Loading services/core/java/com/android/server/pm/PackageManagerService.java +19 −4 Original line number Diff line number Diff line Loading @@ -13025,6 +13025,23 @@ public class PackageManagerService extends IPackageManager.Stub return allowed; } /** * Determines whether a package is whitelisted for a particular privapp permission. * * <p>Does NOT check whether the package is a privapp, just whether it's whitelisted. * * <p>This handles parent/child apps. */ private boolean hasPrivappWhitelistEntry(String perm, PackageParser.Package pkg) { ArraySet<String> wlPermissions = SystemConfig.getInstance() .getPrivAppPermissions(pkg.packageName); // Let's check if this package is whitelisted... boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm); // If it's not, we'll also tail-recurse to the parent. return whitelisted || pkg.parentPackage != null && hasPrivappWhitelistEntry(perm, pkg.parentPackage); } private boolean grantSignaturePermission(String perm, PackageParser.Package pkg, BasePermission bp, PermissionsState origPermissions) { boolean privilegedPermission = (bp.protectionLevel Loading @@ -13035,10 +13052,7 @@ public class PackageManagerService extends IPackageManager.Stub boolean platformPackage = PLATFORM_PACKAGE_NAME.equals(pkg.packageName); if (!privappPermissionsDisable && privilegedPermission && pkg.isPrivilegedApp() && !platformPackage && platformPermission) { ArraySet<String> wlPermissions = SystemConfig.getInstance() .getPrivAppPermissions(pkg.packageName); boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm); if (!whitelisted) { if (!hasPrivappWhitelistEntry(perm, pkg)) { Slog.w(TAG, "Privileged permission " + perm + " for package " + pkg.packageName + " - not in privapp-permissions whitelist"); // Only report violations for apps on system image Loading Loading @@ -13080,6 +13094,7 @@ public class PackageManagerService extends IPackageManager.Stub // now get the new permission if the ancestral apk is // privileged to get it. if (sysPs != null && sysPs.pkg != null && sysPs.isPrivileged()) { // TODO(gboyer): This is the same as isPackageRequestingPermission(). for (int j = 0; j < sysPs.pkg.requestedPermissions.size(); j++) { if (perm.equals(sysPs.pkg.requestedPermissions.get(j))) { allowed = true; Loading
services/core/java/com/android/server/pm/PackageManagerService.java +19 −4 Original line number Diff line number Diff line Loading @@ -13025,6 +13025,23 @@ public class PackageManagerService extends IPackageManager.Stub return allowed; } /** * Determines whether a package is whitelisted for a particular privapp permission. * * <p>Does NOT check whether the package is a privapp, just whether it's whitelisted. * * <p>This handles parent/child apps. */ private boolean hasPrivappWhitelistEntry(String perm, PackageParser.Package pkg) { ArraySet<String> wlPermissions = SystemConfig.getInstance() .getPrivAppPermissions(pkg.packageName); // Let's check if this package is whitelisted... boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm); // If it's not, we'll also tail-recurse to the parent. return whitelisted || pkg.parentPackage != null && hasPrivappWhitelistEntry(perm, pkg.parentPackage); } private boolean grantSignaturePermission(String perm, PackageParser.Package pkg, BasePermission bp, PermissionsState origPermissions) { boolean privilegedPermission = (bp.protectionLevel Loading @@ -13035,10 +13052,7 @@ public class PackageManagerService extends IPackageManager.Stub boolean platformPackage = PLATFORM_PACKAGE_NAME.equals(pkg.packageName); if (!privappPermissionsDisable && privilegedPermission && pkg.isPrivilegedApp() && !platformPackage && platformPermission) { ArraySet<String> wlPermissions = SystemConfig.getInstance() .getPrivAppPermissions(pkg.packageName); boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm); if (!whitelisted) { if (!hasPrivappWhitelistEntry(perm, pkg)) { Slog.w(TAG, "Privileged permission " + perm + " for package " + pkg.packageName + " - not in privapp-permissions whitelist"); // Only report violations for apps on system image Loading Loading @@ -13080,6 +13094,7 @@ public class PackageManagerService extends IPackageManager.Stub // now get the new permission if the ancestral apk is // privileged to get it. if (sysPs != null && sysPs.pkg != null && sysPs.isPrivileged()) { // TODO(gboyer): This is the same as isPackageRequestingPermission(). for (int j = 0; j < sysPs.pkg.requestedPermissions.size(); j++) { if (perm.equals(sysPs.pkg.requestedPermissions.get(j))) { allowed = true;
