionResult.ALLOWED;

        }



        // If the app has the manifest permission but not the app-op permission, it means that

        // it's aware of the requirement and the user denied permission explicitly. If we see

        // this, don't let any of the overrides happen.

        if (hasManifestPermission) {

            } else {

                // If the app has the manifest permission but not the app-op permission, it means

                // that it's aware of the requirement and the user denied permission explicitly.

                // If we see this, don't let any of the overrides happen.

                Log.i(TAG, query.callingPackage + " is aware of " + locationTypeForLog + " but the"

                        + " app-ops permission is specifically denied.");

                return appOpsModeToPermissionResult(appOpMode);

            }

        }



        int minSdkVersion = Manifest.permission.ACCESS_FINE_LOCATION.equals(permissionToCheck)

                ? query.minSdkVersionForFine : query.minSdkVersionForCoarse;