Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 95a86edf authored by Jurijs Oniscuks's avatar Jurijs Oniscuks Committed by Snild Dolkow
Browse files

Fix odm privapp permissions 



SystemConfig.java treats permissions for odm and vendor priv-apps
identically, reading them into mVendorPrivilegedAppAllowlist.

Similarly, PermissionManagerServiceImpl.java should verify permissions
for pkg.isOdm() the same way as it does for pkg.isVendor(). Without this
fix, permissions for /odm/priv-app are simply ignored.

Bug: 230028571
Hastily-ported-to-Android-U-by: default avatarSnild Dolkow <snild@sony.com>
Test: manual -- check that odm priv-app can get permissions
Change-Id: I2c0f9452456e6ade7a336694392b2ef1011626bf
parent 75e8f4f9

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+2 −2
Original line number Diff line number Diff line
@@ -3379,7 +3379,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 
        final PermissionAllowlist permissionAllowlist =

                SystemConfig.getInstance().getPermissionAllowlist();

        final String packageName = packageState.getPackageName();

        if (packageState.isVendor()) {

        if (packageState.isVendor() || packageState.isOdm()) {

            return permissionAllowlist.getVendorPrivilegedAppAllowlistState(packageName,

                    permissionName);

        } else if (packageState.isProduct()) {
@@ -3474,7 +3474,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 
            // the permission's protectionLevel does not have the extra 'vendorPrivileged'

            // flag.

            if (allowed && isPrivilegedPermission && !bp.isVendorPrivileged()

                    && pkgSetting.isVendor()) {

                    && (pkgSetting.isVendor() || pkgSetting.isOdm())) {

                Slog.w(TAG, "Permission " + permissionName

                        + " cannot be granted to privileged vendor apk " + pkg.getPackageName()

                        + " because it isn't a 'vendorPrivileged' permission.");