Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit adc1cf46 authored by Svet Ganov's avatar Svet Ganov
Browse files

Only grant runtime permissions to special components. 

Now runtime permissions are granted only to components that are
part of the system or perform special system operations. For
exmple, the shell UID gets its runtime permissions granted by
default and the default phone app gets the phone permissions
granted by default.

bug:21764803

Change-Id: If8b8cadbd1980ffe7a6fc15bbb5f54a425f6e8f9
parent 90b3b93d

core/java/android/content/pm/ApplicationInfo.java

+7 −0
Original line number Diff line number Diff line
@@ -959,6 +959,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
        return (flags & ApplicationInfo.FLAG_SYSTEM) != 0;

    }



    /**

     * @hide

     */

    public boolean isPrivilegedApp() {

        return (privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0;

    }



    /**

     * @hide

     */

core/java/android/content/pm/PackageManagerInternal.java

0 → 100644
+58 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.content.pm;



import android.annotation.NonNull;



/**

 * Package manager local system service interface.

 *

 * @hide Only for use within the system server.

 */

public abstract class PackageManagerInternal {



    /**

     * Provider for package names.

     */

    public interface PackagesProvider {



        /**

         * Gets the packages for a given user.

         * @param userId The user id.

         * @return The package names.

         */

        public String[] getPackages(int userId);

    }



    /**

     * Sets the location provider packages provider.

     * @param provider The packages provider.

     */

    public abstract void setLocationPackagesProvider(PackagesProvider provider);



    /**

     * Sets the input method packages provider.

     * @param provider The packages provider.

     */

    public abstract void setImePackagesProvider(PackagesProvider provider);



    /**

     * Sets the voice interaction packages provider.

     * @param provider The packages provider.

     */

    public abstract void setVoiceInteractionPackagesProvider(PackagesProvider provider);

}

core/java/android/content/pm/PackageParser.java

+7 −0
Original line number Diff line number Diff line
@@ -4505,6 +4505,13 @@ public class PackageParser { 
            return applicationInfo.isSystemApp();

        }



        /**

         * @hide

         */

        public boolean isPrivilegedApp() {

            return applicationInfo.isPrivilegedApp();

        }



        /**

         * @hide

         */

services/core/java/com/android/server/InputMethodManagerService.java

+34 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
package com.android.server;



import android.annotation.NonNull;

import android.content.pm.PackageManagerInternal;

import com.android.internal.content.PackageMonitor;

import com.android.internal.inputmethod.InputMethodSubtypeSwitchingController;

import com.android.internal.inputmethod.InputMethodSubtypeSwitchingController.ImeSubtypeListItem;
@@ -31,6 +32,7 @@ import com.android.internal.view.IInputMethodClient; 
import com.android.internal.view.IInputMethodManager;

import com.android.internal.view.IInputMethodSession;

import com.android.internal.view.InputBindResult;

import com.android.server.pm.UserManagerService;

import com.android.server.statusbar.StatusBarManagerService;

import com.android.server.wm.WindowManagerService;
@@ -859,6 +861,38 @@ public class InputMethodManagerService extends IInputMethodManager.Stub 
        // mSettings should be created before buildInputMethodListLocked

        mSettings = new InputMethodSettings(

                mRes, context.getContentResolver(), mMethodMap, mMethodList, userId);



        // Let the package manager query which are the default imes

        // as they get certain permissions granted by default.

        PackageManagerInternal packageManagerInternal = LocalServices.getService(

                PackageManagerInternal.class);

        packageManagerInternal.setImePackagesProvider(

                new PackageManagerInternal.PackagesProvider() {

                    @Override

                    public String[] getPackages(int userId) {

                        synchronized (mMethodMap) {

                            final int currentUserId = mSettings.getCurrentUserId();

                            // TODO: We are switching the current user id in the settings

                            // object to query it and then revert the user id. Ideally, we

                            // should call a API in settings with the user id as an argument.

                            mSettings.setCurrentUserId(userId);

                            List<InputMethodInfo> imes = mSettings

                                    .getEnabledInputMethodListLocked();

                            String[] packageNames = null;

                            if (imes != null) {

                                final int imeCount = imes.size();

                                packageNames = new String[imeCount];

                                for (int i = 0; i < imeCount; i++) {

                                    InputMethodInfo ime = imes.get(i);

                                    packageNames[i] = ime.getPackageName();

                                }

                            }

                            mSettings.setCurrentUserId(currentUserId);

                            return packageNames;

                        }

                    }

                });



        updateCurrentProfileIds();

        mFileManager = new InputMethodFileManager(mMethodMap, userId);

        synchronized (mMethodMap) {

services/core/java/com/android/server/LocationManagerService.java

+14 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server;



import android.content.pm.PackageManagerInternal;

import com.android.internal.content.PackageMonitor;

import com.android.internal.location.ProviderProperties;

import com.android.internal.location.ProviderRequest;
@@ -218,6 +219,19 @@ public class LocationManagerService extends ILocationManager.Stub { 
        mContext = context;

        mAppOps = (AppOpsManager)context.getSystemService(Context.APP_OPS_SERVICE);



        // Let the package manager query which are the default location

        // providers as they get certain permissions granted by default.

        PackageManagerInternal packageManagerInternal = LocalServices.getService(

                PackageManagerInternal.class);

        packageManagerInternal.setLocationPackagesProvider(

                new PackageManagerInternal.PackagesProvider() {

                    @Override

                    public String[] getPackages(int userId) {

                        return mContext.getResources().getStringArray(

                                com.android.internal.R.array.config_locationProviderPackageNames);

                    }

                });



        if (D) Log.d(TAG, "Constructed");



        // most startup is deferred until systemReady()