Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e2e6e67b authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Preserve certain "Nearby devices" implicit grants. 

We're willing to preserve an implicit "Nearby devices" permission
grant if this app was already able to interact with nearby devices
via background location access.

If the app doesn't have background location access, then the implicit
"Nearby devices" grant will be revoked as normal.  If the "Nearby
devices" permission had already been revoked through some other
means, it will remain revoked.

Bug: 195931693
Test: atest CtsPermission2TestCases CtsPermission3TestCases
Change-Id: I7d8df91954525da6473f70cb1759d9507e6a5606
parent 5f51b922

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+21 −3
Original line number Original line Diff line number Diff line
@@ -217,6 +217,8 @@ public class PermissionManagerService extends IPermissionManager.Stub { 




    /** All storage permissions */

    /** All storage permissions */

    private static final List<String> STORAGE_PERMISSIONS = new ArrayList<>();

    private static final List<String> STORAGE_PERMISSIONS = new ArrayList<>();

    /** All nearby devices permissions */

    private static final List<String> NEARBY_DEVICES_PERMISSIONS = new ArrayList<>();





    /** If the permission of the value is granted, so is the key */

    /** If the permission of the value is granted, so is the key */

    private static final Map<String, String> FULLER_PERMISSION_MAP = new HashMap<>();

    private static final Map<String, String> FULLER_PERMISSION_MAP = new HashMap<>();
@@ -233,6 +235,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
        STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);

        STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);

        STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);

        STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);

        STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);

        STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);

        NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_ADVERTISE);

        NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_CONNECT);

        NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_SCAN);

    }

    }





    /** Set of source package names for Privileged Permission Allowlist */

    /** Set of source package names for Privileged Permission Allowlist */
@@ -3076,13 +3081,26 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                Permission bp = mRegistry.getPermission(permission);

                Permission bp = mRegistry.getPermission(permission);

                if (bp != null && bp.isRuntime()) {

                if (bp != null && bp.isRuntime()) {

                    int flags = ps.getPermissionFlags(permission);

                    int flags = ps.getPermissionFlags(permission);



                    if ((flags & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0) {

                    if ((flags & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0) {



                        int flagsToRemove = FLAG_PERMISSION_REVOKE_WHEN_REQUESTED;

                        int flagsToRemove = FLAG_PERMISSION_REVOKE_WHEN_REQUESTED;





                        // We're willing to preserve an implicit "Nearby devices"

                        // permission grant if this app was already able to interact

                        // with nearby devices via background location access

                        boolean preserveGrant = false;

                        if (ArrayUtils.contains(NEARBY_DEVICES_PERMISSIONS, permission)

                                && ps.isPermissionGranted(

                                        android.Manifest.permission.ACCESS_BACKGROUND_LOCATION)

                                && (ps.getPermissionFlags(

                                        android.Manifest.permission.ACCESS_BACKGROUND_LOCATION)

                                        & (FLAG_PERMISSION_REVOKE_WHEN_REQUESTED

                                                | FLAG_PERMISSION_REVOKED_COMPAT)) == 0) {

                            preserveGrant = true;

                        }



                        if ((flags & BLOCKING_PERMISSION_FLAGS) == 0

                        if ((flags & BLOCKING_PERMISSION_FLAGS) == 0

                                && supportsRuntimePermissions) {

                                && supportsRuntimePermissions

                                && !preserveGrant) {

                            if (ps.revokePermission(bp)) {

                            if (ps.revokePermission(bp)) {

                                if (DEBUG_PERMISSIONS) {

                                if (DEBUG_PERMISSIONS) {

                                    Slog.i(TAG, "Revoking runtime permission "

                                    Slog.i(TAG, "Revoking runtime permission "