Merge "Filter package visibility in... (8ffd5114) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+11 −0

Original line number	Diff line number	Diff line
		@@ -1215,6 +1215,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {

		private boolean checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission(
		@NonNull String permName) {
		final String permissionPackageName;
		final boolean isImmutablyRestrictedPermission;
		synchronized (mLock) {
		final Permission bp = mRegistry.getPermission(permName);
		@@ -1222,15 +1223,25 @@ public class PermissionManagerService extends IPermissionManager.Stub {
		Slog.w(TAG, "No such permissions: " + permName);
		return false;
		}
		permissionPackageName = bp.getPackageName();
		isImmutablyRestrictedPermission = bp.isHardOrSoftRestricted()
		&& bp.isImmutablyRestricted();
		}

		final int callingUid = getCallingUid();
		final int callingUserId = UserHandle.getUserId(callingUid);
		if (mPackageManagerInt.filterAppAccess(permissionPackageName, callingUid, callingUserId)) {
		EventLog.writeEvent(0x534e4554, "186404356", callingUid, permName);
		return false;
		}

		if (isImmutablyRestrictedPermission && mContext.checkCallingOrSelfPermission(
		Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS)
		!= PackageManager.PERMISSION_GRANTED) {
		throw new SecurityException("Cannot modify allowlisting of an immutably "
		+ "restricted permission: " + permName);
		}

		return true;
		}