Enforce ADJUST_RUNTIME_PERMISSIONS_POLICY (fd6643e3) · Commits · e / os / android_frameworks_base

core/api/test-current.txt

+4 −1

Original line number	Diff line number	Diff line
		@@ -4,6 +4,7 @@ package android {
		public static final class Manifest.permission {
		field public static final String ACCESS_NOTIFICATIONS = "android.permission.ACCESS_NOTIFICATIONS";
		field public static final String ACTIVITY_EMBEDDING = "android.permission.ACTIVITY_EMBEDDING";
		field public static final String ADJUST_RUNTIME_PERMISSIONS_POLICY = "android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY";
		field public static final String APPROVE_INCIDENT_REPORTS = "android.permission.APPROVE_INCIDENT_REPORTS";
		field public static final String BACKGROUND_CAMERA = "android.permission.BACKGROUND_CAMERA";
		field public static final String BIND_CELL_BROADCAST_SERVICE = "android.permission.BIND_CELL_BROADCAST_SERVICE";
		@@ -17,11 +18,13 @@ package android {
		field public static final String CONTROL_DEVICE_STATE = "android.permission.CONTROL_DEVICE_STATE";
		field public static final String FORCE_DEVICE_POLICY_MANAGER_LOGS = "android.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS";
		field public static final String FORCE_STOP_PACKAGES = "android.permission.FORCE_STOP_PACKAGES";
		field public static final String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";
		field public static final String INSTALL_TEST_ONLY_PACKAGE = "android.permission.INSTALL_TEST_ONLY_PACKAGE";
		field public static final String KEEP_UNINSTALLED_PACKAGES = "android.permission.KEEP_UNINSTALLED_PACKAGES";
		field public static final String MAKE_UID_VISIBLE = "android.permission.MAKE_UID_VISIBLE";
		field @Deprecated public static final String MANAGE_ACTIVITY_STACKS = "android.permission.MANAGE_ACTIVITY_STACKS";
		field public static final String MANAGE_ACTIVITY_TASKS = "android.permission.MANAGE_ACTIVITY_TASKS";
		field public static final String MANAGE_APP_OPS_MODES = "android.permission.MANAGE_APP_OPS_MODES";
		field public static final String MANAGE_CRATES = "android.permission.MANAGE_CRATES";
		field public static final String MANAGE_NOTIFICATION_LISTENERS = "android.permission.MANAGE_NOTIFICATION_LISTENERS";
		field public static final String MANAGE_ROLLBACKS = "android.permission.MANAGE_ROLLBACKS";
		@@ -225,7 +228,7 @@ package android.app {
		method @RequiresPermission("android.permission.MANAGE_APPOPS") public void resetHistoryParameters();
		method @RequiresPermission("android.permission.MANAGE_APPOPS") public void resetPackageOpsNoHistory(@NonNull String);
		method @RequiresPermission("android.permission.MANAGE_APPOPS") public void setHistoryParameters(int, long, int);
		method @RequiresPermission("android.permission.MANAGE_APP_OPS_MODES") public void setMode(int, int, String, int);
		method @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES) public void setMode(int, int, String, int);
		method public static int strOpToOp(@NonNull String);
		field public static final int ATTRIBUTION_CHAIN_ID_NONE = -1; // 0xffffffff
		field public static final int ATTRIBUTION_FLAGS_NONE = 0; // 0x0

core/res/AndroidManifest.xml

+3 −3

Original line number	Diff line number	Diff line
		@@ -3928,7 +3928,7 @@
		<permission android:name="android.permission.MANAGE_APP_OPS_RESTRICTIONS"
		android:protectionLevel="signature\|installer" />

		<!-- Allows an application to update the user app op modes.
		<!-- @TestApi Allows an application to update the user app op modes.
		Not for use by third party apps.
		@hide -->
		<permission android:name="android.permission.MANAGE_APP_OPS_MODES"
		@@ -4732,7 +4732,7 @@
		<permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE"
		android:protectionLevel="signature\|privileged\|role" />

		<!-- @SystemApi Allows an application to grant specific permissions.
		<!-- @SystemApi @TestApi iAllows an application to grant specific permissions.
		@hide -->
		<permission android:name="android.permission.GRANT_RUNTIME_PERMISSIONS"
		android:protectionLevel="signature\|installer\|verifier" />
		@@ -4766,7 +4766,7 @@
		<permission android:name="android.permission.RESTORE_RUNTIME_PERMISSIONS"
		android:protectionLevel="signature" />

		<!-- @SystemApi Allows an application to change policy_fixed permissions.
		<!-- @SystemApi @TestApi Allows an application to change policy_fixed permissions.
		@hide -->
		<permission android:name="android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY"
		android:protectionLevel="signature\|installer" />

packages/Shell/AndroidManifest.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -708,6 +708,9 @@
		<!-- Permission required for CTS test - CtsWindowManagerDeviceTestCases-->
		<uses-permission android:name="android.permission.UPDATE_LOCK_TASK_PACKAGES" />

		<!-- Permission required for CTS test - ActivityPermissionRationaleTest -->
		<uses-permission android:name="android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY" />

		<application android:label="@string/app_label"
		android:theme="@android:style/Theme.DeviceDefault.DayNight"
		android:defaultToDeviceProtectedStorage="true"

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+14 −19

Original line number	Diff line number	Diff line
		@@ -738,8 +738,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		boolean overridePolicy = false;

		if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID) {
		final long callingIdentity = Binder.clearCallingIdentity();
		try {
		if ((flagMask & FLAG_PERMISSION_POLICY_FIXED) != 0) {
		if (checkAdjustPolicyFlagPermission) {
		mContext.enforceCallingOrSelfPermission(
		@@ -756,9 +754,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
		}
		overridePolicy = true;
		}
		} finally {
		Binder.restoreCallingIdentity(callingIdentity);
		}
		}

		updatePermissionFlagsInternal(