Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f41e51d1 authored by Garrett Boyer's avatar Garrett Boyer
Browse files

Privapp permissions inheritance. 

Make child apps inherit privapp permission whitelist entries of the
parent.

Test: Ran gmscore with multi-uid enabled, expected behavior.

Change-Id: I703e0ef4bc45558fd617c118300904614c9db933
parent aa6ee67d

services/core/java/com/android/server/pm/PackageManagerService.java

+19 −4
Original line number Diff line number Diff line
@@ -13025,6 +13025,23 @@ public class PackageManagerService extends IPackageManager.Stub 
        return allowed;

    }













    /**













     * Determines whether a package is whitelisted for a particular privapp permission.













     *













     * <p>Does NOT check whether the package is a privapp, just whether it's whitelisted.













     *













     * <p>This handles parent/child apps.













     */













    private boolean hasPrivappWhitelistEntry(String perm, PackageParser.Package pkg) {













        ArraySet<String> wlPermissions = SystemConfig.getInstance()













                .getPrivAppPermissions(pkg.packageName);













        // Let's check if this package is whitelisted...













        boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm);













        // If it's not, we'll also tail-recurse to the parent.













        return whitelisted ||













                pkg.parentPackage != null && hasPrivappWhitelistEntry(perm, pkg.parentPackage);













    }



























    private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,















            BasePermission bp, PermissionsState origPermissions) {















        boolean privilegedPermission = (bp.protectionLevel









@@ -13035,10 +13052,7 @@ public class PackageManagerService extends IPackageManager.Stub













        boolean platformPackage = PLATFORM_PACKAGE_NAME.equals(pkg.packageName);















        if (!privappPermissionsDisable && privilegedPermission && pkg.isPrivilegedApp()















                && !platformPackage && platformPermission) {













            ArraySet<String> wlPermissions = SystemConfig.getInstance()













                    .getPrivAppPermissions(pkg.packageName);













            boolean whitelisted = wlPermissions != null && wlPermissions.contains(perm);













            if (!whitelisted) {













            if (!hasPrivappWhitelistEntry(perm, pkg)) {















                Slog.w(TAG, "Privileged permission " + perm + " for package "















                        + pkg.packageName + " - not in privapp-permissions whitelist");















                // Only report violations for apps on system image










@@ -13080,6 +13094,7 @@ public class PackageManagerService extends IPackageManager.Stub













                        // now get the new permission if the ancestral apk is















                        // privileged to get it.















                        if (sysPs != null && sysPs.pkg != null && sysPs.isPrivileged()) {













                            // TODO(gboyer): This is the same as isPackageRequestingPermission().















                            for (int j = 0; j < sysPs.pkg.requestedPermissions.size(); j++) {















                                if (perm.equals(sysPs.pkg.requestedPermissions.get(j))) {















                                    allowed = true;