Only log a warning if it's an actual violation (f5e600d0) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+9 −7

Original line number	Diff line number	Diff line
		@@ -996,8 +996,6 @@ public class PermissionManagerService {
		if (!privappPermissionsDisable && privilegedPermission && pkg.isPrivileged()
		&& !platformPackage && platformPermission) {
		if (!hasPrivappWhitelistEntry(perm, pkg)) {
		Slog.w(TAG, "Privileged permission " + perm + " for package "
		+ pkg.packageName + " - not in privapp-permissions whitelist");
		// Only report violations for apps on system image
		if (!mSystemReady && !pkg.isUpdatedSystemApp()) {
		// it's only a reportable violation if the permission isn't explicitly denied
		@@ -1005,12 +1003,16 @@ public class PermissionManagerService {
		.getPrivAppDenyPermissions(pkg.packageName);
		final boolean permissionViolation =
		deniedPermissions == null \|\| !deniedPermissions.contains(perm);
		if (permissionViolation
		&& RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
		if (permissionViolation) {
		Slog.w(TAG, "Privileged permission " + perm + " for package "
		+ pkg.packageName + " - not in privapp-permissions whitelist");

		if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
		if (mPrivappPermissionsViolations == null) {
		mPrivappPermissionsViolations = new ArraySet<>();
		}
		mPrivappPermissionsViolations.add(pkg.packageName + ": " + perm);
		}
		} else {
		return false;
		}