Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bd111589 authored by Ralph Nathan's avatar Ralph Nathan
Browse files

Permissions: Don't autogrant all permissions on Android Things 

Currently, we're auto granting all requested permissions on Android
Things devices. This cl moves us away from that and allows OEMs to use
the default-permissions flow to explicitly decide which dangerous
permissions they want each app in the OEM partition to have.

Bug: 73007742
Test: manual test
Change-Id: I0c33933c414ccd7b6f766790f2f7ebfebb1ddc4f
parent 23ceeb3a

services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

+10 −7
Original line number Original line Diff line number Diff line
@@ -264,14 +264,10 @@ public final class DefaultPermissionGrantPolicy { 
    }

    }





    public void grantDefaultPermissions(int userId) {

    public void grantDefaultPermissions(int userId) {

        if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {

            grantAllRuntimePermissions(userId);

        } else {

        grantPermissionsToSysComponentsAndPrivApps(userId);

        grantPermissionsToSysComponentsAndPrivApps(userId);

        grantDefaultSystemHandlerPermissions(userId);

        grantDefaultSystemHandlerPermissions(userId);

        grantDefaultPermissionExceptions(userId);

        grantDefaultPermissionExceptions(userId);

    }

    }

    }





    private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {

    private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {

        Set<String> permissions = new ArraySet<>();

        Set<String> permissions = new ArraySet<>();
@@ -1247,6 +1243,13 @@ public final class DefaultPermissionGrantPolicy { 
        if (dir.isDirectory() && dir.canRead()) {

        if (dir.isDirectory() && dir.canRead()) {

            Collections.addAll(ret, dir.listFiles());

            Collections.addAll(ret, dir.listFiles());

        }

        }

        // For IoT devices, we check the oem partition for default permissions for each app.

        if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {

            dir = new File(Environment.getOemDirectory(), "etc/default-permissions");

            if (dir.isDirectory() && dir.canRead()) {

                Collections.addAll(ret, dir.listFiles());

            }

        }

        return ret.isEmpty() ? null : ret.toArray(new File[0]);

        return ret.isEmpty() ? null : ret.toArray(new File[0]);

    }

    }