Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c56106a1 authored by Fyodor Kupolov's avatar Fyodor Kupolov
Browse files

Crash if not all privileged permissions are whitelisted 

Test: reboot device - no crashes
Test: Ran privapp_permissions.py for fugu/marlin/taimen
Bug: 64693550
Change-Id: I9522ccaa75858b9a3d153c95c529eff70cd13994
parent 9eb15556

data/etc/privapp-permissions-platform.xml

+3 −0
Original line number Diff line number Diff line
@@ -253,12 +253,14 @@ applications that come with the platform 
    </privapp-permissions>



    <privapp-permissions package="com.android.shell">

        <permission name="android.permission.ACCESS_LOWPAN_STATE"/>

        <permission name="android.permission.BACKUP"/>

        <permission name="android.permission.BATTERY_STATS"/>

        <permission name="android.permission.BIND_APPWIDGET"/>

        <permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE"/>

        <permission name="android.permission.CHANGE_CONFIGURATION"/>

        <permission name="android.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST" />

        <permission name="android.permission.CHANGE_LOWPAN_STATE"/>

        <permission name="android.permission.CHANGE_OVERLAY_PACKAGES"/>

        <permission name="android.permission.CLEAR_APP_CACHE"/>

        <permission name="android.permission.CONNECTIVITY_INTERNAL"/>
@@ -282,6 +284,7 @@ applications that come with the platform 
        <permission name="android.permission.MOVE_PACKAGE"/>

        <permission name="android.permission.PACKAGE_USAGE_STATS" />

        <permission name="android.permission.READ_FRAME_BUFFER"/>

        <permission name="android.permission.READ_LOWPAN_CREDENTIAL"/>

        <permission name="android.permission.REAL_GET_TASKS"/>

        <permission name="android.permission.REGISTER_CALL_PROVIDER"/>

        <permission name="android.permission.REGISTER_CONNECTION_MANAGER"/>

services/core/java/com/android/server/pm/PackageManagerService.java

+1 −2
Original line number Diff line number Diff line
@@ -21289,9 +21289,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); 
        reconcileApps(StorageManager.UUID_PRIVATE_INTERNAL);















        if (mPrivappPermissionsViolations != null) {













            Slog.wtf(TAG,"Signature|privileged permissions not in "













            throw new IllegalStateException("Signature|privileged permissions not in "















                    + "privapp-permissions whitelist: " + mPrivappPermissionsViolations);













            mPrivappPermissionsViolations = null;















        }















    }







































services/java/com/android/server/SystemServer.java



+1
−5




























Original line number
Diff line number
Diff line








@@ -1640,11 +1640,7 @@ public final class SystemServer {













        traceEnd();































        traceBeginAndSlog("MakePackageManagerServiceReady");













        try {















        mPackageManagerService.systemReady();













        } catch (Throwable e) {













            reportWtf("making Package Manager Service ready", e);













        }















        traceEnd();































        traceBeginAndSlog("MakeDisplayManagerServiceReady");