Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e899d8d4 authored by Svet Ganov's avatar Svet Ganov
Browse files

Grant only requested permissions not the whole group. 

The policy for an app requesting permissions is that only the requested permissions
are granted not the whole groups to which these permissions belong. There was a
regression where we granted the whole group not only the requested permissions. If
an app has a permission in a group already granted, now per policy a subsequent
request from the same group is followed by an auto grant.

bug:23370436

Change-Id: Icce6377d60187f6f153d10d646cd8c9878dd6fab
parent a9ec5bcd

src/com/android/packageinstaller/permission/model/AppPermissionGroup.java

+22 −3
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ import android.os.Build; 
import android.os.UserHandle;

import android.util.ArrayMap;



import com.android.internal.util.ArrayUtils;

import com.android.packageinstaller.R;

import com.android.packageinstaller.permission.utils.LocationUtils;
@@ -264,13 +265,19 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> 
        return mPermissions.get(permission) != null;

    }



    public boolean areRuntimePermissionsGranted() {

    public boolean areRuntimePermissionsGranted(String[] filterPermissions) {

        if (LocationUtils.isLocked(mName, mPackageInfo.packageName)) {

            return LocationUtils.isLocationEnabled(mContext);

        }

        final int permissionCount = mPermissions.size();

        for (int i = 0; i < permissionCount; i++) {

            Permission permission = mPermissions.valueAt(i);



            if (filterPermissions != null && !ArrayUtils.contains(

                    filterPermissions, permission.getName())) {

                continue;

            }



            if (mAppSupportsRuntimePermissions) {

                if (permission.isGranted()) {

                    return true;
@@ -283,7 +290,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> 
        return false;

    }



    public boolean grantRuntimePermissions(boolean fixedByTheUser) {

    public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) {

        final boolean isSharedUser = mPackageInfo.sharedUserId != null;

        final int uid = mPackageInfo.applicationInfo.uid;
@@ -291,6 +298,12 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> 
        // permissions, otherwise we toggle the app op corresponding

        // to the permission if the permission is granted to the app.

        for (Permission permission : mPermissions.values()) {



            if (filterPermissions != null && !ArrayUtils.contains(

                    filterPermissions, permission.getName())) {

                continue;

            }



            if (mAppSupportsRuntimePermissions) {

                // Do not touch permissions fixed by the system.

                if (permission.isSystemFixed()) {
@@ -371,7 +384,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> 
        return true;

    }



    public boolean revokeRuntimePermissions(boolean fixedByTheUser) {

    public boolean revokeRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) {

        final boolean isSharedUser = mPackageInfo.sharedUserId != null;

        final int uid = mPackageInfo.applicationInfo.uid;
@@ -379,6 +392,12 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> 
        // permissions, otherwise we toggle the app op corresponding

        // to the permission if the permission is granted to the app.

        for (Permission permission : mPermissions.values()) {



            if (filterPermissions != null && !ArrayUtils.contains(

                    filterPermissions, permission.getName())) {

                continue;

            }



            if (mAppSupportsRuntimePermissions) {

                // Do not touch permissions fixed by the system.

                if (permission.isSystemFixed()) {

src/com/android/packageinstaller/permission/model/PermissionApps.java

+3 −3
Original line number Diff line number Diff line
@@ -313,15 +313,15 @@ public class PermissionApps { 
        }



        public boolean areRuntimePermissionsGranted() {

            return mAppPermissionGroup.areRuntimePermissionsGranted();

            return mAppPermissionGroup.areRuntimePermissionsGranted(null);

        }



        public void grantRuntimePermissions() {

            mAppPermissionGroup.grantRuntimePermissions(false);

            mAppPermissionGroup.grantRuntimePermissions(false, null);

        }



        public void revokeRuntimePermissions() {

            mAppPermissionGroup.revokeRuntimePermissions(false);

            mAppPermissionGroup.revokeRuntimePermissions(false, null);

        }



        public boolean isPolicyFixed() {

src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java

+1 −1
Original line number Diff line number Diff line
@@ -77,7 +77,7 @@ public class PermissionStatusReceiver extends BroadcastReceiver { 
            for (AppPermissionGroup group : appPermissions.getPermissionGroups()) {

                if (Utils.shouldShowPermission(group)) {

                    totalCount++;

                    if (group.areRuntimePermissionsGranted()) {

                    if (group.areRuntimePermissionsGranted(null)) {

                        grantedCount++;



