Commit b875116b authored Dec 13, 2018 by Philip P. Moltmann

Grant removed install permissions

Historically removed permissions just stayed forever in their default
state. E.g. install permissions are granted and runtime permissions are
granted for pre-M apps. In Q we should keep this behavior. Still we have
to make sure that we never set the review-required flag as this flags
will never be reset prevents the app from starting.

Fixes: 120981154
Test: - Manual verification of review-required flag for pre-M app
        - when freshly installed
	- after permission review
	- after permission reset
      - atest android.appsecurity.cts.PermissionsHostTest#
              testCompatDefault22,testReviewPermissionWhenServiceIsBound
	while set-isolated-storage was set to true
      - atest android.content.cts.ContextTest#testCheckPermissionGranted

Change-Id: Ic27c17d2e93f6e2f87127cd4aec7281e6fbdbb8f

parent b8bf83fd

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+2 −5

Original line number	Diff line number	Diff line
		@@ -799,10 +799,6 @@ public class PermissionManagerService {
		continue;
		}

		if (bp.isRemoved()) {
		continue;
		}

		// Limit ephemeral apps to ephemeral allowed permissions.
		if (pkg.applicationInfo.isInstantApp() && !bp.isInstant()) {
		if (DEBUG_PERMISSIONS) {
		@@ -951,7 +947,8 @@ public class PermissionManagerService {
		// how to disable the API to simulate revocation as legacy
		// apps don't expect to run with revoked permissions.
		if (PLATFORM_PACKAGE_NAME.equals(bp.getSourcePackageName())) {
		if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) {
		if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0
		&& !bp.isRemoved()) {
		flags \|= FLAG_PERMISSION_REVIEW_REQUIRED;
		// We changed the flags, hence have to write.
		updatedUserIds = ArrayUtils.appendInt(