Fix privapp permission allowlisting.
The refactoring in S unintendedly introduced a change that allowed signature|privileged to be granted to platform-signed privileged apps without being in the allowlist XML, so we should revert to the old behavior. The refactoring was done in the hope that we can have one step that handles privileged permission granting. However upon retrospection, we have to do this in two separate steps because the privapp permission allowlist should always be enforced first. This change reverts to the old behavior by looking at both the current code and the R source code, then extracts the privapp permission enforcement as a separate step that happens first, to be used by both signature and the new internal permission protection. Also simplified the check about privileged permission, because vendor privileged permission is always a privileged permission, as made sure in PermissionInfo.fixProtectionLevel(). In the mean time, added the missing privapp permission allowlist entry for Settings and RESTART_WIFI_SUBSYSTEM for device to boot. Fixes: 179309876 Test: manual Change-Id: I93cfe7a4621fc5ac65229d42c7a8ebd825ae8ae5
Loading
Please register or sign in to comment