                        if (Utils.OS_PKG.equals(group.getDeclaringPackage())) {

src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java

+5 −5
Original line number Diff line number Diff line
@@ -224,7 +224,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader 
            }

            preference.setPersistent(false);

            preference.setEnabled(!group.isPolicyFixed());

            preference.setChecked(group.areRuntimePermissionsGranted());

            preference.setChecked(group.areRuntimePermissionsGranted(null));



            if (isPlatform) {

                screen.addPreference(preference);
@@ -281,7 +281,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader 
            return false;

        }

        if (newValue == Boolean.TRUE) {

            group.grantRuntimePermissions(false);

            group.grantRuntimePermissions(false, null);

        } else {

            final boolean grantedByDefault = group.hasGrantedByDefaultPermission();

            if (grantedByDefault || (!group.hasRuntimePermission() && !mHasConfirmedRevoke)) {
@@ -294,7 +294,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader 
                            @Override

                            public void onClick(DialogInterface dialog, int which) {

                                ((SwitchPreference) preference).setChecked(false);

                                group.revokeRuntimePermissions(false);

                                group.revokeRuntimePermissions(false, null);

                                if (!grantedByDefault) {

                                    mHasConfirmedRevoke = true;

                                }
@@ -303,7 +303,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader 
                        .show();

                return false;

            } else {

                group.revokeRuntimePermissions(false);

                group.revokeRuntimePermissions(false, null);

            }

        }
@@ -351,7 +351,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader 
                SwitchPreference switchPref = (SwitchPreference) preference;

                AppPermissionGroup group = mAppPermissions.getPermissionGroup(switchPref.getKey());

                if (group != null) {

                    switchPref.setChecked(group.areRuntimePermissionsGranted());

                    switchPref.setChecked(group.areRuntimePermissionsGranted(null));

                }

            }

        }

src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java

+16 −7
Original line number Diff line number Diff line
@@ -118,21 +118,30 @@ public class GrantPermissionsActivity extends OverlayTouchActivity 
            if (!group.isUserFixed() && !group.isPolicyFixed()) {

                switch (permissionPolicy) {

                    case DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT: {

                        if (!group.areRuntimePermissionsGranted()) {

                            group.grantRuntimePermissions(false);

                        if (!group.areRuntimePermissionsGranted(mRequestedPermissions)) {

                            group.grantRuntimePermissions(false, mRequestedPermissions);

                            group.setPolicyFixed();

                        }

                    } break;



                    case DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY: {

                        if (!group.areRuntimePermissionsGranted()) {

                            group.revokeRuntimePermissions(false);

                        if (group.areRuntimePermissionsGranted(mRequestedPermissions)) {

                            group.revokeRuntimePermissions(false, mRequestedPermissions);

                            group.setPolicyFixed();

                        }

                    } break;



                    default: {

                        mRequestGrantPermissionGroups.put(group.getName(), new GroupState(group));

                        if (group.areRuntimePermissionsGranted(null)

                                && !group.areRuntimePermissionsGranted(mRequestedPermissions)) {

                            // If the group is granted but requested permissions

                            // in it not we auto grant the these permissions.

                            group.grantRuntimePermissions(group.isUserFixed(),

                                    mRequestedPermissions);

                        } else {

                            mRequestGrantPermissionGroups.put(group.getName(),

                                    new GroupState(group));

                        }

                    } break;

                }

            } else {
@@ -226,10 +235,10 @@ public class GrantPermissionsActivity extends OverlayTouchActivity 
        GroupState groupState = mRequestGrantPermissionGroups.get(name);

        if (groupState.mGroup != null) {

            if (granted) {

                groupState.mGroup.grantRuntimePermissions(doNotAskAgain);

                groupState.mGroup.grantRuntimePermissions(doNotAskAgain, mRequestedPermissions);

                groupState.mState = GroupState.STATE_ALLOWED;

            } else {

                groupState.mGroup.revokeRuntimePermissions(doNotAskAgain);

                groupState.mGroup.revokeRuntimePermissions(doNotAskAgain, mRequestedPermissions);

                groupState.mState = GroupState.STATE_DENIED;

            }

            updateGrantResults(groupState.mGroup);