Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e191ca0a authored by Hai Zhang's avatar Hai Zhang
Browse files

Filter package visibility in checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission(). 

Bug: 186404356
Test: manual
Change-Id: I2b7afbba024d27fd1cb3e21a4b5abcd1d212eada
parent 5ee1270c

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+11 −0
Original line number Original line Diff line number Diff line
@@ -1152,6 +1152,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 




    private boolean checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission(

    private boolean checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission(

            @NonNull String permName) {

            @NonNull String permName) {

        final String permissionPackageName;

        final boolean isImmutablyRestrictedPermission;

        final boolean isImmutablyRestrictedPermission;

        synchronized (mLock) {

        synchronized (mLock) {

            final Permission bp = mRegistry.getPermission(permName);

            final Permission bp = mRegistry.getPermission(permName);
@@ -1159,15 +1160,25 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                Slog.w(TAG, "No such permissions: " + permName);

                Slog.w(TAG, "No such permissions: " + permName);

                return false;

                return false;

            }

            }

            permissionPackageName = bp.getPackageName();

            isImmutablyRestrictedPermission = bp.isHardOrSoftRestricted()

            isImmutablyRestrictedPermission = bp.isHardOrSoftRestricted()

                    && bp.isImmutablyRestricted();

                    && bp.isImmutablyRestricted();

        }

        }



        final int callingUid = getCallingUid();

        final int callingUserId = UserHandle.getUserId(callingUid);

        if (mPackageManagerInt.filterAppAccess(permissionPackageName, callingUid, callingUserId)) {

            EventLog.writeEvent(0x534e4554, "186404356", callingUid, permName);

            return false;

        }



        if (isImmutablyRestrictedPermission && mContext.checkCallingOrSelfPermission(

        if (isImmutablyRestrictedPermission && mContext.checkCallingOrSelfPermission(

                Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS)

                Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS)

                != PackageManager.PERMISSION_GRANTED) {

                != PackageManager.PERMISSION_GRANTED) {

            throw new SecurityException("Cannot modify allowlisting of an immutably "

            throw new SecurityException("Cannot modify allowlisting of an immutably "

                    + "restricted permission: " + permName);

                    + "restricted permission: " + permName);

        }

        }



        return true;

        return true;

    }

    }