Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit adb8c522 authored by Svetoslav Ganov's avatar Svetoslav Ganov
Browse files

Report permission flags for all protections based on SDK 

We added a couple of protection flags that also apply to
normal and dangerous permissions. These flags are folded
in the protection level breaking apps that directly and
compare against the protection constants. Apps that target
older than O SDK don't get protection flags folded into
the protection level.

Test: All permission tests pass
      Added a new test to ensure no protection flags reported
      for normal and dangerous permissions

Change-Id: I87b10a7695d8ecfa7156525d6f3d101fc0639513
bug:62755026
parent 784b56e1

core/java/android/app/ApplicationPackageManager.java

+2 −1
Original line number Diff line number Diff line
@@ -281,7 +281,8 @@ public class ApplicationPackageManager extends PackageManager { 
    public PermissionInfo getPermissionInfo(String name, int flags)

            throws NameNotFoundException {

        try {

            PermissionInfo pi = mPM.getPermissionInfo(name, flags);

            PermissionInfo pi = mPM.getPermissionInfo(name,

                    mContext.getOpPackageName(), flags);

            if (pi != null) {

                return pi;

            }

core/java/android/content/pm/IPackageManager.aidl

+1 −1
Original line number Diff line number Diff line
@@ -71,7 +71,7 @@ interface IPackageManager { 
    String[] currentToCanonicalPackageNames(in String[] names);

    String[] canonicalToCurrentPackageNames(in String[] names);



    PermissionInfo getPermissionInfo(String name, int flags);

    PermissionInfo getPermissionInfo(String name, String packageName, int flags);



    ParceledListSlice queryPermissionsByGroup(String group, int flags);

services/core/java/com/android/server/am/BroadcastQueue.java

+1 −1
Original line number Diff line number Diff line
@@ -802,7 +802,7 @@ public final class BroadcastQueue { 
        IPackageManager pm = AppGlobals.getPackageManager();

        for (int i = perms.length-1; i >= 0; i--) {

            try {

                PermissionInfo pi = pm.getPermissionInfo(perms[i], 0);

                PermissionInfo pi = pm.getPermissionInfo(perms[i], "android", 0);

                if ((pi.protectionLevel & (PermissionInfo.PROTECTION_MASK_BASE

                        | PermissionInfo.PROTECTION_FLAG_PRIVILEGED))

                        != PermissionInfo.PROTECTION_SIGNATURE) {

services/core/java/com/android/server/pm/PackageManagerService.java

+50 −6
Original line number Diff line number Diff line
@@ -3996,18 +3996,62 @@ public class PackageManagerService extends IPackageManager.Stub 
    }















    @Override













    public PermissionInfo getPermissionInfo(String name, int flags) {













        if (getInstantAppPackageName(Binder.getCallingUid()) != null) {













    public PermissionInfo getPermissionInfo(String name, String packageName, int flags) {













        final int callingUid = Binder.getCallingUid();













        if (getInstantAppPackageName(callingUid) != null) {















            return null;















        }















        // reader















        synchronized (mPackages) {















            final BasePermission p = mSettings.mPermissions.get(name);













            if (p != null) {













                return generatePermissionInfo(p, flags);













            // If the caller is an app that targets pre 26 SDK drop protection flags.













            final PermissionInfo permissionInfo = generatePermissionInfo(p, flags);













            permissionInfo.protectionLevel = adjustPermissionProtectionFlagsLPr(













                    permissionInfo.protectionLevel, packageName, callingUid);













            return permissionInfo;















        }













            return null;















    }

























    private int adjustPermissionProtectionFlagsLPr(int protectionLevel,













            String packageName, int uid) {













        // Signature permission flags area always reported













        final int protectionLevelMasked = protectionLevel













                & (PermissionInfo.PROTECTION_NORMAL













                | PermissionInfo.PROTECTION_DANGEROUS













                | PermissionInfo.PROTECTION_SIGNATURE);













        if (protectionLevelMasked == PermissionInfo.PROTECTION_SIGNATURE) {













            return protectionLevel;













        }

























        // System sees all flags.













        final int appId = UserHandle.getAppId(uid);













        if (appId == Process.SYSTEM_UID || appId == Process.ROOT_UID













                || appId == Process.SHELL_UID) {













            return protectionLevel;













        }

























        // Normalize package name to handle renamed packages and static libs













        packageName = resolveInternalPackageNameLPr(packageName,













                PackageManager.VERSION_CODE_HIGHEST);

























        // Apps that target O see flags for all protection levels.













        final PackageSetting ps = mSettings.mPackages.get(packageName);













        if (ps == null) {













            return protectionLevel;













        }













        if (ps.appId != appId) {













            return protectionLevel;













        }

























        final PackageParser.Package pkg = mPackages.get(packageName);













        if (pkg == null) {













            return protectionLevel;













        }













        if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.O) {













            return protectionLevelMasked;













        }

























        return protectionLevel;















    }





























    @Override