Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit acce1d78 authored by Philip P. Moltmann's avatar Philip P. Moltmann
Browse files

Re-grandfather storage perms 

Apprantly some dogfooders got storage permissions that were not
whitelisted. This should have never happened.

Non-whitelisted permission on pre-Q app now means that the pemission is
not grantable anymore, hence the effect of this state is much more
severe than before.

Hence force grandfathering at this time to make sure everybody is back
in a good state.

Fixes: 134508486
Test: Installed P -> Installed Whatsapp -> Granted storage perm -> Upgraded
to Q -> Checked that storage perm is grandfathered.
Change-Id: Iaa667644d6c3ae8db234b96143b67dcd33b773df
parent d7e985e1

src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java

+27 −22
Original line number Diff line number Diff line
@@ -38,7 +38,7 @@ class RuntimePermissionsUpgradeController { 
    private static final String LOG_TAG = RuntimePermissionsUpgradeController.class.getSimpleName();



    // The latest version of the runtime permissions database

    private static final int LATEST_VERSION = 5;

    private static final int LATEST_VERSION = 6;



    private RuntimePermissionsUpgradeController() {

        /* do nothing - hide constructor */
@@ -121,27 +121,7 @@ class RuntimePermissionsUpgradeController { 
        }



        if (currentVersion == 2) {

            Log.i(LOG_TAG, "Grandfathering Storage permissions");



            final List<String> storagePermissions = Utils.getPlatformPermissionNamesOfGroup(

                    Manifest.permission_group.STORAGE);



            for (int i = 0; i < appCount; i++) {

                final PackageInfo app = apps.get(i);

                if (app.requestedPermissions == null) {

                    continue;

                }



                // We don't want to allow modification of storage post install, so put it

                // on the internal system whitelist to prevent the installer changing it.

                for (String requestedPermission : app.requestedPermissions) {

                    if (storagePermissions.contains(requestedPermission)) {

                        context.getPackageManager().addWhitelistedRestrictedPermission(

                                app.packageName, requestedPermission,

                                PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE);

                    }

                }

            }

            // moved to step 5->6 to clean up broken permission state during dogfooding

            currentVersion = 3;

        }
@@ -206,6 +186,31 @@ class RuntimePermissionsUpgradeController { 
            currentVersion = 5;

        }



        if (currentVersion == 5) {

            Log.i(LOG_TAG, "Grandfathering Storage permissions");



            final List<String> storagePermissions = Utils.getPlatformPermissionNamesOfGroup(

                    Manifest.permission_group.STORAGE);



            for (int i = 0; i < appCount; i++) {

                final PackageInfo app = apps.get(i);

                if (app.requestedPermissions == null) {

                    continue;

                }



                // We don't want to allow modification of storage post install, so put it

                // on the internal system whitelist to prevent the installer changing it.

                for (String requestedPermission : app.requestedPermissions) {

                    if (storagePermissions.contains(requestedPermission)) {

                        context.getPackageManager().addWhitelistedRestrictedPermission(

                                app.packageName, requestedPermission,

                                PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE);

                    }

                }

            }

            currentVersion = 6;

        }



        // XXX: Add new upgrade steps above this point.



        return currentVersion;